International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Fast elliptic-curve cryptography on the Cell Broadband Engine

Authors:
Neil Costigan
Peter Schwabe
Download:
URL: http://eprint.iacr.org/2009/016
Search ePrint
Search Google
Abstract: This paper is the first to investigate the power of the Cell Broadband Engine for state-of-the-art public-key cryptography. We present a high-speed implementation of elliptic-curve Diffie-Hellman (ECDH) key exchange for this processor, which needs 777000 cycles on one Synergistic Processor Unit for a scalar multiplication on a 255-bit elliptic curve, including the costs for key verification and key compression. This cycle count is independent of inputs therefore protecting against timing attacks. This speed relies on a new representation of elements of the underlying finite field suited for the unconventional instruction set of this architecture. Furthermore we demonstrate that an implementation based on the multi-precision integer arithmetic functions provided by IBM's multi-precision math (MPM) library would take at least 9660640 cycles. Comparison with implementations of the same function for other architectures shows that the Cell Broadband Engine is competitive in terms of cost-performance ratio to other recent processors such as the Core 2 for public-key cryptography. Specifically, the state-of-the-art Galbraith-Lin-Scott ECDH software performs 27370 scalar multiplications per second using all four cores of a 2.5GHz Intel Core 2 Quad Q9300 inside a \$400 computer, while the new software reported in this paper performs 24528 scalar multiplications per second on a Playstation 3 that costs just \$279. Both of these speed reports are for high-security 256-bit elliptic-curve cryptography.
BibTeX
@misc{eprint-2009-18227,
  title={Fast elliptic-curve cryptography on the Cell Broadband Engine},
  booktitle={IACR Eprint archive},
  keywords={implementation / Cell Broadband Engine, elliptic-curve cryptography (ECC), efficient implementation},
  url={http://eprint.iacr.org/2009/016},
  note={ peter@cryptojedi.org 14265 received 7 Jan 2009, last revised 21 Jan 2009},
  author={Neil Costigan and Peter Schwabe},
  year=2009
}