Abstract

Elliptic curve cryptography invented in the 1980's and the Advanced Encryption Standard (AES) standardized in 2002 have become important research topics in security because the advances in modern computing systems have allowed attacks on older cryptographic schemes to be achieved in a shorter period of time. Elliptic curve cryptography is the fundamental mathematical building block for elliptic curve cryptosystems. Elliptic curve cryptosystems are expected to replace the aging RSA cryptosystem which is currently deployed in e-commerce, banking, secure voice over Internet protocol (VoIP), secure sockets layer (SSL), and virtual private network (VPN). Likewise, the AES cryptosystem has replaced the aging Data Encryption Standard (DES) and Triple-DES cryptosystems found in similar applications. In the future, Internet protocol television (IPTV), and secure voice and video over Internet protocol (V ²oIP) are expected to require these newer cryptosystems. Due to the nature of a broad range of applications from secure VoIP to e-commerce, each application requires different elliptic curve cryptographic accelerators and AES accelerators to meet its particular design constraints.

This thesis considers various VLSI implementation issues of AES and elliptic curve cryptography accelerators for Galois fields defined by large primes (p) represented as GF(p) and Galois fields defined by irreducible polynomials of degree (m ) represented by GF(2^m) and develops novel approaches to improving performance, reducing area, implementing reconfigurable architecture design, and designing for side channel attack resistance.

We implemented two reconfigurable elliptic curve cryptography accelerators. One was designed for low power applications while the other was designed for high throughput applications. They achieved speedups of 1.24 and 56 respectively. Then, we investigated the area time complexity tradeoff for various implementation approaches to elliptic curve cryptography accelerator implementations. We found that a designer can indeed approximate the required area for a given performance requirement before implementation due to the O(m3) area-time product. We investigated high performance reconfigurable systems for changing the reduction polynomial in GF(2^m) and determined that an approach based on systematic reduction performed best (approximately 37% faster than Barrett or Montgomery reduction).

We propose a novel greedy dual base decomposition algorithm for pre-computation of the scalar in the scalar point multiplication method. This method achieves a significant performance improvement (up to 31%) over standard approaches.

We propose a novel side channel resistant least significant bit (LSB) invariant scalar point multiplication method that can use pre-computation to reduce the complexity for multiple scalar point multiplications on the same base point. It can achieve performance of almost twice the speed of Montgomery's invariant method. We proposed a novel fault tolerant parity prediction method for the AES substitution box based on composite fields that reduces the logic complexity by 70 to 80%. We proposed a novel metric for side channel resistance that shows the relationship between the mean and the standard deviation when achieving 2⁸⁰ level security.