- •Guide to Elliptic Curve Cryptography
- •Contents
- •List of Algorithms
- •List of Tables
- •List of Figures
- •Acronyms
- •Preface
- •1 Introduction and Overview
- •1.1 Cryptography basics
- •1.2.3 Elliptic curve systems
- •1.3 Why elliptic curve cryptography?
- •1.4 Roadmap
- •2 Finite Field Arithmetic
- •2.2.1 Addition and subtraction
- •2.2.2 Integer multiplication
- •2.2.3 Integer squaring
- •2.2.4 Reduction
- •2.2.5 Inversion
- •2.3.1 Addition
- •2.3.2 Multiplication
- •2.3.3 Polynomial multiplication
- •2.3.4 Polynomial squaring
- •2.3.5 Reduction
- •2.4.1 Addition and subtraction
- •2.4.2 Multiplication and reduction
- •2.4.3 Inversion
- •3 Elliptic Curve Arithmetic
- •3.1 Introduction to elliptic curves
- •3.1.2 Group law
- •3.1.3 Group order
- •3.1.4 Group structure
- •3.2.1 Projective coordinates
- •3.3 Point multiplication
- •3.3.1 Unknown point
- •3.3.2 Fixed point
- •3.3.3 Multiple point multiplication
- •3.4 Koblitz curves
- •3.4.1 The Frobenius map and the ring Z[τ ]
- •3.4.2 Point multiplication
- •3.6 Point multiplication using halving
- •3.6.1 Point halving
- •3.6.3 Point multiplication
- •3.7 Point multiplication costs
- •4 Cryptographic Protocols
- •4.1 The elliptic curve discrete logarithm problem
- •4.2.3 Determining the number of points on an elliptic curve
- •4.4 Signature schemes
- •4.4.1 ECDSA
- •4.4.2 EC-KCDSA
- •4.5.1 ECIES
- •4.5.2 PSEC
- •4.6.1 Station-to-station
- •4.6.2 ECMQV
- •5 Implementation Issues
- •5.1 Software implementation
- •5.1.1 Integer arithmetic
- •5.1.5 Timings
- •5.2 Hardware implementation
- •5.3 Secure implementation
- •5.3.1 Power analysis attacks
- •5.3.2 Electromagnetic analysis attacks
- •5.3.4 Fault analysis attacks
- •5.3.5 Timing attacks
- •A.1 Irreducible polynomials
- •A.2 Elliptic curves
- •A.2.2 Random elliptic curves over F2m
- •A.2.3 Koblitz elliptic curves over F2m
- •C.1 General-purpose tools
- •C.2 Libraries
- •Bibliography
- •Index
CHAPTER 5
Implementation Issues
This chapter introduces some engineering aspects of implementing cryptographic solutions based on elliptic curves efficiently and securely in specific environments. The presentation will often be by selected examples, since the material is necessarily platform-specific and complicated by competing requirements, physical constraints and rapidly changing hardware, inelegant designs, and different objectives. The coverage is admittedly narrow. Our goal is to provide a glimpse of engineering considerations faced by software developers and hardware designers. The topics and examples chosen illustrate general principles or involve hardware or software in wide use.
Selected topics on efficient software implementation are presented in §5.1. Although the coverage is platform-specific (and hence also about hardware), much of the material has wider applicability. The section includes notes on use of floating-point and single-instruction multiple-data (vector) operations found on common workstations to speed field arithmetic. §5.2 provides an introduction to the hardware implementation of finite field and elliptic curve arithmetic. §5.3 on secure implementation introduces the broad area of side-channel attacks. Rather than a direct mathematical assault on security mechanisms, such attacks attempt to glean secrets from information leaked as a consequence of physical processes or implementation decisions, including power consumption, electromagnetic radiation, timing of operations, fault analysis, and analysis of error messages. In particular, simple and differential power analysis have been shown to be effective against devices such as smart cards where power consumption can be accurately monitored. For such devices, tamper-proof packaging may be ineffective (or at least expensive) for protecting embedded secrets. The section discusses some algorithmic countermeasures which can minimize or mitigate the effectiveness of side-channel attacks, typically at the cost of some efficiency.