|
My Publications
| THESIS |
| Kumar, S.S. (2006), "Elliptic Curve Cryptography for Constrained Devices". Ph.D Thesis. University: Ruhr-University Bochum. Bochum, Germany, June, 2006.
[Abstract] [BibTeX] [DOI] [URL] [PDF]
|
| Abstract: There is a re-emerging demand for low-end devices such as 8-bit processors, driven by needs for pervasive applications like sensor networks and RF-ID tags. Security in pervasive applications, however, has been a major concern for their widespread acceptance. Public-key cryptosystems (PKC) like RSA and DSA generally involve computation-intensive arithmetic operations with operand sizes of 1024 - 2048 bits, making them impractical on such constrained devices. Elliptic Curve Cryptography (ECC) which has emerged as a viable alternative is a favored public-key cryptosystem for embedded systems due to its small key size, smaller operand length, and comparably low arithmetic requirements. However, implementing full-size, standardized ECC on 8-bit processors is still a major challenge and normally considered to be impracticable for small devices which are constrained in memory and computational power. The thesis at hand is a step towards showing the practicability of PKC and in particular ECC on constrained devices. We leverage the flexibility that ECC provides with the different choices for parameters and algorithms at different hierarchies of the implementation. First a secure key exchange using PKC on a low-end wireless device with the computational power of a widely used 8-bit 8051 processor is presented. An Elliptic Curve Di±e-Hellman (ECDH) protocol is implemented over 131-bit Optimal Extension Field (OEF) purely in software. A secure end-to-end connection in an acceptable time of 3 seconds is shown to be possible on such constrained devices without requiring a cryptographic coprocessor. We also investigate the potential of software/hardware co-design for architectural enhancements including instruction set extensions for low-level arithmetic used in ECC, most notably to speed-up multiplication in the finite fields. We show that a standard compliant 163-bit point multiplication can be computed in 0.113 sec on an 8-bit AVR micro-controller running at 4 Mhz (a typical representative for a low-cost pervasive pro- cessor) with minimal additional hardware extensions. Our design not only accelerates the computation by a factor of more than 30 compared to a software-only solution, it also reduces the code-size and data-RAM. Two new custom instructions for the MIPS 32-bit processor architecture are also proposed to accelerate the reduction modulo a pseudo Mersenne prime. We also show that the e±ciency of multiplication in an OEF can be improved by a modiŻed multiply and accumulate unit with a wider accumula- tor. The proposed architectural enhancements achieve a speed-up factor of 1.8 on the MIPS processor. In addition, different architectural enhancements and optimal digit-size choices for the Least Significant Digit (LSD) multiplier for binary fields are presented. The two di®erent architectures, the Double Accumulator Multiplier (DAM) and N-Accumulator Multiplier (NAM) are both faster compared to traditional LSD multipliers. Later, an area/time e±cient ECC processor architecture (for the OEFs of size 169, 289 and 361 bits) which performs all finite field arithmetic operations in the discrete Fourier domain is described. We show that a small optimized implementation of ECC processor with 24k equivalent gates on a 0.35um CMOS process can be realized for 169-bit curve using the novel multiplier design. Finally we also present a highly area optimized ASIC implementation of the ECC processor for various standard compliant binary curves ranging from 133 - 193 bits. An area between 10k and 18k gates on a 0.35um CMOS process is possible for the different curves which makes the design very attractive for enabling ECC in constrained devices. |
BibTeX:
@phdthesis{T-Kumar06,
author = {S. S. Kumar},
title = {Elliptic Curve Cryptography for Constrained Devices},
school = {Ruhr-University Bochum},
year = {2006},
url = {http://www-brs.ub.ruhr-uni-bochum.de/netahtml/HSS/Diss/KumarSandeepS/diss.pdf},
doi = {http://nbn-resolving.de/urn/resolver.pl?urn=urn:nbn:de:hbz:294-17499}
}
|
| JOURNALS |
| Guajardo, J., Škorić, B., Tuyls, P., Kumar, S., Bel, T., Blom, A. & Schrijen, G.-J. (2008), "Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions",
Information Systems Frontiers, Kluwer Academic Publishers, vol. 11, no. 1,
pp. 19-41, March 2009. [Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices. |
BibTeX:
@article{A-GT+,
author = {Guajardo, Jorge and Škorić, Boris and Tuyls, Pim and Kumar, Sandeep and Bel, Thijs and Blom, Antoon and Schrijen, Geert-Jan},
title = {Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions},
journal = {Information Systems Frontiers},
year = {2009},
volume = {11},
pages = {19--41},
number = {1},
month = {March},
issn = {1387-3326},
publisher = {Kluwer Academic Publishers},
doi = {http://dx.doi.org/10.1007/s10796-008-9142-z}
}
|
| Bakt?r, S., Kumar, S., Paar, C. & Sunar, B. (2007), "A State-of-the-art Elliptic Curve Cryptographic Processor Operating in the Frequency Domain", Mobile Networks and Applications. Vol. 12(4), pp. 259-270.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: We propose a novel area/time efficient elliptic curve cryptography (ECC) processor architecture which performs all finite field arithmetic operations in the discrete Fourier domain. The proposed architecture utilizes a class of optimal extension fields (OEF) GF(q m ) where the field characteristic is a Mersenne prime q = 2 n - 1 and m = n. The main advantage of our architecture is that it achieves extension field modular multiplication in the discrete Fourier domain with only a linear number of base field GF(q) multiplications in addition to a quadratic number of simpler operations such as addition and bitwise rotation. We achieve an area between 25k and 50k equivalent gates for the implementations over OEFs of size 169, 289 and 361 bits. With its low area and high speed, the proposed architecture is well suited for ECC in small device environments such as sensor networks. The work at hand presents the first hardware implementation of a frequency domain multiplier suitable for ECC and the first hardware implementation of ECC in the frequency domain. |
