Implementation of Elliptic Curve Digital Signature Algorithm (ECDSA) Abdessalem Abidi, Belgacem Bouallegue, Fatma Kahri. Electronics and Microelectronics Laboratory (E.fl.E.L) Faculty of Sciences of Monastir, Tunisia
[email protected]
Abstract
-
The elliptic curve cryptosystems are paid more and
more attention because its key string is shorter and its security is better than other public cryptosystems. The digital signature system based on elliptic curve (ECDSA) is one of the main stream digital signature systems. In this paper, we describe our proposed architecture to implement the ECDSA in FPGAs circuit. This architecture is planned to reach high performance running in FPGAs
circuit.
Synthesis
results
and
relevant
performance
comparisons with related works are presented. Keywords:
Discrete
Cryptography,
Logarithm
Digital
Signature
Problem, Algorithm,
Elliptic Elliptic
Curve Curve
Digital Signature Algorithm.
I.
[NTRODUCTION
With the rapid development of information technology and extensive application of information equipment, information security has become the key of dominating nation and society [1]. Digital signature is one of the techniques that ensure information safety. It plays a vital role in the security of information and communication networks by providing message integrity, authentication and non-repudiation during transmission over any insecure or hostile network based on the public key cryptography. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit [2]. A digital signature is a number dependent on some secret known only to the signer (the signer's private key), and, additionally, on the contents of the message being signed. Signatures must be verifiable: If a dispute arises as to whether an entity signed a document, an unbiased third party should be able to resolve the matter equitably, without requiring access to the signer's private key. Disputes may arise when a signer tries to repudiate a signature it did create, or when a forger makes a fraudulent claim. Digital signature schemes can be used to provide the following basic cryptographic services: data integrity (the assurance that data has not been altered by unauthorized or unknown means), data origin authentication (the assurance that the source of data is as claimed), and non-repudiation (the assurance that an entity cannot deny previous actions or commitments) [3].
and was specified in a U.S.Government Federal Information Processing Standard (F[PS 186) called the Digital Signature Standard (DSS) [4]. It is an efficient variant of the EIGamal digital signature scheme [5] intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and other applications which require data integrity assurance and data authentication. The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the DSA. ECDSA was first proposed in 1992 by Scott Vanstone in response to N[ST's (National Institute of Standards and Technology) request for public comments on their first proposal for DSS. [t was accepted in 1998 as an ISO (International Standards Organization) standard (ISO 14888-3), accepted in 1999 as an ANSI (American National Standards Institute) standard (ANSI X9.62), and accepted in 2000 as an [EEE (Institute of Electrical and Electronics Engineers) standard (IEEE 1363-2000) and a FIPS standard (FIPS 186-3). The remainder of this paper is organized as follows. [n Section 2, we review the digital signature schemes, the hash functions and the ECC. The ECDSA signature algorithm is presented in Section 3. Finally, we show the implementation and results and we compare. II.
A.
BACKGROUND
Hashfunction
All A hash function is a type of cryptographic primitives. Hash algorithms take as input a message of arbitrary length, and produce a hash or message digest as output. This process can be denoted as: h = H (M). Where M is the input message and h is the hash generated by the hash algorithm H. Normally, the size of the hash h is fixed by the algorithm. A cryptographically strong hash function has the following properties: •
One-way property: given a code h, it is computationally infeasible to find an x such that H(x) = h.
•
Weak collision resistance: given a block x, it is computationally infeasible to fmd y such that H(x) = H(y).
•
Strong collision resistance: computationally infeasible to fmd a pair (x, y), x * y, such that H(x) = H(y).
DSA is a system that was proposed in August 1991 by the U.S. National Institute of Standards and Technology (N[ST)
978-1-4799-5627-2/14/$31.00 ©2014 IEEE
B.
