By Topic

Computers, IEEE Transactions on

Issue 11 • Date Nov. 2008

Filter Results

Displaying Results 1 - 17 of 17
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (100 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (77 KB)  
    Freely Available from IEEE
  • Guest Editors' Introduction to the Special Section on Special-Purpose Hardware for Cryptography and Cryptanalysis

    Page(s): 1441 - 1442
    Save to Project icon | Request Permissions | PDF file iconPDF (77 KB)  
    Freely Available from IEEE
  • High-Performance Architecture of Elliptic Curve Scalar Multiplication

    Page(s): 1443 - 1453
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2182 KB) |  | HTML iconHTML  

    A high performance architecture of elliptic curve scalar multiplication based on the Montgomery ladder method over finite field GF(2m) is proposed. A pseudo-pipelined word serial finite field multiplier with word size w, suitable for the scalar multiplication is also developed. Implemented in hardware, this system performs a scalar multiplication in approximately 6⌈m/w⌉(m−1) clock cycles and the gate delay in the critical path is equal to TAND + ⌈log2(w/k)⌉TXOR, where TAND and TXOR are delays due to two-input AND and XOR gates respectively and 1 ≤ k ≪ w is used to shorten the critical path. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three

    Page(s): 1454 - 1468
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2355 KB) |  | HTML iconHTML  

    Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. Software implementations being rather slow, the study of hardware architectures became an active research area. In this paper, we discuss several algorithms to compute the ηT pairing in characteristic three and suggest further improvements. These algorithms involve addition, multiplication, cubing, inversion, and sometimes cube root extraction over GF(3m). We propose a hardware accelerator based on a unified arithmetic operator able to perform the operations required by a given algorithm. We describe the implementation of a compact coprocessor for the field GF(397) given by GF(3)[x]/(x97+x12+2), which compares favorably with other solutions described in the open literature. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Provably Sublinear Point Multiplication on Koblitz Curves and Its Hardware Implementation

    Page(s): 1469 - 1481
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2281 KB) |  | HTML iconHTML  

    We describe algorithms for point multiplication on Koblitz curves using multiple-base expansions of the form $k = sum pm tau^a (tau-1)^b$ and $k= sum pm tau^a (tau-1)^b (tau^2 - tau - 1)^c.$ We prove that the number of terms in the second type is sublinear in the bit length of $k$, which leads to the first provably sublinear point multiplication algorithm on Koblitz curves. For the first type, we conjecture that the number of terms is sublinear and provide numerical evidence demonstrating that the number of terms is significantly less than that of $tau$-adic non-adjacent form expansions. We present details of an innovative FPGA implementation of our algorithm and performance data demonstrating the efficiency of our method. We also show that implementations with very low computation latency are possible with the proposed method because parallel processing can be exploited efficiently. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks

    Page(s): 1482 - 1497
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (7076 KB) |  | HTML iconHTML  

    Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptanalysis with COPACOBANA

    Page(s): 1498 - 1513
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1750 KB) |  | HTML iconHTML  

    Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. This contribution presents a variety of cryptanalytical applications utilizing the COPACOBANA (Cost-Optimized Parallel Code Breaker) machine which is a high-performance, low-cost cluster consisting of 120 Field Programmable Gate Arrays (FPGA). COPACOBANA appears to be the only such reconfigurable parallel FPGA machine optimized for code breaking tasks reported in the open literature. Depending on the actual algorithm, the parallel hardware architecture can outperform conventional computers by several orders of magnitude. In this work, we will focus on novel implementations of cryptanalytical algorithms, utilizing the impressive computational power of COPACOBANA. We describe various exhaustive key search attacks on symmetric ciphers and demonstrate an attack on a security mechanism employed in the electronic passport. Furthermore, we describe time-memory tradeoff techniques which can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. In addition, we introduce efficient implementations of more complex cryptanalysis on asymmetric cryptosystems, e.g., Elliptic Curve Cryptosystems (ECC) and number co-factorization for RSA. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Elliptic-Curve-Based Security Processor for RFID

    Page(s): 1514 - 1527
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4342 KB) |  | HTML iconHTML  

    RFID (Radio Frequency IDentification) tags need to include security functions, yet at the same time their resources are extremely limited. Moreover, to provide privacy, authentication and protection against tracking of RFID tags without loosing the system scalability, a public-key based approach is inevitable, which is shown by M. Burmester et al. In this paper, we present an architecture of a state-of-the-art processor for RFID tags with an Elliptic Curve (EC) processor over GF(2^163). It shows the plausibility of meeting both security and efficiency requirements even in a passive RFID tag. The proposed processor is able to perform EC scalar multiplications as well as general modular arithmetic (additions and multiplications) which are needed for the cryptographic protocols. As we work with large numbers, the register file is the most critical component in the architecture. By combining several techniques, we are able to reduce the number of registers from 9 to 6 resulting in EC processor of 10.1K gates. To obtain an efficient modulo arithmetic, we introduce a redundant modular operation. Moreover the proposed architecture can support multiple cryptographic protocols. The synthesis results with a 0.13 um CMOS technology show that the gate area of the most compact version is 12.5K gates. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Double-Data-Rate Computation as a Countermeasure against Fault Analysis