BibTeX:
@article{A-BKP+07,
author = {Bakt?r, Selçuk and Kumar, Sandeep and Paar, Christof and Sunar, Berk},
title = {A State-of-the-art Elliptic Curve Cryptographic Processor Operating in the Frequency Domain},
journal = {Mobile Networks and Applications},
year = {2007},
volume = {12},
number = {4},
pages = {259--270},
doi = {http://dx.doi.org/10.1007/s11036-007-0022-4}
}
|
| Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A. & Uhsadel, L. (2007), "A Survey of Lightweight Cryptography Implementations", IEEE Design and Test of Computers -- Special Issue on Secure ICs for Secure Embedded Computing. Los Alamitos, CA, USA, November/December, 2007. Vol. 24(6), pp. 522 - 533. IEEE Computer Society.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Editor’s note: The tight cost and implementation constraints of high-volume products, including secure RFID tags and smart cards, require specialized cryptographic implementations. The authors review recent developments in this area for symmetric and asymmetric ciphers, targeting embedded hardware and software. —Patrick Schaumont, Virginia Tech |
BibTeX:
@article{A-EKP+07,
author = {Eisenbarth, Thomas and Kumar, Sandeep and Paar, Christof and Poschmann, Axel and Uhsadel, Leif},
title = {A Survey of Lightweight Cryptography Implementations},
journal = {IEEE Design and Test of Computers -- Special Issue on Secure ICs for Secure Embedded Computing},
publisher = {IEEE Computer Society},
year = {2007},
volume = {24},
number = {6},
pages = {522 -- 533},
doi = {http://dx.doi.org/10.1109/MDT.2007.178}
}
|
| Kumar, S., Wollinger, T. & Paar, C. (2006), "Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography", IEEE Transactions on Computers., Oct. , 2006. Vol. 55(10), pp. 1306-1311.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Digit serial multipliers are used extensively in hardware implementations of elliptic and hyperelliptic curve cryptography. This contribution shows different architectural enhancements in least significant digit (LSD) multiplier for binary fields GF(2m). We propose two different architectures, the double accumulator multiplier (DAM) and N-accumulator multiplier (NAM), which are both faster compared to traditional LSD multipliers. Our evaluation of the multipliers for different digit sizes gives optimum choices and shows that currently used digit sizes are the worst possible choices. Hence, one of the most important results of this contribution is that digit sizes of the form 2l - 1, where l is an integer, are preferable for the digit multipliers. Furthermore, one should always use the NAM architecture to get the best timings. Considering the time area product DAM or NAM gives the best performance depending on the digit size |
BibTeX:
@article{A-KWP,
author = {Sandeep Kumar and Wollinger, T. and Paar, C.},
title = {Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography},
journal = {IEEE Transactions on Computers},
year = {2006},
volume = {55},
number = {10},
pages = {1306-1311},
doi = {http://dx.doi.org/10.1109/TC.2006.165}
}
|
| Guajardo, J., Güneysu, T., Kumar, S., Paar, C. & Pelzl, J. (2006), "Efficient Hardware Implementation of Finite Fields with Applications to Cryptography", Acta Applicandae Mathematicae: An International Survey Journal on Applying Mathematics and Mathematical Applications. Vol. 93(1), pp. 75-118.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: The paper presents a survey of most common hardware architectures for finite field arithmetic especially suitable for cryptographic applications. We discuss architectures for three types of finite fields and their special versions popularly used in cryptography: binary fields, prime fields and extension fields. We summarize algorithms and hardware architectures for finite field multiplication, squaring, addition/subtraction, and inversion for each of these fields. Since implementations in hardware can either focus on high-speed or on area-time efficiency, a careful choice of the appropriate set of architectures has to be made depending on the performance requirements and available area. |
BibTeX:
@article{A-GGK+06,
author = {Guajardo, Jorge and Güneysu, Tim and Kumar, Sandeep and Paar, Christof and Pelzl, Jan},
title = {Efficient Hardware Implementation of Finite Fields with Applications to Cryptography},
journal = {Acta Applicandae Mathematicae: An International Survey Journal on Applying Mathematics and Mathematical Applications},
year = {2006},
volume = {93},
number = {1},
pages = {75--118},
doi = {http://dx.doi.org/10.1007/s10440-006-9072-z}
}
|
| Guajardo, J., Kumar, S., Paar, C. & Pelzl, J. (2006), "Efficient Software-Implementation of Finite Fields with Applications to Cryptography", Acta Applicandae Mathematicae: An International Survey Journal on Applying Mathematics and Mathematical Applications. Vol. 93(1), pp. 3-32.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: In this work, we present a survey of efficient techniques for software implementation of finite field arithmetic especially suitable for cryptographic applications. We discuss different algorithms for three types of finite fields and their special versions popularly used in cryptography: Binary fields, prime fields and extension fields. Implementation details of the algorithms for field addition/subtraction, field multiplication, field reduction and field inversion for each of these fields are discussed in detail. The efficiency of these different algorithms depends largely on the underlying micro-processor architecture. Therefore, a careful choice of the appropriate set of algorithms has to be made for a software implementation depending on the performance requirements and available resources. |
BibTeX:
@article{A-GKP+06,
author = {Guajardo, Jorge and Kumar, Sandeep and Paar, Christof and Pelzl, Jan},
title = {Efficient Software-Implementation of Finite Fields with Applications to Cryptography},
journal = {Acta Applicandae Mathematicae: An International Survey Journal on Applying Mathematics and Mathematical Applications},
year = {2006},
volume = {93},
number = {1},
pages = {3--32},
doi = {http://dx.doi.org/10.1007/s10440-006-9046-1}
}
|
|
| BOOKS and BOOK CHAPTERS |
| Kumar, S.S. (2008), "Elliptic Curve Cryptography for Constrained Devices: Algorithms, Architectures, and Practical Implementations" Germany, August, 2008. , pp. 160. VDM Verlag.