Elliptic curve cryptography
Elliptic curves have been studied since the second half of 19th century as geometric algebraic entities without any cryptographic purpose. Application of elliptic curves in public key cryptography was independently proposed by Neals Koblitz [6] and Victor Miller in 1985 [7]. Koblitz and Miller proposed to use an elliptic curve defmed on a fmite field, and to defme a point addition operation such that the points of the elliptic curve and the point addition operation formed an abelian group. On this group, the discrete logarithm problem, called the Elliptic Curve Discrete Logarithm Problem (ECLDP), can be defined and so, a cryptosystem could be built on this problem. The mathematical operations of ECC is defined over the 3 2 3 elliptic curve = x +ax+b , where 4a +27b * 0 . Each value of the 'a' and 'b' gives a different elliptic curve [8]. All points (x, y) which satisfies the above equation plus a point at infmity lies on the elliptic curve. The public key is a point in the curve and the private key is a random number. The public key is obtained by multiplying the private key with the generator point G in the curve. The generator point G, the curve parameters 'a' and 'b', together with few more constants constitutes the domain parameter of ECC. The security of ECC depends on the difficulty of Elliptic Curve Discrete Logarithm Problem. Let P and Q be two points on an elliptic curve such that kP=Q, where k is a scalar. Given P and Q, it is computationally infeasible to obtain k, if k is sufficiently large. k is the discrete logarithm of Q to the base P.Hence the main operation involved in ECC is point multiplication. i.e. multiplication of a scalar k with any point P on the curve to obtain another point Q on the curve [9].
curve defined over Fq, and P is a point of prime order n in E (Fq), q is a prime. Each entity A does the following: •
Select a random integer d in the interval [I, n- I].
•
Compute Q = dP.
•
A's public key is Q, A's private key is d.
b.
ECDSA signature generation operates on several domain parameters, a private key d, and a message m. The outputs are the signature (r, s), Where the signature components r and s are integers, and proceeds as follows. •
Select a random or pseudorandom integer k in the interval [1 ,n -1].
•
Compute kP =xl, yl and R= xl mod n (where xl is regarded as an integer between 0 and q-l). If R= 0 then go back to step I.
•
Compute k-l mod n.
•
Compute S= k-I {h (m) + d.R} mod n, where h is a hash function. If S = 0, then go back to step l.
•
The signature for the message m is the pair of integers (R, S).
l
The figure.1 below presents the operating steps of the ECDSA cryptosystem in signing mode.
I
G
1 I
__ ___________ �
.- -------- --- -
�I
-
Mod
-- - -- - --- --
I
II
d
II
kluU ,.,od n
I
Add mod n
�
'"
fE(m)
I I
ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM
ECDSA description
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the DSA. ECDSA was first proposed in 1992 by Scott Vanstone in response to NIST's (National Institute of Standards and Technology) request for public comments on their first proposal for DSS. The ANSI X9.62 ECDSA, present rationale for some of the design decisions, and discuss related security, implementation, and interoperability issues. The ECDSA has three phases, key generation, signature generation, and signature verification. In our contribution we are interested only in the phase of signature generation. a.
I 1
k..P
'w _____________
R
A.
!
,..._ ...... .- -- - "' - - -- - -- - --- - -- --- � -- - ,
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the digital signature algorithm (DSA) which uses elliptic curve cryptography [10]. In what follows, we will present our proposed architecture for the implementation of this algorithm in FPGAs circuit. Then, we will compare our Synthesis results with related works to put in evidence the performance of our proposed architecture. III.
ECDSA signature generation
ECDSA key generation
An entity A's key pair is associated with a particular set of EC domain parameters D= (q, FR, a, b, G, n, h). E is an elliptic
s
Figure.! The ECDSA cryptosystem in signing mode
Accorded to the figure and the algorithm presented above, we see that the process of signature generation of our crypto processor is based in a hash function. In what follows, we will respectively specify and justify our choice for the hash function to be used in the design of our crypto- processor.
B.
SHA-256 Description
Many hash functions exist, but the problem is the difficulty of knowing their true level of security. If weaknesses are found, it means that data security is not yet assured by the hash function; therefore, it is necessary to replace all the hardware and software implementations, resulting in costly upgrades to the new hash functions estimated safe for the moment.
512 bits
The TABLE.! below presents a comparative study of different hash functions through which we will choose the hash algorithms that will be used in the design of our digital signature algorithm.
512 bits
512 bits • • • • • •
[
M(N)
Padded m.essage
TABLE I COMPARISON OF DIFFERENT HASHING ALGORITHMS Algorithm
Message
Bloc
Word
Hash
(bits)
(bits)
(bits)
(bits)
Figure.3 Message preprocessing: padding
MD5
64
