Flexible Hardware Design for RSA and Elliptic Curve Cryptosystems

  • Lejla Batina
  • Geeke Bruin-Muurling
  • Sıddıka Berna Örs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2964)


This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting wireless applications, up to a very big design (more than 100 Kgates) used for network security. In latter option it can include a few dedicated large number arithmetic units each of which is a systolic array performing the Montgomery Modular Multiplication (MMM). The bound on the Montgomery parameter has been optimized to facilitate more secure ECC point operations. Furthermore, we present a new possibility for CRT scheme which is less vulnerable to side-channel attacks.


FPGA design Systolic array Hardware implementation RSA ECC Montgomery multiplication Side-channel attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Batina, L., Muurling, G.: Montgomery in practice: How to do it more efficiently in hardware. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 40–52. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Batina, L., “Ors, S.B., Preneel, B., Vandewalle., J.: Hardware architectures for public key cryptography. Elsevier Science Integration the VLSI Journal 34 (2003)Google Scholar
  5. 5.
    Blake, I., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. London Mathematical Society Lecture Note Series. Cambridge University Press, Cambridge (1999)Google Scholar
  6. 6.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 255–265. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Goodman, J., Chandrakasan, A.P.: An energy-efficient reconfigurable public-key cryptography processor. IEEE Journal of Solid-State Circuits 36(11), 1808–1820 (2001)CrossRefGoogle Scholar
  9. 9.
    Großschädl, J.: A bit-serial unified multiplier architecture for finite fields GF(p) and GF(2n). In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 202–223. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Hachez, G., Koeune, F., Quisquater, J.-J.: Timing attack: what can be achieved by a powerful adversary? In: Barbé, A., van der Meulen, E.C., Vanroose, P. (eds.) Proceedings of the 20th symposium on Information Theory in the Benelux, May 1999, pp. 63–70 (1999)Google Scholar
  11. 11.
    Hachez, G., Quisquater, J.-J.: Montgomery exponentiation with no final subtractions: Improved results. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 293–301. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystem in the presence of faults. Journal of Cryptology 4(12), 241–245 (1999)CrossRefGoogle Scholar
  13. 13.
    Koblitz, N.: Elliptic curve cryptosystem. Math. Comp. 48, 203–209 (1987)zbMATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 446–465. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  18. 18.
    Miller, V.: Uses of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  19. 19.
    Montgomery, P.: Modular multiplication without trial division. Mathematics of Computation 44, 519–521 (1985)zbMATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    Novak, R.: SPA-based adaptive chosen-ciphertext attack on RSA implementation. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, p. 252. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Orlando, G., Paar, C.: A scalable GF(p) elliptic curve processor architecture for programmable hardware. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 356–371. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Örs, S.B., Batina, L., Preneel, B., Vandewalle, J.: Hardware implementation of a Montgomery modular multiplier in a systolic array. In: The The 10th Reconfigurable Architectures Workshop (RAW), Nice, France, April 22 (2003)Google Scholar
  23. 23.
    Örs, S.B., Batina, L., Preneel, B., Vandewalle, J.: Hardware implementation of an elliptic curve processor over GF(p). In: IEEE 14th International Conference on Application-specific Systems, Architectures and Processors (ASAP), The Hague, The Netherlands, June 24–26 (2003)Google Scholar
  24. 24.
    Örs, S.B., Oswald, E., Preneel, B.: Power-analysis attacks on an FPGA – first experimental results. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 35–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Quisquater, J.J., Samyde, D.: Elecromagnetic analysis EMA: Measures and coutermeasures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Satoh, A., Takano, K.: A scalable dual-field elliptic curve cryptographic processor. IEEE Transactions on Computers, special issue on cryptographic hardware and embedded systems 52(4), 449–460 (2003)Google Scholar
  28. 28.
    Savaş, E., Tenca, A.F.: A scalable and unified multiplier architecture for finite fields GF(p) and GF(2m). In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 281–296. Springer, Heidelberg (2000)Google Scholar
  29. 29.
    Walter, C.D.: Precise bounds for Montgomery modular multiplication and some potentially insecure RSA moduli. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 30–39. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    Walter, C.D., Thompson, S.: Distinguishing exponent digits by observing modular subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. 31.
    Wolkerstorfer, J.: Dual-field arithmetic unit for GF(p) and GF(2m). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 500–514. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Lejla Batina
    • 1
  • Geeke Bruin-Muurling
    • 2
  • Sıddıka Berna Örs
    • 1
  1. 1.Katholieke Universiteit Leuven, ESAT/COSICLeuven-HeverleeBelgium
  2. 2. VughtThe Netherlands

Personalised recommendations