Cryptography Reference
In-Depth Information
to the point ( X / Z , Y / Z 2) in affine coordinates where Z ≠ 0. The point at infinity cor-
responds to = (1, 0, 0). These coordinates are the optimal choice when calculating
point multiplication on binary curves.
Several software implementations of ECC in WSN have been reported (Gura
et al. 2004; Malan et al. 2004; Eberle et al. 2005; Yan and Shi 2006; Szczechowiak
et al. 2008). The advantages of software implementations include ease of use, ease of
upgrade, portability, low development cost, and flexibility. However, in comparison to
hardware implementations, software implementations have some disadvantages, such
as a limited ability to protect private keys from disclosure. In the earlier implementa-
tions, the prime finite field was the main focus of many different ECC implementa-
tions for sensor networks. The choice of the field was dictated by the fact that basic
arithmetic operations can be effectively optimized if pseudo-Mersenne primes are used
in F p . It has been stated that it is difficult to obtain an efficient ECC implementation
over the binary finite field F 2 m on typical sensor platforms (Gura et al. 2004; Wang et
al. 2006; Liu and Ping 2008). Binary fields have not been favored because polynomial
arithmetic (multiplication, in particular) is insufficiently supported by current CPUs.
When comparing binary field arithmetic with a prime field on sensor nodes, the
following misunderstandings about the implementation of ECC over F 2 m on sensor
nodes are noted:
Inefficient field multiplication : The field multiplication in the elliptic curve operation in
F 2 m is regarded as being less efficient than that in F p on low-powered and small word-
sized devices, since it requires partial XOR multiplications, which are not efficiently
supported by current microprocessors, at the instructional level.
Heavy memory requirement for ECDSA : Elliptic Curve Digital Signature Algorithms
(ECDSA) implementations over F 2 m require not only field arithmetic over F 2 m but also
field arithmetic over F p for generating and verifying digital signatures. Thus, it may be
thought that the code size of ECDSA over F 2 m is larger than over F p . Actually, most of
the existing work on F 2 m only implements the Elliptic Curve Diffie Hellman (ECDH)
protocol on sensor nodes. However, the code size of optimized implementations of
ECDSA over F 2 m is comparable to F p .
The security of ECC systems depends on several security parameters discussed in
Section 9.4. Gura et al. (2004) implemented RSA and elliptic curves on 8-bit micro-
controllers (Atmega128 and CC1010) and demonstrated the superiority of ECC over
RSA. The implementation of the standardized RSA and ECC operations were imple-
mented over NIST/ Standards for Efficient Cryptography Group (SECG) F p elliptic
curves (NIST 1999). The RSA operations were accelerated using techniques such as
Montgomery multiplication, Chinese Remainder Theorem (CRT), and Optimized
Squaring. In addition, optimizations were also performed for point multiplication on
elliptic curves over finite prime fields. They used projective coordinates, nonadjacent
forms, and other curve-specific optimizations to improve the performance of ECC.
Additionally, a hybrid multiplication algorithm was also presented that exploited the
Search WWH ::




Custom Search