Faster Software for Fast Endomorphisms

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    7 Citations (Scopus)

    Abstract

    GLV curves (Gallant et al.) have performance advantages over standard elliptic curves, using half the number of point doublings for scalar multiplication. Despite their introduction in 2001, implementations of the GLV method have yet to permeate widespread software libraries. Furthermore, side-channel vulnerabilities, specifically cache-timing attacks, remain unpatched in the OpenSSL code base since the first attack in 2009 (Brumley and Hakala) even still after the most recent attack in 2014 (Benger et al.). This work reports on the integration of the GLV method in OpenSSL for curves from 160 to 256 bits, as well as deploying and evaluating two side-channel defenses. Performance gains are up to 51%, and with these improvements GLV curves are now the fastest elliptic curves in OpenSSL for these bit sizes.
    Original languageEnglish
    Title of host publicationConstructive Side-Channel Analysis and Secure Design - 6th International Workshop, COSADE 2015, Berlin, Germany, April 13-14, 2015. Revised Selected Papers
    EditorsStefan Mangard, Axel Y. Poschmann
    PublisherSpringer Verlag
    Pages127-140
    Number of pages14
    Volume9064
    ISBN (Electronic)978-3-319-21476-4
    ISBN (Print)978-3-319-21475-7
    DOIs
    Publication statusPublished - 2015
    Publication typeA4 Article in conference proceedings
    EventInternational Workshop on Constructive Side-Channel Analysis and Secure Design -
    Duration: 1 Jan 1900 → …

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer

    Conference

    ConferenceInternational Workshop on Constructive Side-Channel Analysis and Secure Design
    Period1/01/00 → …

    Publication forum classification

    • Publication forum level 1

    Fingerprint

    Dive into the research topics of 'Faster Software for Fast Endomorphisms'. Together they form a unique fingerprint.

    Cite this