Fast elliptic curve cryptography in OpenSSL

Authors:
Emilia Käsper
Affiliations:
Google, Belgium,ESAT/COSIC, Katholieke Universiteit Leuven, Belgium
Venue:
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Year:
2011

Citing 8
Cited 2

Software Implementation of the NIST Elliptic Curves Over Prime Fields

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Algorithms for Multi-exponentiation

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Exponent Recoding and Regular Exponentiation Algorithms

AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Cache-Timing Template Attacks

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Curve25519: new diffie-hellman speed records

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Predicting secret keys via branch prediction

CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology

Four-Dimensional gallant-lambert-vanstone scalar multiplication

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
High-Performance scalar multiplication using 8-dimensional GLV/GLS decomposition

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a 64-bit optimized implementation of the NIST and SECG-standardized elliptic curve P-224. Our implementation is fully integrated into OpenSSL 1.0.1: full TLS handshakes using a 1024-bit RSA certificate and ephemeral Elliptic Curve Diffie-Hellman key exchange over P-224 now run at twice the speed of standard OpenSSL, while atomic elliptic curve operations are up to 4 times faster. In addition, our implementation is immune to timing attacks--most notably, we show how to do small table look-ups in a cache-timing resistant way, allowing us to use precomputation. To put our results in context, we also discuss the various security-performance trade-offs available to TLS applications.