[Abstract] [BibTeX] [URL]
|
| Abstract: This book is a step towards showing the practicability of Public Key Cryptography (PKC) and in particular Elliptic Curve Cryptography (ECC) on low-end constrained devices like sensor nodes andRF-ID chips. The book presents the flexibility thatECC provides in the choice of parameters and algorithms at different hierarchies for efficient implementations on constrained platforms like 8-bitmicro-processors. Architectural enhancements with software/hardware co-design including instruction set extensions were investigated for low-level finite field arithmetic used in ECC. Finally, a highly area optimized ASIC implementation of an ECC co-processor using standard 0.35um CMOS libraries is presented using an innovative arithmetic and architectural design.The book is intended for students and researchers involved in realizing practical public-keycryptographic implementations on constrained devicesused in ambient intelligent (AmI) environments,sensor networks and RF-ID applications. |
BibTeX:
@book{B-Kumar08,
author = {Sandeep S. Kumar},
title = {Elliptic Curve Cryptography for Constrained Devices: Algorithms, Architectures, and Practical Implementations},
publisher = {VDM Verlag},
year = {2008},
pages = {160},
url = {http://www.amazon.com/Elliptic-Curve-Cryptography-Constrained-Devices/dp/3639068599}
}
|
| Kumar, S. & Wollinger, T. (2006), "Fundamentals of Symmetric Cryptography", In Embedded Security in Cars. , pp. 125-143. Springer Berlin Heidelberg.
[Abstract] [BibTeX] [DOI]
|
| Abstract: It is widely recognized that data security will play a central role not only in the design of future IT systems, but also in all kind of systems in which electronic data are exchanged. Cryptology is the main tool to realize data security. Cryptographic primitives will not only secure the data communication, but will provide safety and reliability of the given system. The latter is sometimes far more important for certain applications which involve automated control based on the data communication between different devices. Cryptology provides two different kinds of algorithms, namely symmetric and asymmetric (public-key) algorithms. This chapter gives an introduction to symmetric key cryptography and its subgroups — block ciphers and stream ciphers. We also provide short descriptions of the most commonly used algorithms in industry: DES and AES. We will focus on their special properties from an implementation point of view. Major concentration will be on software and hardware implementations of DES, 3-DES, AES and different modes of operations of block ciphers so that they can be used also as stream ciphers. |
BibTeX:
@incollection{IC-KW06,
author = {Kumar, Sandeep and Wollinger, Thomas},
title = {Fundamentals of Symmetric Cryptography},
booktitle = {Embedded Security in Cars},
publisher = {Springer Berlin Heidelberg},
year = {2006},
pages = {125--143},
doi = {http://dx.doi.org/10.1007/3-540-28428-1_8}
}
|
| Wollinger, T. & Kumar, S. (2006), "Fundamentals of Asymmetric Cryptography", In Embedded Security in Cars. , pp. 145-165. Springer Berlin Heidelberg.
[Abstract] [BibTeX] [DOI]
|
| Abstract: Cryptology provides two different flavors of algorithms, namely symmetric and asymmetric (public-key) algorithms. This contribution deals with asymmetric algorithms. |
BibTeX:
@incollection{IC-WK06,
author = {Wollinger, Thomas and Kumar, Sandeep},
title = {Fundamentals of Asymmetric Cryptography},
booktitle = {Embedded Security in Cars},
publisher = {Springer Berlin Heidelberg},
year = {2006},
pages = {145--165},
doi = {http://dx.doi.org/10.1007/3-540-28428-1_9}
}
|
|
| INTERNATIONAL CONFERENCES |
| Guajardo, J., Guneysu, T., Kumar, S. S., and Paar, C., "Secure IP-block distribution for hardware devices", In IEEE International Workshop on Hardware-Oriented Security and Trust, 2009 -- HOST 2009. July 2009, pp. 82-89.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: EDA vendors have proposed a standard for the sharing of IP among vendors to be used in the design and development of IP for FPGAs. Although, we do not propose any attacks, we show that there are easy ways in which the security of the whole process can be enhanced by using standard cryptographic techniques such as secret sharing and public-key based key exchange. We also explore the advantages that newer primitives have such as All-Or-Nothing Transforms and Physical Unclonable Functions. We show that the protocols proposed would significantly reduce the effects that the leakage of a single key would have over the whole system. |
BibTeX:
@INPROCEEDINGS{PA-GGK+09,
author = {Jorge Guajardo and Tim Guneysu and Sandeep S. Kumar and Christof Paar},
title = {Secure IP-block distribution for hardware devices},
booktitle = {IEEE International Workshop on Hardware-Oriented Security and Trust},
year = {2009},
pages = {82-89},
month = {July},
publisher = {IEEE Computer Society},
isbn = {978-1-4244-4805-0}
doi = {http://doi.ieeecomputersociety.org/10.1109/HST.2009.5224965},
}
|
| Kumar, S. S., and Koster, P., "Portable Reputation: Proving Ownership Across Portals", In Proc. of the European Context Awareness and Trust 2009 (EuroCAT09),
