Constant-time hardware computation of elliptic curve scalar multiplication around the 128 bit security level

Abstract

In this paper we present two classes of scalar multiplication hardware architectures that compute a constant-time variable-base point multiplication over the Galbraith–Lin–Scott (GLS) family of binary elliptic curves. Our first architecture is speed-optimized and utilizes the available hardware resources to achieve the fastest possible elliptic curve point multiplication operation. The second architecture, on the other hand, targets a more effective resource utilization by optimizing time-area product. Our hardware designs are especially tailored for the quadratic extension field F22n, with n=127, which allows us to attain a security level close to 128 bits. We explore extensively the usage of digit-based and Karatsuba multipliers for performing the quadratic field arithmetic associated to GLS elliptic curves and report the area and time performance obtained by these two types of multipliers. Targeting a Xilinx Kintex-7 FPGA device, we report on real hardware implementations of our designs, the fastest of which achieves a delay of just 7.97 µs for computing one scalar multiplication on a 1-core design.