M. Anwarul Hasan

High performance FPGA based elliptic curve cryptographic co-processor

A high performance elliptic curve coprocessor is developed, which is optimized for a binary field recommended by NIST. The architecture uses a field multiplier capable of performing a field multiplication over the extension field with degree 163 in 0.060 /spl mu/sec. The coprocessor uses Lopez and Dahabs projective coordinate system and is optimized specifically for Koblitz curves. An efficient implementation of Itoh and Tsujiis method for inversion with performance comparable to the extended Euclidean algorithm is used. A prototype of the processor has been implemented for the binary extension field with degree 163 on a Xilinx XCV2000E FPGA. The prototype runs at 66 MHz and performs an elliptic curve scalar multiplication in 0.233 msec on a generic curve and 0.075 msec on a Koblitz curve.

Hybrid Attribute- and Re-Encryption-Based Key Management for Secure and Scalable Mobile Applications in Clouds

Outsourcing data to the cloud are beneficial for reasons of economy, scalability, and accessibility, but significant technical challenges remain. Sensitive data stored in the cloud must be protected from being read in the clear by a cloud provider that is honest-but-curious. Additionally, cloud-based data are increasingly being accessed by resource-constrained mobile devices for which the processing and communication cost must be minimized. Novel modifications to attribute-based encryption are proposed to allow authorized users access to cloud data based on the satisfaction of required attributes such that the higher computational load from cryptographic operations is assigned to the cloud provider and the total communication cost is lowered for the mobile user. Furthermore, data re-encryption may be optionally performed by the cloud provider to reduce the expense of user revocation in a mobile user environment while preserving the privacy of user data stored in the cloud. The proposed protocol has been realized on commercially popular mobile and cloud platforms to demonstrate real-world benchmarks that show the efficacy of the scheme. A simulation calibrated with the benchmark results shows the scalability potential of the scheme in the context of a realistic workload in a mobile cloud computing system.

Error Detection in Polynomial Basis Multipliers over Binary Extension Fields

In many of cryptographic schemes, the most time consuming basic arithmetic operation is the finite field multiplication and its hardware implementation may require millions of logic gates. It is a complex and costly task to develop such large finite field multipliers which will always yield error free outputs. In this effect, this paper considers fault tolerant multiplication in finite fields. It deals with detection of errors of bit-parallel and bit-serial polynomial basis multipliers over finite fields of characteristic two. Our approach is to partition the multiplier structure into a number of smaller computational units and use the parity prediction technique to detect errors.

Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems

Because of their shorter key sizes, cryptosystems based on elliptic curves are being increasingly used in practical applications. A special class of elliptic curves, namely, Koblitz curves, offers an additional but crucial advantage of considerably reduced processing time. In this article, power analysis attacks are applied to cryptosystems that use scalar multiplication on Koblitz curves. Both the simple and the differential power analysis attacks are considered and a number of countermeasures are suggested. While the proposed countermeasures against the simple power analysis attacks rely on making the power consumption for the elliptic curve scalar multiplication independent of the secret key, those for the differential power analysis attacks depend on randomizing the secret key prior to each execution of the scalar multiplication.

Highly Regular Architectures for Finite Field Computation Using Redundant Basis

In this article, an extremely simple and highly regular architecture for finite field multiplier using redundant basis is presented, where redundant basis is a new basis taking advantage of the elegant multiplicative structure of the set of primitive nth roots of unity over F2 that forms a basis of F2m over F2. The architecture has an important feature of implementation complexity trade-off which enables the multiplier to be implemented in a partial parallel fashion. The squaring operation using the redundant basis is simply a permutation of the coefficients. We also show that with redundant basis the inversion problem is equivalent to solving a set of linear equations with a circulant matrix. The basis appear to be suitable for hardware implementation of elliptic curve cryptosystems.

Fast Normal Basis Multiplication Using General Purpose Processors

For cryptographic applications, normal bases have received considerable attention, especially for hardware implementation. In this article, we consider fast software algorithms for normal basis multiplication over the extended binary field GF(2m). We present a vector-level algorithm which essentially eliminates the bit-wise inner products needed in the conventional approach to the normal basis multiplication. We then present another algorithm which significantly reduces the dynamic instruction counts. Both algorithms utilize the full width of the datapath of the general purpose processor on which the software is to be executed. We also consider composite fields and present an algorithm which can provide further speed-up and an added flexibility toward hardwaresoftware co-design of processors for very large finite fields.

On Efficient Normal Basis Multiplication

In cryptographic applications, the use of normal bases to represent elements of the finite field GF(2m) is quite advantageous, especially for hardware implementation. In this article, we consider an important field operation, namely, multiplication which is used in many cryptographic functions. We present a class of algorithms for normal basis multiplication in GF(22m). Our proposed multiplication algorithm for composite finite fields requires significantly lower number of bit level operations and hence can reduce the space complexity of cryptographic systems when implemented in hardware.

On Low Complexity Bit Parallel Polynomial Basis Multipliers

Representing finite field elements with respect to the polynomial (or standard) basis, we consider a bit parallel multiplier architecture for the finite field GF(2 m ) . Time and space complexities of such a multiplier heavily depend on the field defining irreducible polynomials. Based on a number of important classes of irreducible polynomials, we give exact complexity analyses of the multiplier gate count and time delay. In general, our results match or outperform the previously known best results in similar classes. We also present exact formulations for the coordinates of the multiplier output. Such formulations are expected to be useful to efficiently implement the multiplier using hardware description languages, such as VHDL and Verilog, without having much knowledge of finite field arithmetic.

High-performance finite field multiplier for cryptographic applications

In FIPS 186-2, NIST recommends several finite fields to be used in the elliptic curve digital signature algorithm (ECDSA). Of the ten recommended finite fields, five are binary extension fields with degrees ranging from 163 to 571. The performance of the underlying field operations (i.e. addition and multiplication) directly affect the performance of the ECDSA algorithm. In this paper we discuss a high performance look-up table-based VLSI architecture which performs multiplication over a given finite field. First we present the architecture in a general form which can be implemented for any finite field and corresponding reduction polynomial. Following, we discuss a prototype implementation of the multiplier for the binary extension field with degree 163. The prototype is capable of performing a finite field multiplication in .06 microseconds when implemented on a Xilinx XCV2000E FPGA.

Cloud-hosted key sharing towards secure and scalable mobile applications in clouds

User data may be stored in a cloud to take advantage of its scalability, accessibility, and economics. However, data of a sensitive nature must be protected from being read in the clear by an untrusted cloud provider. It is also beneficial to provide finite time limits on access to the data by users. A key management scheme is proposed where encrypted key shares are stored in the cloud and automatically deleted based on passage of time or user activity. The accessibility of the data gradually expires and revocation occurs as a result of the loss of sufficient key shares. The process does not require additional coordination by the data owner, which is of advantage to a very large population of resource-constrained mobile users. The rate of expiration may be controlled through the initial allocation of shares and the heuristics for removal. Subscription to user data is maintained through regular re-generation of shares. A simulation of the scheme and also its implementation on commercial mobile and cloud platforms demonstrate its practical performance.