3rd Workshop on Combining Context with Trust, Security, and Privacy. Sept 2009, pp. 21-30.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: User reputation has become a valuable commodity for enabling trusted transactions on the Internet especially with strangers in virtual communities. However, the reputation information about the various users are normally locked-up in the silos of different web-portals where the members interact. This effectively creates multiple reputation ratings for the same user, each one painstakingly built over a long time at each web-portal. Though this status quo is favorable for established webportals as it enables them to lock-in their customers, consumers have a strong interest in a portable reputation system that allows them to cross the boundaries of the competing portals. In this paper, we present a portable reputation mechanism which is managed by the users on their own with minimal co-operation from the web-portals. This method enables a user to combine from various portals the reputation information of others, which are proven to belong to them in a reliable and cryptographically secure way. Users can appropriately weigh the reputation from different web-portals according to their individual choice and trust in the different web-portals. The solution has the advantage that it does not require any unified reputation rating framework implemented by all web-portals. Additionally the cryptographic binding is constructed such that it prevents users to form a coalition and share their good reputation ratings among them. |
BibTeX:
@INPROCEEDINGS{PA-KK09,
author = {Sandeep S. Kumar and Paul Koster},
title = {Portable Reputation: Proving Ownership Across Portals},
booktitle = {Proc. of the European Context Awareness and Trust 2009 (EuroCAT09),
3rd Workshop on Combining Context with Trust, Security, and Privacy},
year = {2009},
volume = {504},
pages = {21--30},
month = {September},
publisher = {CEUR Workshop Proceedings},
doi = {http://ceur-ws.org/Vol-504/}
}
|
| Kumar, S., Guajardo, J., Maes, R., Schrijen, G.-J. & Tuyls, P., "The butterfly PUF protecting IP on every FPGA", In IEEE International Workshop on Hardware-Oriented Security and Trust, 2008 -- HOST 2008. June 2008., pp. 67-70.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: IP protection of hardware designs is the most important requirement for many FPGA IP vendors. To this end, various solutions have been proposed by FPGA manufacturers based on the idea of bitstream encryption. An alternative solution was advocated in (E. Simpson and P. Schaumont, 2006). Simpson and Schaumont proposed a new approach based on physical unclonable functions (PUFs) for IP protection on FPGAs. PUFs are a unique class of physical systems that extract secrets from complex physical characteristics of the integrated circuits which along with the properties of unclonability provide a highly secure means of generating volatile secret keys for cryptographic operations. However, the first practical PUF on an FPGA was proposed only later in (J. Guajardo et al., 2007) based on the startup values of embedded SRAM memories which are intrinsic in some of the current FPGAs. The disadvantage of these intrinsic SRAM PUFs is that not all FPGAs support uninitialized SRAM memory. In this paper, we propose a new PUF structure called the butterfly PUF that can be used on all types of FPGAs. We also present experimental results showing their identification and key generation capabilities. |
BibTeX:
@inproceedings{PA-KGM+08,
author = {Kumar, S.S. and Guajardo, J. and Maes, R. and Schrijen, G.-J. and Tuyls, P.},
title = {Extended abstract: The butterfly PUF protecting IP on every FPGA},
booktitle = {IEEE International Workshop on Hardware-Oriented Security and Trust, 2008 -- HOST 2008.},
year = {2008},
pages = {67-70},
doi = {http://dx.doi.org/10.1109/HST.2008.4559053}
}
|
| Asim, M., Guajardo, J., Kumar, S.S. & Tuyls, P. (2008), "Physical Unclonable Functions and Their Applications to Vehicle System Security", In 6th escar - Embedded Security in Cars. Hambury, Germany, November, 2008.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: In recent years, there has been a tremendous increase in the usage of IT based systems in vehicles, with predictions that in the near future, more than 90% of innovations in the automotive sector will be centered on IT software and hardware. However, innovation also means that IP is created, which is valuable to third (potentially) untrusted and malicious parties. In particular, automobiles are already suffering from security issues, such as illegal copying of software intellectual property (IP), counterfeiting of electronic components, illegal tampering with digital data inside the electronic control units (ECUs), etc. Recently Physical Unclonable Functions (PUFs) attracted significant interest for numerous applications such as protection of software and hardware IPs, secure key storages and components identification, to name a few. In this paper, we describe how PUFs can be used for secure key storage, component identi�cation, and IP protection in vehicle applications. In addition, the suitability of PUFs for vehicle insurance applications is explained. |
BibTeX:
@conference{C-AGK+08,
author = {Muhammad Asim and Jorge Guajardo and Sandeep S. Kumar and Pim Tuyls,},
title = {Physical Unclonable Functions and Their Applications to Vehicle System Security},
booktitle = {6th escar - Embedded Security in Cars},
year = {2008},
url = {https://www.escar.info/de/program/}
}
|