    Page(s): 1528 - 1539
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1826 KB) |  | HTML iconHTML  

    Differential Fault Analysis (DFA) is one of the most powerful techniques to attack cryptosystems. Several countermeasures have been proposed, which are based either on information or temporal redundancy. In this work, we propose a novel approach based on a Double-Data-Rate (DDR) computation template. A few sample architectures have been implemented: they are compared to other existing architectures and countermeasures, and a thorough dependability analysis is given. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection Circuit against Differential Power Analysis Attacks for Smart Cards

    Page(s): 1540 - 1549
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3317 KB) |  | HTML iconHTML  

    In this paper, we present a circuit that protects smart cards against differential power analysis attacks. The circuit is based on a current flattening technique, is designed using a standard 0.18-µm CMOS technology, and can be integrated on the same die or in the same package with the smart card microcontroller. We evaluate the current flattening performance and the effectiveness of the protection against differential power analysis attacks. Our analysis is based on transistor-level simulations in Cadence environment using experimental current traces collected from an 8-bit microcontroller for smart cards executing DES encryptions. The proposed circuit effectively protects against differential power analysis attacks with small chip area overhead and limited increased power consumption during the encryption cycles. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Novel Table Lookup-Based Algorithms for High-Performance CRC Generation

    Page(s): 1550 - 1560
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1777 KB) |  | HTML iconHTML  

    A framework for designing a family of novel fast CRC generation algorithms is presented. Our algorithms can ideally read arbitrarily large amounts of data at a time, while optimizing their memory requirement to meet the constraints of specific computer architectures. In addition, our algorithms can be implemented in software using commodity processors instead of specialized parallel circuits. We use this framework to design two efficient algorithms that run in the popular Intel IA32 processor architecture. First, a 'slicing-by-4' algorithm doubles the performance of existing software-based, table-driven CRC implementations based on the Sarwate [12] algorithm while using a 4K cache footprint. Second, a 'slicing-by-8' algorithm triples the performance of existing software-based CRC implementations while using an 8K cache footprint. Whereas well-known software- based CRC implementations compute the current CRC value from a bit-stream reading 8 bits at a time, our algorithms read 32 and 64 bits at a time respectively. The slicing-by-8 source code is freely available for experimentation and can be found at: http://sourceforge.net/projects/slicing-by-8 View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient Approximate Wordlength Optimization

    Page(s): 1561 - 1570
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1652 KB) |  | HTML iconHTML  

    In this paper, the problem of bounding the performance of good wordlength combinations for fixed-point digital signal processing flowgraphs is addressed. By formulating and solving an approximate optimization problem, a lower bounding curve on attainable cost/quality combinations is rapidly calculated. This curve and the associated wordlength combinations are useful in several situations, and can serve as starting points for real design searches. A detailed design example that utilizes these concepts is given. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Configurable Flash-Memory Management: Performance versus Overheads

    Page(s): 1571 - 1583
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3869 KB) |  | HTML iconHTML  

    Flash memory is widely adopted in various consumer products for information storage, especially for embedded systems. With strong demands on product designs for overhead control and performance requirements, vendors must have an effective design for the mapping of logical block addresses (LBA's) and physical addresses of data over flash memory. This paper targets such an essential issue by proposing a configurable mapping method that could trade the main-memory overhead with the system performance under the best needs of vendors. A series of experiments is conducted to provide insights on different configurations and the proposed method, compared to existing implementations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Build Your Career in Computing [advertisement]

    Page(s): 1584
    Save to Project icon | Request Permissions | PDF file iconPDF (84 KB)  
    Freely Available from IEEE
  • TC Information for authors

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (77 KB)  
    Freely Available from IEEE
  • [Back cover]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (100 KB)  
    Freely Available from IEEE

Aims & Scope

The IEEE Transactions on Computers is a monthly publication with a wide distribution to researchers, developers, technical managers, and educators in the computer field.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Albert Y. Zomaya
School of Information Technologies
Building J12
The University of Sydney
Sydney, NSW 2006, Australia
http://www.cs.usyd.edu.au/~zomaya
albert.zomaya@sydney.edu.au