Laurent Imbert

Extended double-base number system with applications to elliptic curve cryptography

We investigate the impact of larger digit sets on the length of Double-Base Number system (DBNS) expansions. We present a new representation system called extended DBNS whose expansions can be extremely sparse. When compared with double-base chains, the average length of extended DBNS expansions of integers of size in the range 200–500 bits is approximately reduced by 20% using one precomputed point, 30% using two, and 38% using four. We also discuss a new approach to approximate an integer n by d2a3b where d belongs to a given digit set. This method, which requires some precomputations as well, leads to realistic DBNS implementations. Finally, a left-to-right scalar multiplication relying on extended DBNS is given. On an elliptic curve where operations are performed in Jacobian coordinates, improvements of up to 13% overall can be expected with this approach when compared to window NAF methods using the same number of precomputed points. In this context, it is therefore the fastest method known to date to compute a scalar multiplication on a generic elliptic curve.

Efficient and secure elliptic curve point multiplication using double-base chains

In this paper, we propose a efficient and secure point multiplication algorithm, based on double-base chains. This is achieved by taking advantage of the sparseness and the ternary nature of the so-called double-base number system (DBNS). The speed-ups are the results of fewer point additions and improved formulae for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential side-channel analysis by using side-channel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speed-ups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms.

Leak Resistant Arithmetic

In this paper we show how the usage of Residue Number Systems (RNS) can easily be turned into a natural defense against many side-channel attacks (SCA). We introduce a Leak Resistant Arithmetic (LRA), and present its capacities to defeat timing, power (SPA, DPA) and electromagnetic (EMA) attacks.

The double-base number system and its application to elliptic curve cryptography

We describe an algorithm for point multiplication on generic elliptic curves, based on a representation of the scalar as a sum of mixed powers of 2 and 3. The sparseness of this so-called double-base number system, combined with some efficient point tripling formulae, lead to efficient point multiplication algorithms for curves defined over both prime and binary fields. Side-channel resistance is provided thanks to side-channel atomicity.

Improving Goldschmidt division, square root, and square root reciprocal

The aim of this paper is to accelerate division, square root, and square root reciprocal computations when the Goldschmidt method is used on a pipelined multiplier. This is done by replacing the last iteration by the addition of a correcting term that can be looked up during the early iterations. We describe several variants of the Goldschmidt algorithm, assuming 4-cycle pipelined multiplier, and discuss obtained number of cycles and error achieved. Extensions to other than 4-cycle multipliers are given. If we call G/sub m/ the Goldschmidt algorithm with m iterations, our variants allow us to reach an accuracy that is between that of G/sub 3/ and that of G/sub 4/, with a number of cycle equal to that of G/sub 3/.

Multi-mode operator for SHA-2 hash functions

We propose an improved implementation of the SHA-2 hash family, with minimal operator latency and reduced hardware requirements. We also propose a high frequency version at the cost of only two cycles of latency per message. Finally we present a multi-mode architecture able to perform either a SHA-384 or SHA-512 hash or to behave as two independent SHA-224 or SHA-256 operators. Such capability adds increased flexibility for applications ranging from a server running multiple streams to independent pseudorandom number generation. We also demonstrate that our architecture achieves a performance comparable to separate implementations while requiring much less hardware.

On converting numbers to the double-base number system

This paper is an attempt to bring some theory on the top of some previously unproved experimental statements about the double-base number system (DBNS). We use results from diophantine approximation to address the problem of converting integers into DBNS. Although the material presented in this article is mainly theoretical, the proposed algorithm could lead to very efficient implementations.

Hybrid Binary-Ternary Number System for Elliptic Curve Cryptosystems

Single and double scalar multiplications are the most computational intensive operations in elliptic curve based cryptosystems. Improving the performance of these operations is generally achieved by means of integer recoding techniques, which aim at minimizing the scalars density of nonzero digits. The hybrid binary-ternary number system provides both short representations and small density. In this paper, we present three novel algorithms for both single and double scalar multiplication. We present a detailed theoretical analysis, together with timings and fair comparisons over both tripling-oriented Doche-Ichart-Kohel curves and generic Weierstrass curves. Our experiments show that our algorithms are almost always faster than their widely used counterparts.

Optimizing Elliptic Curve Scalar Multiplication for Small Scalars

On an elliptic curve, the multiplication of a point P by a scalar k is defined by a series of operations over the field of definition of the curve E, usually a finite field Fq. The computational cost of [k]P = P + P + ...+ P (k times) is therefore expressed as the number of field operations (additions, multiplications, inversions). Scalar multiplication is usually computed using variants of the binary algorithm (double-and-add, NAF, wNAF, etc). If s is a small integer, optimized formula for [s]P can be used within a s-ary algorithm or with double-base methods with bases 2 and s. Optimized formulas exists for very small scalars (s ≤ 5). However, the exponential growth of the number of field operations makes it a very difficult task when s > 5. We present a generic method to automate transformations of formulas for elliptic curves over prime fields in various systems of coordinates. Our method uses a directed acyclic graph structure to find possible common subexpressions appearing in the formula and several arithmetic transformations. It produces efficient formulas to compute [s]P for a large set of small scalars s. In particular, we present a faster formula for [5]P in Jacobian coordinates. Moreover, our program can produce code for various mathematical software (Magma) and libraries (PACE).

A fault-tolerant modulus replication complex FIR filter

In this paper we propose an architecture for the implementation of fault-tolerant computation for a high throughput multirate equalizer used in a 1 Gbps asymmetrical wireless LAN. Exploiting the algebraic structure of the modulus replication residue number system (MRRNS) minimizes the area overhead, and the area cost to correct a fault in a single computational channel is 82.7%. Generalized results for single error correction showing significant area savings are also presented.