| Guajardo, J., Kumar, S., Schrijen, G.-J. & Tuyls, P. (2008), "Brand and IP protection with physical unclonable functions", In IEEE International Symposium on Circuits and Systems, 2008. ISCAS 2008. May 2008., pp. 3186-3189.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: In this paper we provide an overview of physical unclonable functions and explain why they are a very valuable technology to protect a company's IP and hence at the same time its brand. Physical unclonable functions are unclonable physical structures that map challenges to responses. They inherit their unclonability from the (deep sub-micron) process variations during manufacturing. They can be turned into a useful tool to generate very secure secret keys in ICs and to provide keys to protect valuable IP of fabless IC companies, IP Vendors and design houses. We will present several examples and explain cryptographic algorithms and protocols to use them in IP protection applications. |
BibTeX:
@inproceedings{PA-GKS+08,
author = {Guajardo, J. and Kumar, S.S. and Schrijen, G.-J. and Tuyls, P.},
title = {Brand and IP protection with physical unclonable functions},
booktitle = {IEEE International Symposium on Circuits and Systems, 2008. ISCAS 2008},
year = {2008},
pages = {3186-3189},
doi = {http://dx.doi.org/10.1109/ISCAS.2008.4542135}
}
|
| Guajardo, J., Kumar, S. & Tuyls, P. (2008), "Key Distribution for Wireless Sensor Networks and Physical Unclonable Functions", In SECSI - Secure Component and System Identification. Berlin, Germany, March, 2008.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment in sensor networks based on the use of Physical Unclonable Functions (PUFs). In particular, we show how the properties of Fuzzy Extrac- tors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. |
BibTeX:
@conference{PA-GKT08,
author = {J. Guajardo and S. Kumar and P. Tuyls},
title = {Key Distribution for Wireless Sensor Networks and Physical Unclonable Functions},
booktitle = {SECSI - Secure Component and System Identification},
year = {2008},
url = {http://www.secsi-workshop.org/}
}
|
| Guajardo, J., Kumar, S., Schrijen, G.-J. & Tuyls, P. (2007), "Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection", In Field Programmable Logic and Applications, 2007. FPL 2007. International Conference on. Aug. 2007., pp. 189-195.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. To this end solutions have been proposed based on the idea of bitstream encryption, symmetric-key primitives, and the use of physical unclonable functions (PUFs). In this paper, we propose new protocols for the IP protection problem on FPGAs based on public-key (PK) cryptography, analyze the advantages and costs of such an approach, and describe a PUF intrinsic to current FPGAs based on SRAM properties. A major advantage of using PK-based protocols is that they do not require the private key stored in the FPGA to leave the device, thus increasing security. This added security comes at the cost of additional hardware resources but it does not cause significant performance degradation. |
BibTeX:
@inproceedings{PA-GKS+07,
author = {Guajardo, J. and Kumar, S.S. and Schrijen, G.-J. and Tuyls, P.},
title = {Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection},
booktitle = {Field Programmable Logic and Applications, 2007. FPL 2007. International Conference on},
year = {2007},
pages = {189-195},
doi = {http://dx.doi.org/10.1109/FPL.2007.4380646}
}
|
| Guajardo, J., Kumar, S., Schrijen, G.-J. & Tuyls, P. (2007), "FPGA Intrinsic PUFs and Their Use for IP Protection", In Cryptographic Hardware and Embedded Systems - CHES 2007., pp. 63-80.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor. |
BibTeX:
@inproceedings{PA-GKS+07a,
author = {Guajardo, Jorge and Kumar, Sandeep and Schrijen, Geert-Jan and Tuyls, Pim},
title = {FPGA Intrinsic PUFs and Their Use for IP Protection},
booktitle = {Cryptographic Hardware and Embedded Systems - CHES 2007},
year = {2007},
pages = {63--80},
doi = {http://dx.doi.org/10.1007/978-3-540-74735-2_5}
}
|
| Guajardo, J., Kerins, T., Kumar, S.S. & Tuyls, P. (2007), "Finite Field Multipliers for Ultra-Constrained Environments", In 2nd Benelux Workshop on Information and System Security - WISSec. Luxembourg city, Luxembourg, September, 2007.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: This work introduces a new finite field multiplier based on a modification of the standard Most Significant Digit Element (MSDE) first multiplier introduced in [25]. The modification results in a slight improvement in the area complexity of the multiplier when compared to the work in [5] and in a significant reduction in the critical path of the multiplier. We provide estimates for the area and time complexities of the multiplier. We conclude that the presented design is well suited for implementations of ECC that target ultra-constrained environments such as RFID tags and sensor nodes. |
BibTeX:
@conference{PA-GKK+07,
author = {J. Guajardo and T. Kerins and S. S. Kumar and P. Tuyls},
title = {Finite Field Multipliers for Ultra-Constrained Environments},
booktitle = {2nd Benelux Workshop on Information and System Security - WISSec},
year = {2007},
url = {http://wissec2007.uni.lu/program.html}
}
|
| Guajardo, J., Kumar, S.S., Schrijen, G.-J. & Tuyls, P. (2007), "FPGA Intrinsic PUFs and Their Use for IP Protection", In 2nd Benelux Workshop on Information and System Security - WISSec. Luxembourg city, Luxembourg, September, 2007.
