[go: up one dir, main page]

US20070198824A1 - Cryptography system and elliptic curve operation method - Google Patents

Cryptography system and elliptic curve operation method Download PDF

Info

Publication number
US20070198824A1
US20070198824A1 US11/622,011 US62201107A US2007198824A1 US 20070198824 A1 US20070198824 A1 US 20070198824A1 US 62201107 A US62201107 A US 62201107A US 2007198824 A1 US2007198824 A1 US 2007198824A1
Authority
US
United States
Prior art keywords
operations
sequence
flow controller
shift
elliptic curve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/622,011
Inventor
Chia-Ping Chen
Ying-Che Hung
Li-Lien Lin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MediaTek Inc
Original Assignee
MediaTek Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MediaTek Inc filed Critical MediaTek Inc
Priority to US11/622,011 priority Critical patent/US20070198824A1/en
Assigned to MEDIATEK INC. reassignment MEDIATEK INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEN, CHIA PING, HUNG, YING-CHE, LIN, LI-LIEN
Publication of US20070198824A1 publication Critical patent/US20070198824A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C17/00Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards
    • G11C17/14Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM
    • G11C17/18Auxiliary circuits, e.g. for writing into memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/725Finite field arithmetic over elliptic curves
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C7/00Arrangements for writing information into, or reading information out from, a digital store
    • G11C7/24Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B2220/00Record carriers by type
    • G11B2220/20Disc-shaped record carriers
    • G11B2220/21Disc-shaped record carriers characterised in that the disc is of read-only, rewritable, or recordable type
    • G11B2220/213Read-only discs
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B2220/00Record carriers by type
    • G11B2220/20Disc-shaped record carriers
    • G11B2220/25Disc-shaped record carriers characterised in that the disc is based on a specific recording technology
    • G11B2220/2537Optical discs
    • G11B2220/2562DVDs [digital versatile discs]; Digital video discs; MMCDs; HDCDs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the invention relates to Elliptic Curve Cryptography (ECC), and in particular, to arithmetic circuits for EC operations.
  • ECC Elliptic Curve Cryptography
  • Elliptic Curve Cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.
  • the use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985 .
  • Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography, such as, for instance, Lenstra elliptic curve factorization, but this use of elliptic curves is not usually referred to as “elliptic curve cryptography.”
  • a finite field also referred to as a Galois field (GF) defines a field that contains only finitely many elements.
  • the GF is typically categorized into two types, a prime field GF(p) and a binary field GF(2 m ).
  • the prime field GF(p) is a finite field with p elements, usually labelled 0 , 1 , 2 , . . . p ⁇ 1, where arithmetic is performed with modulo p.
  • Most of the ECC schemes are related to the prime field GF(p).
  • ECDH Elliptic Curve Diffie-Hellman
  • EDSA Elliptic Curve Digital Signature Algorithm
  • ECMQV ECMQV key agreement scheme
  • An exemplary embodiment of a cryptographic system is disclosed to implement an Elliptic Curve operation method.
  • a memory stores a program and data.
  • a central processor unit (CPU) dispatches requests to the program.
  • the program is converted into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations.
  • a register pool stores program data associated with the substitution sequence.
  • An arithmetic logic unit (ALU) is controlled by the ASIC flow controller or the CPU to execute the substitution sequence to output an execution result.
  • an adder adds or subtracts two input numbers based on an adder trigger signal to generate the execution result.
  • Two selectors controlled by a selection signal pass values from the register pool to the adder as the input numbers.
  • the adder trigger signal and selection signal are delivered from the ASIC flow controller based on the substitution sequence.
  • a plurality of registers store the program data associated with the substitution sequence.
  • a dispatcher selectively stores the execution result or program data to one of the registers based on a storage signal.
  • the storage signal is delivered from the ASIC flow controller based on the substitution sequence.
  • the shift operation may be performed by the register pool.
  • the ASIC flow controller delivers a shift signal to one of the registers when a shift operation is requested, and the register shifts its stored data leftwards or rightwards accordingly.
  • Each selector is coupled to outputs of the registers, selecting one of them to pass an input number to the adder.
  • the registers may be at least 160 bit, the adder is a 32 bit full adder, and the input numbers are 32 bit individually obtained from the registers based on the selection signal.
  • the program is an Elliptic Curve (EC) related application comprising point multiplication and addition operations, and prime field multiplication, inversion, addition, and subtraction operations.
  • EC Elliptic Curve
  • the ASIC flow controller converts the point multiplication operations to a sequence comprising only prime field operations and shift operations. Furthermore, the ASIC flow controller converts prime field multiplication and inversion operations to an equivalent sequence comprising only arithmetic addition, subtraction and shift operations, such that the substitution sequence equivalent to the program is generated.
  • the conversion of the prime field multiplication and inversion operations is a Montgomery domain transfer.
  • Another embodiment is an Elliptic Curve operation method, for use in an apparatus only capable of performing arithmetic addition, subtraction and shift operations.
  • a program to be executed is firstly provided.
  • the program is converted into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations.
  • the substitution sequence is then executed and an execution result is output.
  • FIG. 1 shows an embodiment of a cryptographic system 100 according to the invention
  • FIG. 2 shows an embodiment of a state machine for Elliptic Curve (EC) operations
  • FIG. 3 shows an embodiment of a register pool 210 and an ALU 220 according to FIG. 1 ;
  • FIG. 4 is an exemplary flowchart of a key generation procedure
  • FIG. 5 is an exemplary flowchart of a point addition operation
  • FIG. 6 is a flowchart of a Montgomery multiplication algorithm.
  • FIG. 1 shows an embodiment of a cryptographic system 100 according to the invention.
  • the cryptographic system 100 maybe an embedded system comprising a CPU 102 , a memory 104 and a specifically designed accelerator 110 .
