International Association for Cryptologic Research

International Association
for Cryptologic Research


Neil Costigan


Fast elliptic-curve cryptography on the Cell Broadband Engine
Neil Costigan Peter Schwabe
This paper is the first to investigate the power of the Cell Broadband Engine for state-of-the-art public-key cryptography. We present a high-speed implementation of elliptic-curve Diffie-Hellman (ECDH) key exchange for this processor, which needs 777000 cycles on one Synergistic Processor Unit for a scalar multiplication on a 255-bit elliptic curve, including the costs for key verification and key compression. This cycle count is independent of inputs therefore protecting against timing attacks. This speed relies on a new representation of elements of the underlying finite field suited for the unconventional instruction set of this architecture. Furthermore we demonstrate that an implementation based on the multi-precision integer arithmetic functions provided by IBM's multi-precision math (MPM) library would take at least 9660640 cycles. Comparison with implementations of the same function for other architectures shows that the Cell Broadband Engine is competitive in terms of cost-performance ratio to other recent processors such as the Core 2 for public-key cryptography. Specifically, the state-of-the-art Galbraith-Lin-Scott ECDH software performs 27370 scalar multiplications per second using all four cores of a 2.5GHz Intel Core 2 Quad Q9300 inside a \$400 computer, while the new software reported in this paper performs 24528 scalar multiplications per second on a Playstation 3 that costs just \$279. Both of these speed reports are for high-security 256-bit elliptic-curve cryptography.
Accelerating SSL using the Vector processors in IBM's Cell Broadband Engine for Sony's Playstation 3
Neil Costigan Michael Scott
Recently the major performance chip manufacturers have turned to multi-core technology as a more cost effective alternative to ever increasing clock speeds. IBM have introduced the Cell Broadband Engine (Cell) as their next generation CPU to feed the insatiable appetite modern multimedia and number crunching applications have for processing power. The Cell is the technology at the heart of Sonys Playstation 3. The Cell contains a number of specialist synergistic processor units (SPUs) optimised for multimedia processing and offer a rich programming interface to applications that can make use of the vector processing capabilities. Multiprecision number manipulation for use in cryptography is one such application. This paper explores the implementation and performance gains when using these capabilities for SSL.
Implementing Cryptographic Pairings on Smartcards
Pairings on elliptic curves are fast coming of age as cryptographic primitives for deployment in new security applications, particularly in the context of implementations of Identity-Based Encryption (IBE). In this paper we describe the implementation of various pairings on a contemporary 32-bit smart-card, the Philips Hi{P}er{S}mart\texttrademark , an instantiation of the MIPS-32 based Smart{MIPS}\texttrademark architecture. Three types of pairing are considered, first the standard Tate pairing on a nonsupersingular curve $E(\F_p)$, second the Ate pairing, also on a nonsupersingular curve $E(\F_p)$, and finally the $\eta_T$ pairing on a supersingular curve $E(\F_{2^m})$. We demonstrate that pairings can be calculated as efficiently as classic cryptographic primitives on this architecture, with a calculation time of as little as 0.15 seconds.