Naoya Torii

Implementation of Elliptic Curve Cryptographic Coprocessor over GF(2m) on an FPGA

We describe the implementation of an elliptic curve cryptographic (ECC) coprocessor over GF(2m) on an FPGA and also the result of simulations evaluating its LSI implementation. This coprocessor is suitable for server systems that require efficient ECC operations for various parameters. For speeding-up an elliptic scalar multiplication, we developed a novel configuration of a multiplier over GF(2m), which enables the multiplication of any bit length by using our data conversion method. The FPGA implementation of the coprocessor with our multiplier, operating at 3 MHz, takes 80 ms for 163-bit elliptic scalar multiplication on a pesudo-random curve and takes 45 ms on a Koblitz curve. The 0.25 µm ASIC implementation of the coprocessor, operating at 66 MHz and having a hardware size of 165 Kgates, would take 1.1 ms for 163-bit elliptic scalar multiplication on a pesudo-random curve and would take 0.65 ms on a Koblitz curve.

Fast Implementation of Public-Key Cryptography ona DSP TMS320C6201

We propose new fast implementation method of public-key cryptography suitable for DSP. We improved modular multiplication and elliptic doubling to increase speed. For modular multiplication, we devised a new implementation method of Montgomery multiplication, which is suitable for pipeline processing. For elliptic doubling, we devised an improved computation for the number of multiplications and additions. We implemented RSA, DSA and ECDSA on the latest DSP (TMS320C6201, Texas Instruments), and achieved a performance of 11.7 msec for 1024- bit RSA signing, 14.5 msec for 1024-bit DSA verification and 3.97 msec for 160-bit ECDSA verification.

DPA Countermeasures by Improving the Window Method

We propose three differential power analysis (DPA) countermeasures for securing the public key cryptosystems. All countermeasures are based on the window method, and can be used in both RSA and elliptic curve cryptosystems (ECC). By using the optimal countermeasure, performance penalty is small. In comparison with k-ary method, computation time of our countermeasure is only 105% in 1024-bit RSA and 119% in 160-bit ECC.

The Block Cipher SC2000

In this paper, we propose a new symmetric key block cipher SC2000 with 128-bit block length and 128-,192-,256- bit key lengths. The block cipher is constructed by piling two layers: one is a Feistel structure layer and the other is an SPN structure layer. Each operation used in two layers is S-box or logical operation, which has been well studied about security. It is a strong feature of the cipher that the fast software implementations are available by using the techniques of putting together S-boxes in various ways and of the Bitslice implementation.

Design of high-speed and area-efficient Montgomery modular multiplier for RSA algorithm

High-speed and area-efficient Montgomery modular multipliers for RSA algorithm has been developed for digital signature and user authentication in high-speed network and smart card systems. Multiplier-accumulator (MAC) in the developed Montgomery modular multiplier has non-identical multiplicand/multiplier word length. This organization eliminates the bottleneck in memory bandwidth, and enables to use single-port memory for area and power reductions. The developed MAC is faster than the common word length organization due to short critical path. 5,000 digital signature productions/sec is obtained with a three-stage pipelined architecture in 0.18 /spl mu/m CMOS technology.

A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs

Physically unclonable functions (PUFs) are expected to provide a breakthrough in anti-counterfeiting devices for secure ID generation and authentication, etc. Factory-manufactured PUFs are generally more secure if the number of outputs (the variety of responses) is larger (e.g., a 256-bit full-entropy response is more secure than a 128-bit response). In Yamamoto et al. (J Cryptogr Eng 3(4):197–211, 2013), we presented a latch-based PUF structure, which enhances the variety of responses by utilizing the location information of the RS (Reset-Set) latches outputting random numbers. We confirmed the effectiveness of this method using two kinds of different Xilinx FPGA chips: Spartan-3E and Spartan-6. In this paper, we propose a novel method of further enhancing the variety of responses while maintaining the reliability of responses, i.e., consistency over repeated measurements. The core idea in this method is to effectively utilize the information on the proportion of ‘1’s in the random number sequence output by the RS latches. This proportion information is determined during the manufacturing process, making it relatively stable and reliable once PUFs are manufactured. We estimated the variety of responses generated by the PUFs to which the proposed method was applied. According to our experiment with 73 ASIC chips fabricated by a 0.18-

Evaluation of Latch-based Physical Random Number Generator Implementation on 40 nm ASICs

\upmu

A Spoofing Attack against a Cancelable Biometric Authentication Scheme

μm CMOS process, latch-based PUFs with 256 RS latches can improve the variety of responses to as much as