  • the memory 104 may store programs and associated data intended to provide cryptographic services.
  • the accelerator 110 is a supportive unit for accelerating EC related operations needed in the Elliptic Curve Diffie-Hellman (ECDH) key agreement scheme, the Elliptic Curve Digital Signature Algorithm (ECDSA), and the ECMQV key agreement scheme.
  • the accelerator 110 is controlled by the CPU 102 , comprising an ASIC flow controller 120 , a register pool 210 and an ALU 220 .
  • the CPU 102 controls the accelerator 110 via an input interface 115 to accomplish the task.
  • the program may be directly converted by the CPU 102 or the ASIC flow controller 120 (activated by the CPU 102 ) into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations, with program data #DATA simultaneously extracted therefrom.
  • the ALU 220 then executes the substitution sequence and outputs an execution result #SUM.
  • the register pool 210 stores the program data #DATA associated with the substitution sequence.
  • the execution result #SUM may also be feedback to the register pool 210 for iterative calculations.
  • the ASIC flow controller 120 serves as a flow controller while the ALU 220 executes the substitution sequence, thus instructions such as loop, jump and compare are supported thereby.
  • FIG. 2 shows an embodiment of a state machine for EC operations.
  • the EC operations calculate coordinates of Elliptic curve points (x,y) on a two-dimensional plane, such as addition of two points, doubling a point and finding the multiple of a point.
  • the EC operations can be decomposed into four fundamental operations such as addition, subtraction, multiplication and inversion in the prime field GF(p). All of the operations can be further converted into a simplified form by transferring into Montgomery domain.
  • state 201 instructions of a program are sequentially executed. When different operations are required, corresponding state blocks are requested as a function call. As an example, an EC point multiplication (kG) is processed in state 203 .
  • State 205 serves the EC point addition, by which a point P+Q is obtained with two input points P and Q. If the points P and Q are identical ones, the output is referred to as a point double 2P. It is shown that state 205 is a sub-function for states 201 and 203 .
  • EC point addition is convertible to a sequence of operations in Prime field GF(p), such as multiplication/inversion and addition/subtraction.
  • multiplication (as well as inversion) in Prime field GF(p) is performed in state 207 , serving as sub-functions for the aforementioned state blocks 201 , 203 and 205 .
  • multiplication in Prime field GF(p) is also convertible to a sequence of arithmetic addition/subtraction operations. For example, by transferring into Montgomery domain, multiplication/inversion in Prime field GF(p) can be accomplished by only adders and bit shifters respectively associated within states 209 .
  • a generalized hardware is provided in the embodiment to perform all EC operations and operations over Prime field GF(p).
  • FIG. 3 shows an embodiment of a register pool 210 and an ALU 220 according to FIG. 1 .
  • the register pool 210 and ALU 220 are cooperatively controlled by the ASIC flow controller 120 via control signals #store, #shift, #select and #addsub to dedicatedly perform arithmetic addition operations as described in state 209 of FIG. 2 .
  • a plurality of registers 304 are simultaneously provided to buffer data to be calculated.
  • ECDSA may utilize 160 -bit keys for signatures and verifications, so the registers 304 are implemented to have at least 160 bits. Arithmetic shift operations may be performed in the registers 304 under control of a shift signal #shift.
  • the ASIC flow controller 120 delivers a shift signal #shift to a corresponding register 304 , moving its data leftwards or rightwards accordingly.
  • the dispatcher 302 serves as an allocation manager, controlled by a storage signal #store to store the execution result #SUM or program data #DATA to each particularly assigned register 304 .
  • the shift operation may also be performed by an adder 308 itself, thus the shift signal #shift is used thereby.
  • the ALU 220 comprises the adder 308 , adding or subtracting two input numbers based on an adder trigger signal #addsub to generate the execution result.
  • the two numbers are selected from the registers 304 by two selectors 306 according to a selection signal #select.
  • the adder trigger signal #addsub and selection signal #select are delivered from the ASIC flow controller 120 or the CPU 102 when required.
  • the registers 304 are of 160 bit-width, and the adder 308 may be a 32 bit-width full adder. Each input number is 32 bit with an extra bit indicating carry or borrow.
  • the output of the adder 308 is coupled to the dispatcher 302 , thus the execution result #SUM can be feedback to the registers 304 .
  • the adder 308 loops for five cycles with 32 bits processed per cycle.
  • the execution result #SUM also comprises an extra bit to indicate carry or borrow.
  • FIG. 4 is an exemplary flowchart of an EC point multiplication procedure.
  • ECDSA signature/verification process requires multiplication of a point G on an Elliptic curve by a constant k.
  • EC multiplication as represented in state 203 of FIG. 2 , are accomplished by a sequence of EC addition/subtraction and arithmetic operations.
  • step 401 the constant k and the point G are given.
  • FIG. 5 is an exemplary flowchart of a EC addition operation.
  • the EC addition/subtraction as described in state 205 of FIG. 2 are further convertible to a sequence of operations in Prime field GF(p).
  • step 501 two addends are given as P(x 1 , y 1 ) and Q(x 2 , y 2 ) where the coordinates x 1 , y 1 , x 2 , and y 2 are real numbers.
  • step 503 it is determined whether P and Q are the identical point, because derivations of their slopes are different. No to step 505 , and yes to step 507 .
  • step 513 the result R(x 3 ,y 3 ) is output. Addition and subtraction are mutual substitutable operations, thus P-Q can be calculated by giving P and ⁇ Q in step 501 for this example.
  • FIG. 6 is a flowchart of a Montgomery multiplication algorithm. Multiplication/inversion operations in Montgomery domain are further simplified to arithmetic addition and shift operations.
  • step 601 multiplicands x and y, and a n-bit prime modulo p are input.
  • step 611 it is determined whether the loop is finished. If not, the index i is incremented and the process returns to step 605 . Otherwise, z is modulated by the modulo p in steps 613 and 615 to ensure a result not exceeding p. Thereafter, in step 617 , the result p is output.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Computational Mathematics (AREA)
  • Algebra (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Complex Calculations (AREA)
  • Executing Machine-Instructions (AREA)

