LOGIN   :::   RECOVER PASS   :::   GET ACCOUNT    
Browse
  • Projects
  • Code (CVS)
  • Forums
  • News
  • Articles
  • Polls
    •  
    OpenCores
  • FAQ
  • CVS HowTo
  • Mission
  • Media
  • Tools
  • Advertise
  • Mirrors
  • Logos
  • Contact us
  • Job Opportunity

    •  
    Tools
  • Search
      
  • Download Cores (CVSGet)
    •  
    More
  • Wishbone
  • Perlilog
  • EDA tools
  • OpenTech CD
    •  
    Navigation: All forums > Cores > Message List > Message Post

    Message

    Reply | Reply all
    Date Prev | Date Next | Thread Prev | Thread Next Date Index | Thread Index

    From: joachim.strombergson@I...
    Date: Fri, 21 Nov 2003 11:28:42 +0100
    Subject: Re: [oc] ECC core
    Top

    Aloha!

Quoting "Steven R. McQueen" <srmcqueen@m...>:
> Unfortunately, this document does not provide enough information to
> implement a specific ECC algorithm. It is far too general. It appears to
> be an overview intended to explain the general concept to those who are
> curious.

Since I haven't actually read the posted Word document it's hard to say anything
about it. However I've done some studies at implementing ECC in hardware before.
Also there are a few papers available about implementing ECC in HW, especially
in FPGAs (see references below).

What one can say about Elliptic Curve Cryptography is that it's an iterative
method that is hard to parralize. The basic algorithm is jumping a select number
(in the order of hundreds) points on a curve with linear approximation to find
the next point. All taking place in a specific field. Basically.

This means that it's not simply to unroll a loop or similarly to block-ciphers
like DES, Kasumi, AES. Also the math involved requires a few steps to perform
each integral opetation.

So, what you can do are:

(1) Hardware acceleration of the ALU-operations. Especially the multplication
used. This is the route taken in basically both papers.

(2) Build (relatively complex) hardware to implement the "linear approximation
step" in one sweep.

(3) Do memory/logic/performance tradeoff by using look-up-tables.

(4) Increase performance by allowing a higher klock frequency (does not apply
for FPGAs ;-)

But, since each point is dependent on the preious, you don't gain anything for
"single thread" performance by doubling the HW-resources. If you want to
accelerate a server application, this might be a good thing though since the
throughput might be ok.

The speed gained in the papers below are in the order of 10-30-100x vs a CPU so
there are actually quite some reasons to do this.

Finally, adding a simple ECC-acceleration coprocessor might be enough to get
good real-time performance needed to run it decently on cheap microcontrollers
which alleviates a possible need for a big, honkin´ CPU. You might even save
some power too.

Just my 1 Euro worth of ECC-thinking.

References:
-----------
[1] M. Bednara et al. TRADEOFF ANALYSIS OF FPGA BASED ELLIPTIC CURVE
CRYPTOGRAPHY. http://www-math.uni-paderborn.de/~aggathen/Publications/beddal02b.pdf


[2]  Leung Ma Wong. FPGA Implementation of a Microcoded Elliptic Curve
Cryptographic Processor 
Shorl: http://shorl.com/davarystenigo


-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
VP, Research & Development
----------------------------------------------------------------------
InformAsic AB / Hugo Grauers gata 5B / SE-411 33 GÖTEBORG / Sweden
Tel: +46 31 68 54 90  Fax: +46 31 68 54 91  Mobile: +46 733 75 97 02
E-mail: joachim.strombergson@i...  Home: www.informasic.com
----------------------------------------------------------------------

    ReferenceAuthor
    Re: [oc] ECC coreAlbert raj a
    Re: [oc] ECC coreSteven R McQueen
     
    Copyright (c) 1999 OPENCORES.ORG. All rights reserved.