Paper 2015/556
Lightweight Coprocessor for Koblitz Curves: 283-bit ECC Including Scalar Conversion with only 4300 Gates
Sujoy Sinha Roy, Kimmo Järvinen, and Ingrid Verbauwhede
Abstract
We propose a lightweight coprocessor for 16-bit microcontrollers that implements high security elliptic curve cryptography. It uses a 283-bit Koblitz curve and offers 140-bit security. Koblitz curves offer fast point multiplications if the scalars are given as specific $\tau$-adic expansions, which results in a need for conversions between integers and $\tau$-adic expansions. We propose the first lightweight variant of the conversion algorithm and, by using it, introduce the first lightweight implementation of Koblitz curves that includes the scalar conversion. We also include countermeasures against side-channel attacks making the coprocessor the first lightweight coprocessor for Koblitz curves that includes a set of countermeasures against timing attacks, SPA, DPA and safe-error fault attacks. When the coprocessor is synthesized for 130 nm CMOS, it has an area of only 4,323 GE. When clocked at 16 MHz, it computes one 283-bit point multiplication in 98 ms with a power consumption of 97.70 $\mu$W, thus, consuming 9.56 $\mu$J of energy.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- A minor revision of an IACR publication in CHES 2015
- Keywords
- elliptic curve cryptosystemimplementationpublic-key cryptographysmart cards
- Contact author(s)
- kimmo jarvinen @ esat kuleuven be
- History
- 2015-06-15: received
- Short URL
- https://ia.cr/2015/556
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/556,
author = {Sujoy Sinha Roy and Kimmo Järvinen and Ingrid Verbauwhede},
title = {Lightweight Coprocessor for Koblitz Curves: 283-bit {ECC} Including Scalar Conversion with only 4300 Gates},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/556},
year = {2015},
url = {https://eprint.iacr.org/2015/556}
}