Abstract

A cryptographic system is disclosed, implementing an Elliptic Curve operation method. A memory stores a program and data. A central processor unit (CPU) dispatches requests to the program. The program is converted into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations. A register pool stores data associated with the substitution sequence. An arithmetic logic unit (ALU) is controlled by the ASIC flow controller to execute the substitution sequence to output an execution result.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of U.S. Provisional Application No. 60/743,126, filed Jan. 12, 2006.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The invention relates to Elliptic Curve Cryptography (ECC), and in particular, to arithmetic circuits for EC operations.
  • 2. Description of the Related Art
  • Elliptic Curve Cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. Elliptic curves are also used in several integer factorization algorithms that have applications in cryptography, such as, for instance, Lenstra elliptic curve factorization, but this use of elliptic curves is not usually referred to as “elliptic curve cryptography.”
  • In ECC, a finite field, also referred to as a Galois field (GF), defines a field that contains only finitely many elements. The GF is typically categorized into two types, a prime field GF(p) and a binary field GF(2m). The prime field GF(p) is a finite field with p elements, usually labelled 0, 1, 2, . . . p−1, where arithmetic is performed with modulo p. Most of the ECC schemes are related to the prime field GF(p). Often seen examples are, the Elliptic Curve Diffie-Hellman (ECDH) key agreement scheme based on the Diffie-Hellman algorithm, the Elliptic Curve Digital Signature Algorithm (ECDSA) based on the Digital Signature Algorithm, and the ECMQV key agreement scheme based on the MQV key agreement scheme.
  • Conventionally, for a software based system, the ECC schemes are executed by a CPU cooperated with memory. The memory is accessed rapidly, thus a costly wide-width bus is requested. Specifically designed circuits are proposed to accelerate the EC operations. For example, prior arts in US patents U.S. Pat. No. 6,963,644, U.S. Pat. No. 6,820,105, U.S. Pat. No. 6,691,143 are hardware implementations for various ECC calculations, in which a plurality of multipliers and adders are utilized. Circuits in the published disclosures, however, are designed for particular operations, and the components therein can not be reused or shared by other algorithms. Thus, redundant components are used with considerable costs, and an improvement is therefore desirable.
    • BRIEF SUMMARY OF THE INVENTION
  • An exemplary embodiment of a cryptographic system is disclosed to implement an Elliptic Curve operation method. A memory stores a program and data. A central processor unit (CPU) dispatches requests to the program. The program is converted into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations. A register pool stores program data associated with the substitution sequence. An arithmetic logic unit (ALU) is controlled by the ASIC flow controller or the CPU to execute the substitution sequence to output an execution result.
  • In the ALU, an adder adds or subtracts two input numbers based on an adder trigger signal to generate the execution result. Two selectors controlled by a selection signal, pass values from the register pool to the adder as the input numbers. The adder trigger signal and selection signal are delivered from the ASIC flow controller based on the substitution sequence.
  • In the register pool, a plurality of registers store the program data associated with the substitution sequence. A dispatcher selectively stores the execution result or program data to one of the registers based on a storage signal. The storage signal is delivered from the ASIC flow controller based on the substitution sequence.
  • The shift operation may be performed by the register pool. The ASIC flow controller delivers a shift signal to one of the registers when a shift operation is requested, and the register shifts its stored data leftwards or rightwards accordingly. Each selector is coupled to outputs of the registers, selecting one of them to pass an input number to the adder. The registers may be at least 160 bit, the adder is a 32 bit full adder, and the input numbers are 32 bit individually obtained from the registers based on the selection signal.
  • Specifically, the program is an Elliptic Curve (EC) related application comprising point multiplication and addition operations, and prime field multiplication, inversion, addition, and subtraction operations.
  • The ASIC flow controller converts the point multiplication operations to a sequence comprising only prime field operations and shift operations. Furthermore, the ASIC flow controller converts prime field multiplication and inversion operations to an equivalent sequence comprising only arithmetic addition, subtraction and shift operations, such that the substitution sequence equivalent to the program is generated. The conversion of the prime field multiplication and inversion operations is a Montgomery domain transfer.
  • Another embodiment is an Elliptic Curve operation method, for use in an apparatus only capable of performing arithmetic addition, subtraction and shift operations. A program to be executed is firstly provided. The program is converted into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations. The substitution sequence is then executed and an execution result is output. A detailed description is given in the following embodiments with reference to the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The invention can be more fully understood by reading the subsequent detailed description and examples with references made to the accompanying drawings, wherein:
  • FIG. 1 shows an embodiment of a cryptographic system 100 according to the invention;
  • FIG. 2 shows an embodiment of a state machine for Elliptic Curve (EC) operations;
  • FIG. 3 shows an embodiment of a register pool 210 and an ALU 220 according to FIG. 1;
  • FIG. 4 is an exemplary flowchart of a key generation procedure;
  • FIG. 5 is an exemplary flowchart of a point addition operation; and
  • FIG. 6 is a flowchart of a Montgomery multiplication algorithm.
    • DETAILED DESCRIPTION OF THE INVENTION
  • The following description is of the best-contemplated mode of carrying out the invention. This description is made for the purpose of illustrating the general principles of the invention and should not be taken in a limiting sense. The scope of the invention is best determined by reference to the appended claims.
  • FIG. 1 shows an embodiment of a cryptographic system 100 according to the invention. The cryptographic system 100 maybe an embedded system comprising a CPU 102, a memory 104 and a specifically designed accelerator 110. The memory 104 may store programs and associated data intended to provide cryptographic services. The accelerator 110 is a supportive unit for accelerating EC related operations needed in the Elliptic Curve Diffie-Hellman (ECDH) key agreement scheme, the Elliptic Curve Digital Signature Algorithm (ECDSA), and the ECMQV key agreement scheme. The accelerator 110 is controlled by the CPU 102, comprising an ASIC flow controller 120, a register pool 210 and an ALU 220. When a program of EC operation is executed, the CPU 102 controls the accelerator 110 via an input interface 115 to accomplish the task. The program may be directly converted by the CPU 102 or the ASIC flow controller 120 (activated by the CPU 102) into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations, with program data #DATA simultaneously extracted therefrom. The ALU 220 then executes the substitution sequence and outputs an execution result #SUM. The register pool 210 stores the program data #DATA associated with the substitution sequence. The execution result #SUM may also be feedback to the register pool 210 for iterative calculations. Specifically, the ASIC flow controller 120 serves as a flow controller while the ALU 220 executes the substitution sequence, thus instructions such as loop, jump and compare are supported thereby.