[BibTeX] [URL]
|
BibTeX:
@conference{PA-GKS+07b,
author = {Jorge Guajardo and Sandeep S. Kumar and Geert-Jan Schrijen and Pim Tuyls},
title = {FPGA Intrinsic PUFs and Their Use for IP Protection},
booktitle = {2nd Benelux Workshop on Information and System Security - WISSec},
year = {2007},
url = {http://wissec2007.uni.lu/program.html}
}
|
| Guajardo, J., Kumar, S.S., Kursawe, K., Schrijen, G.-J. & Tuyls, P. (2007), "Intrinsic Physical Unclonable Functions in Field Programmable Gate Arrays", In ISSE/SECURE 2007 Securing Electronic Business Processes. , pp. 313-321. Vieweg.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: In today’s globalized economy, it has become standard business practice to include third party Intellectual Property (IP) into products. However, licensing IP to third parties forces IP vendors to ensure that they can generate revenue from their internally developed IP blocks. This is only guaranteed if designs are properly protected against theft, cloning, and grey market overproduction. In this paper, we describe a solution for the IP protection problem on Field Programmable Gate Arrays (FPGAs) based on the use of Physical Unclonable Functions (PUFs). Our solution includes optimizations at the protocol level, making the resulting protocols more efficient than previously proposed ones. In addition, we show how SRAM memory blocks present in current FPGAs can be used as a PUF. This leads to a solution which allows unique identification of FPGAs without requiring significant additional hardware resources, and to ensure code can only run on authorized platforms. |
BibTeX:
@incollection{IC-GKK+07,
author = {Guajardo, Jorge and Kumar, Sandeep S. and Kursawe, Klaus and Schrijen, Geert-Jan and Tuyls, Pim},
title = {Intrinsic Physical Unclonable Functions in Field Programmable Gate Arrays},
booktitle = {ISSE/SECURE 2007 Securing Electronic Business Processes},
publisher = {Vieweg},
year = {2007},
pages = {313--321},
doi = {http://dx.doi.org/10.1007/978-3-8348-9418-2_33}
}
|
| Kumar, S. & Paar, C. (2006), "Are standards compliant elliptic curve cryptosystems feasible on RFID", In Workshop on RFID Security 2006. Graz, Austria, July, 2006.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: With elliptic curve cryptography emerging as a serious alternative, the desired level of security can be attained with significantly smaller key sizes. This makes ECC very attractive for small-footprint devices with limited computational capability, memory and low-bandwidth network connections. However ECC is still considered to be impracticable for very low-end constrained devices like sensor networks and RFID tags. We present a stand-alone highly area optimized ECC processor design for standards compliant binary field curves. We use the fast squarer implementation to construct an addition chain that allows inversion to be computed efficiently. Hence, we propose an affine co-ordinate ASIC implementation of the ECC processor using a modified Montgomery point multiplication method for binary curves ranging from 113 -193 bits. An area between 10k and 18k gates on a 0.35um CMOS process is possi- ble for the different curves which makes the design very attractive for enabling ECC in constrained devices. |
BibTeX:
@conference{PA-KP06,
author = {Sandeep Kumar and Christof Paar},
title = {Are standards compliant elliptic curve cryptosystems feasible on RFID},
booktitle = {Workshop on RFID Security 2006},
year = {2006},
url = {http://events.iaik.tugraz.at/RFIDSec06/Program/}
}
|
| Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G. & Schimmler, M. (2006), "Breaking Ciphers with COPACOBANA –A Cost-Optimized Parallel Code Breaker", In Cryptographic Hardware and Embedded Systems - CHES 2006., pp. 101-118.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build special-purpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved cost-performance ratio so that breaking of commercial ciphers comes within reach. This contribution presents the design and realization of the COPACOBANA (Cost-Optimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US 10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 low-cost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a real-world application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis. The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking full-size RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation1. |
BibTeX:
@inproceedings{I-KPPPS06,
author = {Kumar, Sandeep and Paar, Christof and Pelzl, Jan and Pfeiffer, Gerd and Schimmler, Manfred},
title = {Breaking Ciphers with COPACOBANA –A Cost-Optimized Parallel Code Breaker},
booktitle = {Cryptographic Hardware and Embedded Systems - CHES 2006},
year = {2006},
pages = {101--118},
doi = {http://dx.doi.org/10.1007/11894063_9}
}
|
| Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G. & Schimmler, M. (2006), "A Configuration Concept for a Massively Parallel FPGA Architecture", In Proceedings of 2006 International Conference on Computer Design --- CDES'06, Las Vegas, USA. June 26-29 2006.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: Today's computer hardware are highly optimized general purpose architectures but unavoidable inefficient in terms of special purpose scenarios. The grade of efficiency usual ly has to face a business economical consideration to choose between special versus general purpose hardware. The emerging technology of programmable logic devices enables a new kind of architecture for massively parallel systems based on programmable logic devices. For such systems the traditional way of chip configuration is not useful anymore. This paper presents a concept for configuring massively paral lel reconfigurable architectures. Furthermore a proof of concept is given by applying the configuration schemeto an reconfigurable architecture consisting of 120 chips. |
BibTeX:
@inproceedings{I-KPPPS06b,
author = {S. Kumar and C. Paar and J. Pelzl and G. Pfeiffer and M. Schimmler},
title = {A Configuration Concept for a Massively Parallel FPGA Architecture},
booktitle = {Proceedings of 2006 International Conference on Computer Design --- CDES'06, Las Vegas, USA},
year = {2006},
url = {http://www.worldacademyofscience.org/worldcomp06/ws/publications/cdes06/contents}
}
|
| Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Rupp, A. & Schimmler, M. (2006), "How to Break DES for ~8,980", In International Workshop on Special-Purpose Hardware for Attacking Cryptographic Systems --- SHARCS'06, Cologne, Germany., April, 2006.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (in the absence of mathematical breakthroughs) is to build special-purpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved cost- performance ratio so that breaking of commercial ciphers comes within reach. This contribution describes the design and realization of the reprogrammable machine COPACOBANA (Cost-Optimized Parallel Code Breaker), which is optimized for running cryptanalytical algorithms. The primary design goal was to produce a re-programmable low-cost design for less than Euro 10,000 which is applicable for attacking the Data Encryption Standard (DES) in less than nine days. It will be shown that the architecture outperforms conventional computers by several orders of magnitude. Fully configured, COPACOBANA can host 120 low-cost FPGAs. In this configuration, the COPACOBANA hardware is able to perform an exhaustive key search of DES at a rate of more than 2^35 keys per second, yielding an average search time of less than nine days. For this, we used the high-speed DES engine design of the Universite Catholique de Louvain's Crypto Group. We provide a real-world example by giving an estimate of an attack with COPACOBANA against a formerly popular encryption tool (Norton Diskreet). Due to a cryptographical weak key derivation function it can be broken in very little time by applying a smart key search. COPACOBANA is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. COPACOBANA is intended to, but not necessarily restricted to solving problems related to cryptanalysis. |
BibTeX:
@conference{I-KPPPRS06,
author = {S. Kumar and C. Paar and J. Pelzl and G. Pfeiffer and A. Rupp and M. Schimmler},
title = {How to Break DES for ~8,980},
booktitle = {International Workshop on Special-Purpose Hardware for Attacking Cryptographic Systems --- SHARCS'06, Cologne, Germany},
year = {2006},
url = {http://www.sharcs.org}
}
|
| Batina, L., Kumar, S., Lano, J., Lemke, K., Mentens, N., Paar, C., Prenel, B., Sakiyama, K. & Verbauwhede, I. (2006), "Testing Framework for eSTREAM Profile II Candidates", In SASC - The State of the Art of Stream Ciphers. Leuven, Belgium, February, 2006.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: The aim of eSTREAM Profile II is to identify a small number of stream ciphers that are suitable for low resource circuitry based im- plementation. Besides algorithmic properties and security evaluation to theoretical attacks, performance evaluation is another important task of eSTREAM that is being considered. In this contribution we summarize and explain our testing framework for eSTREAM ProŻle II candidates regarding hardware implementations. |
BibTeX:
@conference{PA-BKL+06,
author = {L. Batina and S. Kumar and J. Lano and K. Lemke and N. Mentens and C. Paar and B. Prenel and K. Sakiyama and I. Verbauwhede},
title = {Testing Framework for eSTREAM Profile II Candidates},
booktitle = {SASC - The State of the Art of Stream Ciphers},
year = {2006},
url = {http://www.ecrypt.eu.org/stvl/sasc2006/programme.html}
}
|
| Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G. & Schimmler, M. (2006), "COPACOBANA - A Cost-Optimized Special-Purpose Hardware for Code-Breaking", In 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2006. FCCM '06. April 2006., pp. 311-312.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build special-purpose hardware. This contribution presents a special-purpose hardware labeled COPACOBANA (cost-optimized parallel code breaker), which is optimized for running crypt-analytical algorithms with low communication overhead. The price-performance ratio as primary and a cost margin of less than US$ 10,000 as secondary design goal led to a reconfigurable computer built as cluster of programmable logic devices |
BibTeX:
@inproceedings{I-KPPPS06c,
author = {Kumar, S. and Paar, C. and Pelzl, J. and Pfeiffer, G. and Schimmler, M.},
title = {COPACOBANA - A Cost-Optimized Special-Purpose Hardware for Code-Breaking},
booktitle = {14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2006. FCCM '06},
year = {2006},
pages = {311-312},
doi = {http://dx.doi.org/10.1109/FCCM.2006.34}
}
|
| Kumar, S.S., Wollinger, T. & Paar, C. (2005), "Optimized Digit Multipliers for Elliptic Curve Cryptography", In Cryptographic Advances in Secure Hardware --- CRASH 2005. Leuven, Belgium., September, 2005.
[BibTeX] [URL]
|
BibTeX:
@conference{PA-KWP05,
author = {S. S. Kumar and T. Wollinger and C. Paar},
title = {Optimized Digit Multipliers for Elliptic Curve Cryptography},
booktitle = {Cryptographic Advances in Secure Hardware --- CRASH 2005},
year = {2005},
url = {http://www.cosic.esat.kuleuven.be/crash/}
}
|
| Kumar, S.S. & Paar, C. (2004), "Reconfigurable Instruction Set Extension for Enabling ECC on an 8-Bit Processor", In 14th International Conference Field Programmable Logic and Application --- FPL 2004. #pub-SV:adr#. August 2004. Volume 3203, pp. 586-595. #pub-SV#.
[Abstract] [BibTeX] [DOI] [URL] [PDF]
|
| Abstract: Pervasive networks with low-cost embedded 8-bit processors are set to change our day-to-day life. Public-key cryptography provides crucial functionality to assure security which is often an important requirement in pervasive applications. However, it has been the hardest to implement on constraint platforms due to its very high computational requirements. This contribution describes a proof-of-concept implementation for an extremely low-cost instruction set extension using reconfigurable logic, which enables an 8-bit micro-controller to provide full size elliptic curve cryptography (ECC) capabilities. Introducing full size public-key security mechanisms on such small embedded devices will allow new pervasive applications. We show that a standard compliant 163-bit point multiplication can be computed in 0.113 sec on an 8-bit AVR micro-controller running at 4 Mhz with minimal extra hardware, a typical representative for a low-cost pervasive processor. Our design not only accelerates the computation by a factor of more than 30 compared to a software-only solution, it also reduces the code-size, data-RAM and power requirements. |
BibTeX:
@inproceedings{PA-KP04,
author = {S. S. Kumar and C. Paar},
title = {Reconfigurable Instruction Set Extension for Enabling ECC on an 8-Bit Processor},
booktitle = {14th International Conference Field Programmable Logic and Application --- FPL 2004},
publisher = {#pub-SV#},
year = {2004},
volume = {3203},
pages = {586--595},
url = {http://www.springerlink.com/content/eu1uqtk9g79fc14d},
doi = {http://dx.doi.org/10.1007/b99787}
}
|
| Kumar, S., Lemke, K. & Paar, C. (2004), "Some Thoughts about Implementation Properties of Stream Ciphers", In SASC - State of the Art of Stream Ciphers Workshop. Brugge, Belgium, October, 2004.
