Bit-Parallel ECC Coprocessor resistant to Differential Power Analysis Attacks in GF(2m)

Document Type : Research Article


Departement of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran.


Elliptic curve cryptography (ECC) is one of the most popular public key systems in recent years due to its both high security and low resource consumption. Thus, ECC is more appropriate for Internet applications of Things, which are mainly involved with limited resources. However, non-invasive side channel attacks (SCAs) are considered as a major threat to ECC systems. In this paper, we design a processor for the ECC in the binary field, resistant to differential power attacks (DPA). The main operations in this architecture are randomized Montgomery multiplication and division units, which make it impossible to create DPAs by involving a random number in the calculation process. The goal is to accelerate the operation by opening the loops in the Montgomery randomized multiplication/division units, and accordingly, bit-parallel design instead of bit serial design. The results show that, despite the complexity of the logic in the two/three-bit processing versions, the speed is significantly improved by accepting a slight increasing in the area resource. Further, our design is flexible where in the top-level module, depending on the area-speed trade-off, a variety of multiplier and divisor units can be selected. The FPGA evaluations show that in terms of Time×Slice metric, the 2-bit divider/3-bit multiplier version of our architecture leads to 40% improvement over the best previous work. Further, by duplicating the divider and multiplier modules along the bit-parallel architecture this gain can reach to 50%. In terms of operation speed, our design versions are faster than previous work by a factor of 1.87 and 3.29. Furthermore, ASIC evaluations in term of Time×Area metric, indicate that deploying 2-bit multiplier leads to 19% gain relative to previous well-known work. Moreover, duplication of modules along with bit-paralleling amplifies the overall gain up to 36%.   


[1] A. H. Koblitz, N. Koblitz, and A. Menezes. Elliptic curve cryptography: The serpentine course of a paradigm shift. Journal of Number theory, 131(5):781--814, 2011. [ bib | DOI ]
[2] D. Hankerson, A. J. Menezes, and S. Vanstone. Guide to elliptic curve cryptography. Springer Science & Business Media, 2006. [ bib ]
[3] P. Choi, M. Lee, J. Kim, and D. Kim. Low-complexity elliptic curve cryptography processor based on configurable partial modular reduction over nist prime fields. IEEE Transactions on Circuits and Systems II: Express Briefs, 65(11):1703--1707, 2017. [ bib | DOI ]
[4] Z. Liu, X. Huang, Z. Hu, M. K. Khan, H. Seo, and L. Zhou. On emerging family of elliptic curves to secure internet of things: Ecc comes of age. IEEE Transactions on Dependable and Secure Computing, 14(3):237--248, 2016. [ bib | DOI ]
[5] P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual international cryptology conference, pages 388--397. Springer, 1999. [ bib | DOI ]
[6] E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leakage model. In International workshop on cryptographic hardware and embedded systems, pages 16--29. Springer, 2004. [ bib | DOI ]
[7] X. Fan, S. Peter, and M. Krstic. Gals design of ecc against side-channel attacks—a comparative study. In 2014 24th International Workshop on Power and Timing Modeling, Optimization and Simulation (PATMOS), pages 1--6. IEEE, 2014. [ bib | DOI ]
[8] P. C. Liu, H. C. Chang, and C. Y. Lee. A true random-based differential power analysis countermeasure circuit for an aes engine. IEEE Transactions on Circuits and Systems II: Express Briefs, 59(2):103 -- 107, 2012. [ bib | DOI ]
[9] M. Joye and C. Tymen. Protections against differential analysis for elliptic curve cryptography. In international workshop on cryptographic hardware and embedded systems, pages 377--390. Springer, 2001. [ bib | DOI ]
[10] J. Lee, J. Hsiao, H. Chang, and C. Lee. An efficient dpa countermeasure with randomized montgomery operations for df-ecc processor. IEEE Transactions on Circuits and Systems II: Express Briefs, 59(5):287 -- 291, 2012. [ bib | DOI ]
[11] K. Liao, X. Cui, N. Liao, T. Wang, D. Yu, and X. Cui. High-performance noninvasive side-channel attack resistant ecc coprocessor for gf (2m). IEEE Transactions on Industrial Electronics, 64(1):727 -- 738, 2016. [ bib | DOI ]
[12] Z. Khan and M. Benaissa. High speed and low latency ecc implementation over gf(2m) on fpga. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 25(1):165 -- 176, 2017. [ bib | DOI ]
[13] W. N. Chelton and M. Benaissa. Fast elliptic curve cryptography on fpga. IEEE transactions on very large scale integration (VLSI) systems, 16(2):198 -- 205, 2008. [ bib | DOI ]
[14] K. Liao, X. Cui, N. Liao, T. Wang, X. Zhang, Y. Huang, and D. Yu. High-speed constant-time division module for elliptic curve cryptography based on gf(2m). In 2014 IEEE International Symposium on Circuits and Systems (ISCAS), pages 818--821. IEEE, 2014. [ bib | DOI ]
[15] J. Lee, S. Chung, H. Chang, and C. Lee. An efficient countermeasure against correlation power-analysis attacks with randomized montgomery operations for df-ecc processor. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 548--564. Springer, 2012. [ bib | DOI ]
[16] J. Lee, Y. Chen, C. Tseng, H. Chang, and C. Lee. A 521-bit dual field elliptic curve cryptographic processor with power analysis resistance. In 2010 Proceedings of ESSCIRC, pages 206--209. IEEE, 2010. [ bib | DOI ]
[17] J. Lai and C. Huang. A highly efficient cipher processor for dual-field elliptic curve cryptography. IEEE Transactions on Circuits and Systems II: Express Briefs, 56(5):394 -- 398, 2009. [ bib | DOI ]