  • FIG. 2 shows an embodiment of a state machine for EC operations. The EC operations calculate coordinates of Elliptic curve points (x,y) on a two-dimensional plane, such as addition of two points, doubling a point and finding the multiple of a point. The EC operations can be decomposed into four fundamental operations such as addition, subtraction, multiplication and inversion in the prime field GF(p). All of the operations can be further converted into a simplified form by transferring into Montgomery domain. In state 201, instructions of a program are sequentially executed. When different operations are required, corresponding state blocks are requested as a function call. As an example, an EC point multiplication (kG) is processed in state 203. An arithmetic number k and a point G are input, and their multiplication, kG, is output. EC point multiplication is equivalent to a sequence of EC point additions (also applicable for subtractions). State 205 serves the EC point addition, by which a point P+Q is obtained with two input points P and Q. If the points P and Q are identical ones, the output is referred to as a point double 2P. It is shown that state 205 is a sub-function for states 201 and 203.
  • Furthermore, EC point addition is convertible to a sequence of operations in Prime field GF(p), such as multiplication/inversion and addition/subtraction. Thus, multiplication (as well as inversion) in Prime field GF(p) is performed in state 207, serving as sub-functions for the aforementioned state blocks 201, 203 and 205. More than that, multiplication in Prime field GF(p) is also convertible to a sequence of arithmetic addition/subtraction operations. For example, by transferring into Montgomery domain, multiplication/inversion in Prime field GF(p) can be accomplished by only adders and bit shifters respectively associated within states 209. In view of the states classification, a generalized hardware is provided in the embodiment to perform all EC operations and operations over Prime field GF(p).
  • FIG. 3 shows an embodiment of a register pool 210 and an ALU 220 according to FIG. 1. The register pool 210 and ALU 220 are cooperatively controlled by the ASIC flow controller 120 via control signals #store, #shift, #select and #addsub to dedicatedly perform arithmetic addition operations as described in state 209 of FIG. 2. In the register pool 210, a plurality of registers 304 are simultaneously provided to buffer data to be calculated. For example, ECDSA may utilize 160-bit keys for signatures and verifications, so the registers 304 are implemented to have at least 160 bits. Arithmetic shift operations may be performed in the registers 304 under control of a shift signal #shift. When a shift operation is requested during execution of the program, the ASIC flow controller 120 delivers a shift signal #shift to a corresponding register 304, moving its data leftwards or rightwards accordingly. The dispatcher 302 serves as an allocation manager, controlled by a storage signal #store to store the execution result #SUM or program data #DATA to each particularly assigned register 304. Alternatively, the shift operation may also be performed by an adder 308 itself, thus the shift signal #shift is used thereby.
  • The ALU 220 comprises the adder 308, adding or subtracting two input numbers based on an adder trigger signal #addsub to generate the execution result. The two numbers are selected from the registers 304 by two selectors 306 according to a selection signal #select. The adder trigger signal #addsub and selection signal #select are delivered from the ASIC flow controller 120 or the CPU 102 when required. In the embodiment, the registers 304 are of 160 bit-width, and the adder 308 may be a 32 bit-width full adder. Each input number is 32 bit with an extra bit indicating carry or borrow. The output of the adder 308 is coupled to the dispatcher 302, thus the execution result #SUM can be feedback to the registers 304. If a 160 bit addition is requested, the adder 308 loops for five cycles with 32 bits processed per cycle. The execution result #SUM also comprises an extra bit to indicate carry or borrow. Through the control signals, the register pool 210 and ALU 220 flexibly solve all EC related operations by only addition, subtraction and shift operations.
  • FIG. 4 is an exemplary flowchart of an EC point multiplication procedure. According to ANSI X9.62 standard, ECDSA signature/verification process requires multiplication of a point G on an Elliptic curve by a constant k. EC multiplication as represented in state 203 of FIG. 2, are accomplished by a sequence of EC addition/subtraction and arithmetic operations. In step 401, the constant k and the point G are given. In step 403, arithmetic multiplication is used to calculate h=3k. Variables are initialized, such as e=k, R=G. In step 405, a loop is initialized for i=r−1 down to 1, where r is the total bits of h. The point R is doubled by EC addition, e.g. R=2R. In step 407, it is determined whether an ith bit of the variables h and e satisfy the conditions hi=1 and ei=0. Yes to step 409, point addition is performed to calculate R=R+G. Otherwise, step 411 is processed, determining whether an ith bit of the variables h and e satisfy the conditions hi=0 and ei=1. If so, EC subtraction is performed to calculate R=R−G in step 413. Thereafter in step 415, the index i is checked whether equivalent to 1. If not, the index i is decreased in step 417, and the process returns to step 405. Otherwise, the loop is deemed finished, and the result R=kG is output in step 419.
  • FIG. 5 is an exemplary flowchart of a EC addition operation. The EC addition/subtraction as described in state 205 of FIG. 2, are further convertible to a sequence of operations in Prime field GF(p). In step 501, two addends are given as P(x1, y1) and Q(x2, y2) where the coordinates x1, y1, x2, and y2 are real numbers. In step 503, it is determined whether P and Q are the identical point, because derivations of their slopes are different. No to step 505, and yes to step 507. In step 505, the slope λ=(y2−y1)/(x2−x1) is calculated using subtraction, inversion and multiplication in Prime field GF(p). In step 507, the slope λ=(3x1 2+a)/2y1 is also calculated by operations in Prime field GF(p), where a is a parameter for the elliptic curve y2=x3+ax+b. Then, coordinates of the result R=P+Q are calculated based on the slope. In step 509, x32−x1−x2. In step 511, y3=λ(x1−x3)−y1. In step 513, the result R(x3,y3) is output. Addition and subtraction are mutual substitutable operations, thus P-Q can be calculated by giving P and −Q in step 501 for this example.
  • FIG. 6 is a flowchart of a Montgomery multiplication algorithm. Multiplication/inversion operations in Montgomery domain are further simplified to arithmetic addition and shift operations. In step 601, multiplicands x and y, and a n-bit prime modulo p are input. z=(xy/2n) mod p is the destination to be derived. In step 603, variables are initialized, e.g. z=0, i=0. A loop is started in step 605 for i=0 to n−1, and z is updated by adding xiy to itself: z=z+xiy, where xi is the ith digit of x. In step 607, z is updated by adding z0p: z=z+z0p, where z0 is the rightmost digit of z. In step 609, z is shifted rightward by 1 bit, equivalently rendering z=z/2. In step 611, it is determined whether the loop is finished. If not, the index i is incremented and the process returns to step 605. Otherwise, z is modulated by the modulo p in steps 613 and 615 to ensure a result not exceeding p. Thereafter, in step 617, the result p is output. In summary, only arithmetic addition and shift operations are used, thus, through conversion by ASIC flow controller 120, the EC related programs can be executed by register pool 210 and ALU 220 under control of the ASIC flow controller 120. Montgomery algorithm has many variations depending on different conditions, and the embodiment is specifically adaptable for prime field GF(p). Montgomery inversion algorithm is also a sequence of only arithmetic addition operations, thus detailed steps are not introduced in this embodiment. While the invention has been described by way of example and in terms of preferred embodiment, it is to be understood that the invention is not limited thereto. To the contrary, it is intended to cover various modifications and similar arrangements (as would be apparent to those skilled in the art). Therefore, the scope of the appended claims should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements.

