Implementation Issues
This chapter introduces some engineering aspects of implementing cryptographic solutions based on elliptic curves efficiently and securely in specific environments. The presentation will often be by selected examples, since the material is necessarily platform-specific and complicated by competing requirements, physical constraints and rapidly changing hardware, inelegant designs, and different objectives. The coverage is admittedly narrow. Our goal is to provide a glimpse of engineering considerations faced by software developers and hardware designers. The topics and examples chosen illustrate general principles or involve hardware or software in wide use.
Selected topics on efficient software implementation are presented in §5.1. Although the coverage is platform-specific (and hence also about hardware), much of the material has wider applicability. The section includes notes on use of floating-point and single-instruction multiple-data (vector) operations found on common workstations to speed field arithmetic. §5.2 provides an introduction to the hardware implementation of finite field and elliptic curve arithmetic. §5.3 on secure implementation introduces the broad area of side-channel attacks. Rather than a direct mathematical assault on security mechanisms, such attacks attempt to glean secrets from information leaked as a consequence of physical processes or implementation decisions, including power consumption, electromagnetic radiation, timing of operations, fault analysis, and analysis of error messages. In particular, simple and differential power analysis have been shown to be effective against devices such as smart cards where power consumption can be accurately monitored. For such devices, tamper-proof packaging may be ineffective (or at least expensive) for protecting embedded secrets. The section discusses some algorithmic countermeasures which can minimize or mitigate the effectiveness of side-channel attacks, typically at the cost of some efficiency.
