Abstract
Binary field ( B F ) multiplication is a basic and important operation for widely used crypto algorithms such as the GHASH function of GCM (Galois/Counter Mode) mode and NIST-compliant binary Elliptic Curve Cryptosystems (ECCs). Recently, Seo et al. proposed a novel SCA-resistant binary field multiplication method in the context of GHASH optimization in AES GCM mode on 8-bit AVR microcontrollers (MCUs). They proposed a concept of Dummy XOR operation with a kind of garbage registers and a concept of instruction level atomicity ( I L A ) for resistance against Timing Analysis (TA) and Simple Power Analysis (SPA) and used a Karatsuba Block-Comb multiplication approach for efficiency. Even though their method achieved a large performance improvement compared with previous works, it still has room for improvement on the 8-bit AVR platform. In this paper, we propose a more improved binary field multiplication method on 8-bit AVR MCUs. Our method basically adopts a Dummy XOR technique using a set of garbage registers for TA and SPA security; however, we save the number of used garbage registers from eight to one by using the fact that the number of used garbage registers does not affect TA and SPA security. In addition, we apply a multiplier encoding approach so as to decrease the number of required registers when accessing the multiplier, which enables the use of extended block size in the Karatsuba Block-Comb multiplication technique. Actually, the proposed technique extends the block size from four to eight and the proposed binary field multiplication method can compute a 128-bit B F multiplication with only 3816 clock cycles ( c c ) (resp. 3490 c c ) with (resp. without) the multiplier encoding process, which is almost a 32.8% (resp. 38.5%) improvement compared with 5675 c c of the best previous work. We apply the proposed technique to the GHASH function of the GCM mode with several additional optimization techniques. The proposed GHASH implementation provides improved performance by over 42% compared with the previous best result. The concept of the proposed B F method can be extended to other MCUs, including 16-bit MSP430 MCUs and 32-bit ARM MCUs.
Highlights
Binary field (BF) multiplication is an important and the most time-consuming arithmetic operation in several widely used cryptographic algorithms, including the Galois/Counter mode (GCM) operation and NIST-compliant binary ECC (Elliptic Curve Cryptosystems)
Our method basically adopts a Dummy XOR technique using a set of garbage registers for Timing Analysis (TA) and Simple Power Analysis (SPA) security; we save the number of used garbage registers from eight to one by using the fact that the number of used garbage registers does not affect TA and SPA security
We have proposed a highly efficient SCA-resistant binary field multiplication method and applied it to the GHASH function of GCM on 8-bit AVR MCUs
Summary
Binary field (BF) multiplication is an important and the most time-consuming arithmetic operation in several widely used cryptographic algorithms, including the Galois/Counter mode (GCM) operation and NIST-compliant binary ECC (Elliptic Curve Cryptosystems). Liu et al showed that LUT-based multiplication methods are vulnerable to horizontal Correlation Power Analysis (CPA) [12] and proposed a masked Block-Comb multiplication method, which does not use any LUT while providing TA and SPA resistance by eliminating a conditional loop in its execution [11] Their method is used for the GCM mode of operation and it computes a 128-bit BF multiplication in 14,445 cc. We can expand the block size of the secure Block-Comb multiplication method from four to eight the same as the known maximum block size on 8-bit AVR MCUs. As a result, we can decrease the number of partial multiplications from nine to three when calculating a field multiplication over GF (2128 ), which results in a large performance improvement
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.