Claims (18)

1. A cryptographic system, comprising:
a memory for storage of a program;
a central processor unit (CPU), dispatching requests to an ASIC flow controller according to the program;
the ASIC flow controller, coupled to the CPU, generating a substitution sequence and performing flow control of the substitution sequence;
a register pool, coupled to the ASIC flow controller for storage of data associated with the substitution sequence; and
an arithmetic logic unit (ALU), controlled by the ASIC flow controller to execute the substitution sequence and output an execution result;
wherein the substitution sequence comprises only arithmetic addition, subtraction and shift operations.
2. The cryptography system as claimed in claim 1, wherein the substitution sequence is converted by the CPU.
3. The cryptography system as claimed in claim 1, wherein the substitution sequence is converted by the ASIC flow controller.
4. The cryptography system as claimed in claim 1, wherein the ALU comprises:
an adder, adding or subtracting two input numbers based on an adder trigger signal to generate the execution result;
two selectors, coupled to the register pool, controlled by a selection signal to pass values from the register pool to the adder as the input numbers; wherein:
the adder trigger signal and selection signal are delivered from the ASIC flow controller or the CPU based on the substitution sequence.
5. The cryptography system as claimed in claim 4, wherein the register pool comprises:
a plurality of registers for storage of data associated with the substitution sequence;and
a dispatcher, selectively storing the execution result or data to one of the registers based on a storage signal; wherein:
the storage signal is delivered from the ASIC flow controller or the CPU based on the substitution sequence.
6. The cryptography system as claimed in claim 5, wherein:
the shift operation is performed by the ALU;
the ASIC flow controller delivers a shift signal to ALU when a shift operation is requested; and
the ALU shifts data stored in the register pool leftwards or rightwards according to the shift signal.
7. The cryptography system as claimed in claim 5, wherein each selector is coupled to outputs of the registers, selecting one of them to pass an input number to the ALU.
8. The cryptography system as claimed in claim 5, wherein:
the registers are 160 bit; and
the adder is a 32 bit full adder; and
the input numbers are 32 bit individually obtained from the registers based on the selection signal.
9. The cryptography system as claimed in claim 1, wherein the program is an Elliptic Curve (EC) related application comprising:
EC point multiplication and addition operations,
prime field multiplication and inversion, and
arithmetic addition, and subtraction operations.
10. The cryptography system as claimed in claim 9, wherein the ASIC flow controller converts the EC point multiplication operations to a first sequence of only EC point add operations and arithmetic operations.
11. The cryptography system as claimed in claim 10, wherein the ASIC flow controller converts the first sequence to a second sequence comprising only prime field operations and shift operations.
12. The cryptography system as claimed in claim 11, wherein the ASIC flow controller further converts prime field multiplication and inversion operations to an equivalent sequence comprising only arithmetic addition, subtraction and shift operations.
13. An Elliptic Curve operation method, for use in an apparatus only capable of performing arithmetic addition, subtraction and shift operations, comprising:
providing a program to be executed;
converting the program into an equivalent substitution sequence comprising only arithmetic addition, subtraction and shift operations;
executing the substitution sequence, and outputting an execution result.
14. The Elliptic Curve operation method as claimed in claim 13, wherein the program is an Elliptic Curve(EC) related application comprising:
point multiplication and addition operations,
prime field multiplication and inversion, and
arithmetic addition, and subtraction operations.
15. The Elliptic Curve operation method as claimed in claim 14, wherein the conversion comprises converting the point multiplication operations to an arithmetic sequence of only prime field operations and shift operations.
16. The Elliptic Curve operation method as claimed in claim 15, wherein the conversion further comprises, converting prime field multiplication and inversion operations to an equivalent sequence comprising only arithmetic addition, subtraction and shift operations, such that the substitution sequence equivalent to the program is generated.
17. The Elliptic Curve operation method as claimed in claim 16, wherein the conversion of the multiplication and inversion in the prime field operations comprises transferring the prime field multiplication and inversion operations to Montgomery domain.
18. The Elliptic Curve operation method as claimed in claim 13, further comprising providing flow control of the substitution sequence.
US11/622,011 2006-01-12 2007-01-11 Cryptography system and elliptic curve operation method Abandoned US20070198824A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/622,011 US20070198824A1 (en) 2006-01-12 2007-01-11 Cryptography system and elliptic curve operation method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US74312606P 2006-01-12 2006-01-12
US11/622,011 US20070198824A1 (en) 2006-01-12 2007-01-11 Cryptography system and elliptic curve operation method

