Fast software implementation of binary elliptic curve cryptography

Bluhm, Manuel; Gueron, Shay

doi:10.1007/s13389-015-0094-1

Cited by 19 publications

(23 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using a combination of C++ templates and code generation, we were able to write generic code to support many different configurations without sacrificing runtime performance; only for modular reduction was a custom implementation required for each supported field. We incorporated existing fast x86/x86-64 polynomial multiplication, squaring, and modular reduction routines for F 2 163 , F 2 193 , F 2 233 , F 2 239 , F 2 283 , F 2 409 , F 2 571 [33] and for F 2 127 [28]. We implemented field inversion using a polynomial-basis Itoh-Tsujii inversion method making use of multi-squaring tables [34,29,28,14].…”

Section: Methodsmentioning

confidence: 99%

“…As our test platforms we used an Intel Westmere i7-970 3.2 GHz CPU (with 12 MiB L3 cache) and an Intel Haswell i7-4790K 4.0 GHz CPU (with 8 MiB L3 cache). Both of these processors support the PCLMULQDQ instruction for carry-less multiplication, Westmere being the first Intel architecture to support it; on the much more recent Haswell architecture, where this instruction has significantly lower cost, alternative modular reduction routines based on it are used for F 2 163 , F 2 283 , and F 2 571 for a modest gain in performance [33]. Our implementation used a word size of W = 128 bits and a block size of B = 8 bits for all half trace and multi-squaring tables.…”

Section: Performance Measurementmentioning

confidence: 99%

See 1 more Smart Citation

Elliptic Curve Multiset Hash

Maitin-Shepard

Tibouchi

Aranha

2016

The Computer Journal

View full text Add to dashboard Cite

A homomorphic, or incremental, multiset hash function, associates a hash value to arbitrary collections of objects (with possible repetitions) in such a way that the hash of the union of two collections is easy to compute from the hashes of the two collections themselves: it is simply their sum under a suitable group operation. In particular, hash values of large collections can be computed incrementally and/or in parallel. Homomorphic hashing is thus a very useful primitive with applications ranging from database integrity verification to streaming set/multiset comparison and network coding.Unfortunately, constructions of homomorphic hash functions in the literature are hampered by two main drawbacks: they tend to be much longer than usual hash functions at the same security level (e.g. to achieve a collision resistance of 2 128 , they are several thousand bits long, as opposed to 256 bits for usual hash functions), and they are also quite slow.In this paper, we introduce the Elliptic Curve Multiset Hash (ECMH), which combines a usual bit string-valued hash function like BLAKE2 with an efficient encoding into binary elliptic curves to overcome both difficulties. On the one hand, the size of ECMH digests is essentially optimal: 2m-bit hash values provide O(2 m ) collision resistance. On the other hand, we demonstrate a highly-efficient software implementation of ECMH, which our thorough empirical evaluation shows to be capable of processing over 3 million set elements per second on a 4 GHz Intel Haswell machine at the 128-bit security levelmany times faster than previous practical methods.While incremental hashing based on elliptic curves has been considered previously [1], the proposed method was less efficient, susceptible to timing attacks, and potentially patent-encumbered [2], and no practical implementation was demonstrated.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Performance Measurementmentioning

confidence: 99%

Elliptic Curve Multiset Hash

Maitin-Shepard

Tibouchi

Aranha

2016

The Computer Journal

View full text Add to dashboard Cite

show abstract

“…Elliptic curve cryptography benefits from the pclmulqdq instruction [32,33,39]. Bluhm and Gueron pointed out that the benefits are increased on the Haswell microarchitecture due to the higher throughput and lower latency of the instruction [8].…”

Section: Related Workmentioning

confidence: 99%

Faster 64-bit universal hashing using carry-less multiplications

Lemire

Kaser

2015

J Cryptogr Eng

View full text Add to dashboard Cite

Intel and AMD support the Carry-less Multiplication (CLMUL) instruction set in their x64 processors. We use CLMUL to implement an almost universal 64-bit hash family (CLHASH). We compare this new family with what might be the fastest almost universal family on x64 processors (VHASH). We find that CLHASH is at least 60 % faster. We also compare CLHASH with a popular hash function designed for speed (Google's CityHash). We find that CLHASH is 40 % faster than CityHash on inputs larger than 64 bytes and just as fast otherwise.

show abstract

“…Thus, modular arithmetic operations should be well studied in order to find an efficient implementation, authors in [2] and [3] studied arithmetic operation over finite fields. Many software implementation was ben proposed [4,5,6]. In this paper, a software implementation of scalar multiplication over prime elliptic curves using GMP Library will be firstly presented, which is a portable library written in C, with some optimized routines written in assembly code, specialized for different processors, more information is given in [7].…”

Section: Introductionmentioning

confidence: 99%

Differential Fault Attacks and Countermeasures in Elliptic Curve Cryptography

Sghaier¹,

Zeghid²,

Machhout³

2016

IJCA

View full text Add to dashboard Cite

In asymetric cryptography, Elliptic Curve Cryptography (ECC) is the fastest in term of computation and the strongest in term of security. It can be used in message encryption/decryption, digital signature or key exchange. ECC can be implemented in hard over binary field GF (2 n ) or in soft over prime field GF (p). This paper presents an efficient software implementation of ECC scalar multiplication over prime field using GNU Multiple Precision (GMP) Library. The differential fault attacks (DFA) on the RSA cryptosystem can be extended to ECC one by inserting bit errors during computation. In this paper, a "No Correctness Check for Input Points" (NCCIP) attacks was applied and a countermeasures was given to protect ECC cryptosystem against it. Software implementation in C language, using GMP library, was simulated on Intel(R) Core(TM) i3 CPU M380 @ 2.87GHz(3 GB RAM, 32-bit architecture).

show abstract

Fast software implementation of binary elliptic curve cryptography

Cited by 19 publications

References 15 publications

Elliptic Curve Multiset Hash

Elliptic Curve Multiset Hash

Faster 64-bit universal hashing using carry-less multiplications

Differential Fault Attacks and Countermeasures in Elliptic Curve Cryptography

Contact Info

Product

Resources

About