[Abstract] [BibTeX] [URL] [PDF]
|
| Abstract: This contribution describes general considerations for evaluating the quality of a cryptographic implementation, with a strong focus on hardware implementation of stream ciphers. In particular, the features area efficiency, power, and secure implementation are discussed. Even though the main target of the treatment here are stream ciphers, some of the thoughts presented are directly applicable to other crypto algorithms such as block ciphers. |
BibTeX:
@conference{PA-KLP04,
author = {Sandeep Kumar and Kerstin Lemke and Christof Paar},
title = {Some Thoughts about Implementation Properties of Stream Ciphers},
booktitle = {SASC - State of the Art of Stream Ciphers Workshop},
year = {2004},
url = {http://www.ecrypt.eu.org/stvl/sasc/presentations.html}
}
|
| Großschädl, J., Kumar, S.S. & Paar, C. (2004), "Architectural Support for Arithmetic in Optimal Extension Fields", In 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors --- ASAP'04. September 2004., pp. 111-124.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Public-key cryptosystems generally involve computation-intensive arithmetic operations, making them impractical for software implementation on constrained devices such as smart cards. We investigate the potential of architectural enhancements and instruction set extensions for low-level arithmetic used in public-key cryptography, most notably multiplication in finite fields of large order. The focus of the present work is directed towards a special type of finite fields, the so-called optimal extension fields GF(pm) where p is a pseudo-Mersenne (PM) prime of the form p = 2n - c that fits into a single register. Based on the M/PS32 instruction set architecture, we introduce two custom instructions to accelerate the reduction modulo a PM prime. Moreover, we show that the multiplication in an optimal extension field can take advantage of a multiply/accumulate unit with a wide accumulator so that a certain number of 64-bit products can be summed up without overflow. The proposed extensions support a wide range of PM primes and allow a reduction modulo 2n - c to complete in only four clock cycles when n ? 32. |
BibTeX:
@inproceedings{PA-GKP04,
author = {J. Großschädl and S. S. Kumar and C. Paar},
title = {Architectural Support for Arithmetic in Optimal Extension Fields},
booktitle = {15th IEEE International Conference on Application-Specific Systems, Architectures and Processors --- ASAP'04},
year = {2004},
pages = {111--124},
doi = {http://dx.doi.org/10.1109/ASAP.2004.1342463}
}
|
| Kumar, S., Girimondo, M., Weimerskirch, A., Paar, C., Patel, A. & Wander, A. (2003), "Embedded end-to-end wireless security with ECDH key exchange", In Proceedings of the 46th IEEE International Midwest Symposium on Circuits and Systems --- MWSCAS 2003. Dec. 2003. Volume 2, pp. 786-789.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Sensor networks offer tremendous benefits for the future as they have the potential to make life more convenient and safer. For instance, sensors can be used for climate control to reduce power consumption, for structures such as bridges to monitor the maintenance status, or for company badges to locate employees in order to increase productivity. However, the introduction of such ubiquitous computing to everyday life also raises privacy concerns. In this work the authors presented a public-key cryptography implementation for secure key exchange on low-end wireless devices using elliptic curves. The implementation is based on optimal extension fields (OEF) that are a special type of finite fields GF(pm). As for the platform, the authors chose a Chipcon CC1010 chip which is based on the 8051 architecture and that is especially suited for secure wireless applications as it has a built-in radio transceiver as well as a hardware DES engine. A secure end-to-end connection was established between the sensor and a base station in an acceptable time of 3 seconds without requiring cryptographic coprocessors. |
BibTeX:
@inproceedings{PA-KGW+03,
author = {Sandeep Kumar and Girimondo, M. and Weimerskirch, A. and Paar, C. and Arun Patel and Wander, A.S.},
title = {Embedded end-to-end wireless security with ECDH key exchange},
booktitle = {Proceedings of the 46th IEEE International Midwest Symposium on Circuits and Systems --- MWSCAS 2003},
year = {2003},
volume = {2},
pages = { 786--789},
doi = {http://dx.doi.org/10.1109/MWSCAS.2003.1562404}
}
|
| Bertoni, G., Guajardo, J., Kumar, S., Orlando, G., Paar, C. & Wollinger, T. (2003), "Efficient GF(p m ) Arithmetic Architectures for Cryptographic Applications", In Topics in Cryptology — CT-RSA 2003., pp. 158-175.
[Abstract] [BibTeX] [DOI] [PDF]
|
| Abstract: Recently, there has been a lot of interest on cryptographic applications based on fields GF(p m ), for p > 2. This contribution presents GF(p m ) multipliers architectures, where p is odd. We present designs which trade area for performance based on the number of coefficients that the multiplier processes at one time. Families of irreducible polynomials are introduced to reduce the complexity of the modulo reduction operation and, thus, improved the efficiency of the multiplier. We, then, specialize to fields GF(3 m ) and provide the first cubing architecture presented in the literature. We synthesize our architectures for the special case of GF(397) on the XCV1000-8-FG1156 and XC2VP20-7-FF1156 FPGAs and provide area/performance numbers and comparisons to previous GF(3 m ) and GF(2 m ) implementations. Finally, we provide tables of irreducible polynomials over GF(3) of degree m with 2 ? m ? 255. |
BibTeX:
@inproceedings{PA-BGK+03,
author = {Bertoni, Guido and Guajardo, Jorge and Kumar, Sandeep and Orlando, Gerardo and Paar, Christof and Wollinger, Thomas},
title = {Efficient GF(p m ) Arithmetic Architectures for Cryptographic Applications},
booktitle = {Topics in Cryptology — CT-RSA 2003},
year = {2003},
pages = {158--175},
doi = {http://dx.doi.org/10.1007/3-540-36563-X_11}
}
|
|