Publications (1)

Publication Number Publication Date
US20070198824A1 true US20070198824A1 (en) 2007-08-23

Family

ID=38692494

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/539,209 Active 2027-07-19 US7602655B2 (en) 2006-01-12 2006-10-06 Embedded system
US11/563,236 Active 2027-09-04 US7480744B2 (en) 2006-01-12 2006-11-27 Method and apparatus for one time programming
US11/622,011 Abandoned US20070198824A1 (en) 2006-01-12 2007-01-11 Cryptography system and elliptic curve operation method

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11/539,209 Active 2027-07-19 US7602655B2 (en) 2006-01-12 2006-10-06 Embedded system
US11/563,236 Active 2027-09-04 US7480744B2 (en) 2006-01-12 2006-11-27 Method and apparatus for one time programming

Country Status (3)

Country Link
US (3) US7602655B2 (en)
CN (4) CN100454257C (en)
TW (3) TW200736955A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070174495A1 (en) * 2006-01-12 2007-07-26 Mediatek Inc. Embedded system
US20090074178A1 (en) * 2007-09-14 2009-03-19 University Of Ottawa Accelerating Scalar Multiplication On Elliptic Curve Cryptosystems Over Prime Fields
US20090323933A1 (en) * 2008-05-14 2009-12-31 Longa Patrick Exponentiation method using multibase number representation
US20120275594A1 (en) * 2007-03-07 2012-11-01 Research In Motion Limited Method and Apparatus for Performing Elliptic Curve Scalar Multiplication in a Manner that Counters Power Analysis Attacks
US20150180664A1 (en) * 2013-12-23 2015-06-25 Nxp B.V. Optimized hardward architecture and method for ecc point addition using mixed affine-jacobian coordinates over short weierstrass curves
US9929862B2 (en) 2013-12-23 2018-03-27 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using Jacobian coordinates over short Weierstrass curves
US9979543B2 (en) 2013-12-23 2018-05-22 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using jacobian coordinates over short weierstrass curves
CN109145616A (en) * 2018-08-01 2019-01-04 上海交通大学 The realization method and system of SM2 encryption, signature and key exchange based on efficient modular multiplication
US10680819B2 (en) * 2016-08-23 2020-06-09 Maxim Integrated Products, Inc. Systems and methods for operating secure elliptic curve cryptosystems

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8619977B2 (en) * 2008-01-15 2013-12-31 Inside Secure Representation change of a point on an elliptic curve
CN101547089B (en) * 2008-03-28 2012-07-25 上海爱信诺航芯电子科技有限公司 Method for realizing elliptic curve cryptosystem algorithm over prime field in integrated circuit
US9208108B2 (en) 2008-12-19 2015-12-08 Nvidia Corporation Method and system for improved flash controller commands selection
CN102036025B (en) * 2009-09-25 2014-01-08 无锡华润矽科微电子有限公司 SOC (System on Chip) chip and control method thereof
US9594675B2 (en) 2009-12-31 2017-03-14 Nvidia Corporation Virtualization of chip enables
US9465728B2 (en) * 2010-11-03 2016-10-11 Nvidia Corporation Memory controller adaptable to multiple memory devices
GB201816936D0 (en) * 2018-10-17 2018-11-28 Nchain Holdings Ltd Computer-implemented system and method
CN111596944A (en) * 2019-02-21 2020-08-28 法雷奥舒适驾驶助手公司 Electronic device, method for updating firmware therein and method for executing firmware therein
US11528126B2 (en) * 2021-02-16 2022-12-13 Google Llc Interface for revision-limited memory
JP2023048392A (en) * 2021-09-28 2023-04-07 トヨタ自動車株式会社 Vehicle control interface and vehicle equipped with the same, automatic operation system and vehicle equipped with the same as well as vehicle control method

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4879688A (en) * 1985-03-04 1989-11-07 Lattice Semiconductor Corporation In-system programmable logic device
US4985848A (en) * 1987-09-14 1991-01-15 Visual Information Technologies, Inc. High speed image processing system using separate data processor and address generator
US5650734A (en) * 1995-12-11 1997-07-22 Altera Corporation Programming programmable transistor devices using state machines
US5680061A (en) * 1995-05-17 1997-10-21 Altera Corporation Techniques for programming programmable logic array devices
US5734868A (en) * 1995-08-09 1998-03-31 Curd; Derek R. Efficient in-system programming structure and method for non-volatile programmable logic devices
US5812662A (en) * 1995-12-18 1998-09-22 United Microelectronics Corporation Method and apparatus to protect computer software
US5816662A (en) * 1996-11-12 1998-10-06 Rumburg; Tina M. Over-the-shoulder safety harness for use with a chair
US6170043B1 (en) * 1999-01-22 2001-01-02 Media Tek Inc. Method for controlling an optic disk
US6259271B1 (en) * 1996-07-18 2001-07-10 Altera Corporation Configuration memory integrated circuit
US6373771B1 (en) * 2001-01-17 2002-04-16 International Business Machines Corporation Integrated fuse latch and shift register for efficient programming and fuse readout
US6507881B1 (en) * 1999-06-10 2003-01-14 Mediatek Inc. Method and system for programming a peripheral flash memory via an IDE bus
US6683817B2 (en) * 2002-02-21 2004-01-27 Qualcomm, Incorporated Direct memory swapping between NAND flash and SRAM with error correction coding
US7046570B1 (en) * 2004-06-02 2006-05-16 Xilinx, Inc. Programmable logic devices optionally convertible to one time programmable devices
US20060202232A1 (en) * 2005-02-25 2006-09-14 Oki Electric Industry Co., Ltd. Memory control unit and memory system
US20070153609A1 (en) * 2005-12-16 2007-07-05 Fortune Semiconductor Corporation One-time programmable memory and method of burning data of the same

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU4835185A (en) * 1985-05-14 1985-10-07 Cadam Systems Company Inc. Program keyboard mechanism
US5261055A (en) * 1992-02-19 1993-11-09 Milsys, Ltd. Externally updatable ROM (EUROM)
CN1083589C (en) 1996-05-24 2002-04-24 明碁电脑股份有限公司 Method for loading software program into electrically erasable programmable read-only memory
US6134707A (en) * 1996-11-14 2000-10-17 Altera Corporation Apparatus and method for in-system programming of integrated circuits containing programmable elements
US5922055A (en) * 1997-02-25 1999-07-13 Motorola, Inc. Method for determining a type of a serial EEPROM and plug and play controller
ES2175601T3 (en) * 1998-01-14 2002-11-16 Irdeto Access Bv INTEGRATED CIRCUIT AND SMART CARD CONTAINING IT.
US6963644B1 (en) 1999-04-07 2005-11-08 Matsushita Electric Industrial Co., Ltd. Multi-word arithmetic device for faster computation of cryptosystem calculations
US6691143B2 (en) 2000-05-11 2004-02-10 Cyberguard Corporation Accelerated montgomery multiplication using plural multipliers
JP4678083B2 (en) 2000-09-29 2011-04-27 ソニー株式会社 Memory device and memory access restriction method
US6813707B1 (en) * 2001-03-23 2004-11-02 Cisco Technology Inc. Enhancing instruction execution using built-in macros
CN1258711C (en) * 2001-06-19 2006-06-07 神基科技股份有限公司 Programming method with selective programming module
CN2501159Y (en) 2001-07-16 2002-07-17 青岛海信电器股份有限公司 Reproducer for serial programmable read-only storage
CN100447763C (en) * 2003-05-29 2008-12-31 联想(北京)有限公司 A security chip and an information security processing device and method based on the chip
DE102004056088B4 (en) 2003-11-13 2008-12-18 Samsung Electronics Co., Ltd., Suwon Storage system with flash memory
CN100536390C (en) 2005-05-18 2009-09-02 上海迪申电子科技有限责任公司 A novel elliptic curve password coprocessor
US7602655B2 (en) * 2006-01-12 2009-10-13 Mediatek Inc. Embedded system
US20070162964A1 (en) * 2006-01-12 2007-07-12 Wang Liang-Yun Embedded system insuring security and integrity, and method of increasing security thereof

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4879688A (en) * 1985-03-04 1989-11-07 Lattice Semiconductor Corporation In-system programmable logic device
US4985848A (en) * 1987-09-14 1991-01-15 Visual Information Technologies, Inc. High speed image processing system using separate data processor and address generator
US5680061A (en) * 1995-05-17 1997-10-21 Altera Corporation Techniques for programming programmable logic array devices
US5949987A (en) * 1995-08-09 1999-09-07 Xilinx, Inc. Efficient in-system programming structure and method for non-volatile programmable logic devices
US5734868A (en) * 1995-08-09 1998-03-31 Curd; Derek R. Efficient in-system programming structure and method for non-volatile programmable logic devices
US5650734A (en) * 1995-12-11 1997-07-22 Altera Corporation Programming programmable transistor devices using state machines
US5869980A (en) * 1995-12-11 1999-02-09 Altera Corporation Programming programmable transistor devices using state machines
US5812662A (en) * 1995-12-18 1998-09-22 United Microelectronics Corporation Method and apparatus to protect computer software
US6259271B1 (en) * 1996-07-18 2001-07-10 Altera Corporation Configuration memory integrated circuit
US5816662A (en) * 1996-11-12 1998-10-06 Rumburg; Tina M. Over-the-shoulder safety harness for use with a chair
US6170043B1 (en) * 1999-01-22 2001-01-02 Media Tek Inc. Method for controlling an optic disk
US6507881B1 (en) * 1999-06-10 2003-01-14 Mediatek Inc. Method and system for programming a peripheral flash memory via an IDE bus
US6373771B1 (en) * 2001-01-17 2002-04-16 International Business Machines Corporation Integrated fuse latch and shift register for efficient programming and fuse readout
US6683817B2 (en) * 2002-02-21 2004-01-27 Qualcomm, Incorporated Direct memory swapping between NAND flash and SRAM with error correction coding
US7046570B1 (en) * 2004-06-02 2006-05-16 Xilinx, Inc. Programmable logic devices optionally convertible to one time programmable devices
US20060202232A1 (en) * 2005-02-25 2006-09-14 Oki Electric Industry Co., Ltd. Memory control unit and memory system
US20070153609A1 (en) * 2005-12-16 2007-07-05 Fortune Semiconductor Corporation One-time programmable memory and method of burning data of the same

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7602655B2 (en) * 2006-01-12 2009-10-13 Mediatek Inc. Embedded system
US20070174495A1 (en) * 2006-01-12 2007-07-26 Mediatek Inc. Embedded system
US20120275594A1 (en) * 2007-03-07 2012-11-01 Research In Motion Limited Method and Apparatus for Performing Elliptic Curve Scalar Multiplication in a Manner that Counters Power Analysis Attacks
US8615080B2 (en) * 2007-03-07 2013-12-24 Blackberry Limited Method and apparatus for performing elliptic curve scalar multiplication in a manner that counters power analysis attacks
US20090074178A1 (en) * 2007-09-14 2009-03-19 University Of Ottawa Accelerating Scalar Multiplication On Elliptic Curve Cryptosystems Over Prime Fields
US7991162B2 (en) * 2007-09-14 2011-08-02 University Of Ottawa Accelerating scalar multiplication on elliptic curve cryptosystems over prime fields
US20090323933A1 (en) * 2008-05-14 2009-12-31 Longa Patrick Exponentiation method using multibase number representation
US7991154B2 (en) * 2008-05-14 2011-08-02 Univeristy of Castilla-La Mancha Exponentiation method using multibase number representation
US20150180664A1 (en) * 2013-12-23 2015-06-25 Nxp B.V. Optimized hardward architecture and method for ecc point addition using mixed affine-jacobian coordinates over short weierstrass curves
US9900154B2 (en) * 2013-12-23 2018-02-20 Nxp B.V. Optimized hardward architecture and method for ECC point addition using mixed affine-jacobian coordinates over short weierstrass curves
US9929862B2 (en) 2013-12-23 2018-03-27 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using Jacobian coordinates over short Weierstrass curves
US9979543B2 (en) 2013-12-23 2018-05-22 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using jacobian coordinates over short weierstrass curves
US10680819B2 (en) * 2016-08-23 2020-06-09 Maxim Integrated Products, Inc. Systems and methods for operating secure elliptic curve cryptosystems
US11171780B2 (en) * 2016-08-23 2021-11-09 Maxim Integrated Products, Inc. Systems and methods for operating secure elliptic curve cryptosystems
CN109145616A (en) * 2018-08-01 2019-01-04 上海交通大学 The realization method and system of SM2 encryption, signature and key exchange based on efficient modular multiplication

Also Published As

Publication number Publication date
TW200736955A (en) 2007-10-01
US7602655B2 (en) 2009-10-13
US7480744B2 (en) 2009-01-20
CN100578473C (en) 2010-01-06
TW200805274A (en) 2008-01-16
CN101000539A (en) 2007-07-18
TW200731739A (en) 2007-08-16
CN101004719A (en) 2007-07-25
US20070174495A1 (en) 2007-07-26
TWI333198B (en) 2010-11-11
CN101000553A (en) 2007-07-18
CN100476719C (en) 2009-04-08
US20070180165A1 (en) 2007-08-02
CN100454257C (en) 2009-01-21
CN101000497A (en) 2007-07-18

Similar Documents

Publication Publication Date Title
US20070198824A1 (en) Cryptography system and elliptic curve operation method
Knezevic et al. Faster interleaved modular multiplication based on Barrett and Montgomery reduction methods
CN109039640B (en) An encryption and decryption hardware system and method based on RSA cryptographic algorithm
JP3939658B2 (en) Apparatus for performing modular multiplication, and arithmetic unit for performing modular multiplication
JP2722413B2 (en) Implementation method of modular multiplication by Montgomery method
US6795553B1 (en) Method and apparatus for modular inversion for information security and recording medium with a program for implementing the method
KR102132261B1 (en) Method and apparatus for computing montgomery multiplication performing final reduction wihhout comparator
JP4302640B2 (en) Apparatus and method for calculating multiplication using multiplicand shift, and recording medium storing program code for executing the apparatus
JP3785044B2 (en) Power residue calculation device, power residue calculation method, and recording medium
KR101925868B1 (en) Modular arithmetic unit and secure system having the same
JP3726966B2 (en) Multiplier and encryption circuit
JP2011517496A (en) Polynomial data processing operations
KR101977873B1 (en) Hardware-implemented modular inversion module
US7113593B2 (en) Recursive cryptoaccelerator and recursive VHDL design of logic circuits
JP2000207387A (en) Arithmetic unit and cryptographic processing unit
Lee et al. Linear systolic multiplier/squarer for fast exponentiation
US8023645B2 (en) Circuit arrangement for and method of performing an inversion operation in a cryptographic calculation
Kaihara et al. A VLSI algorithm for modular multiplication/division
JP4223819B2 (en) Power residue calculation apparatus and program
JP4850884B2 (en) Power-residue calculator
Kaihara et al. A hardware algorithm for modular multiplication/division based on the extended Euclidean algorithm
KR100451570B1 (en) Method and apparatus for implementing elliptic curve cryptosystem resisting against simple power attacks
Lórencz et al. Subtraction-free almost Montgomery inverse algorithm
TW202507501A (en) Montgomery multiplier architecture
KR20090070061A (en) Scalable Mongolian multiplier on dual field using multi-precision carry save adder

Legal Events

Date Code Title Description
AS Assignment

Owner name: MEDIATEK INC., TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEN, CHIA PING;HUNG, YING-CHE;LIN, LI-LIEN;REEL/FRAME:018880/0118;SIGNING DATES FROM 20070110 TO 20070115

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION