Abstract
This paper presents an efficient and secure implementation of SM2, the Chinese elliptic curve cryptography standard that has been adopted by the International Organization of Standardization (ISO) as ISO/IEC 14888-3:2018. Our SM2 implementation uses Intel’s Advanced Vector Extensions version 2.0 (AVX2), a family of three-operand SIMD instructions operating on vectors of 8, 16, 32, or 64-bit data elements in 256-bit registers, and is resistant against timing attacks. To exploit the parallel processing capabilities of AVX2, we studied the execution flows of Co-Z Jacobian point arithmetic operations and introduce a parallel 2-way Co-Z addition, Co-Z conjugate addition, and Co-Z ladder algorithm, which allow for fast Co-Z scalar multiplication. Furthermore, we developed an efficient 2-way prime-field arithmetic library using AVX2 to support our Co-Z Jacobian point operations. Both the field and the point operations utilize branch-free (i.e. constant-time) implementation techniques, which increase their ability to resist Simple Power Analysis (SPA) and timing attacks. Our software for scalar multiplication on the SM2 curve is, to our knowledge, the first constant-time implementation of the Co-Z based ladder that leverages the parallelism of AVX2.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See http://gmssl.org (accessed on 2020–05–24).
- 2.
See http://github.com/jntass/TASSL (accessed on 2020–05–24).
References
Bernstein, D.J.: Curve25519: New Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) Public Key Cryptography – PKC 2006. Lecture Notes in Computer Science, vol. 3958, pp. 207–228. Springer Verlag (2006)
Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2012. Lecture Notes in Computer Science, vol. 7428, pp. 320–339. Springer Verlag (2012)
Bos, J.W.: Low-latency elliptic curve scalar multiplication. International Journal of Parallel Programming 40(5), 532–550 (2012)
Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography – PKC 2002. Lecture Notes in Computer Science, vol. 2274, pp. 335–345. Springer Verlag (2002)
Cabrera Aldaya, A., Cabrera Sarmiento, A.J., Sánchez-Solano, S.: SPA vulnerabilities of the binary extended Euclidean algorithm. Journal of Cryptographic Engineering 7(4), 273–285 (2017)
Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) Advances in Cryptology – ASIACRYPT ’98. Lecture Notes in Computer Science, vol. 1514, pp. 51–65. Springer Verlag (1998)
Faz-Hernández, A., López, J.: Fast implementation of Curve25519 using AVX2. In: Lauter, K.E., Rodríguez-Henríquez, F. (eds.) Progress in Cryptology – LATINCRYPT 2015. Lecture Notes in Computer Science, vol. 9230, pp. 329–345. Springer Verlag (2015)
Faz-Hernández, A., López, J., Dahab, R.: High-performance implementation of elliptic curve cryptography using vector instructions. ACM Transactions on Mathematical Software 45(3), ??-?? (Jul 2019)
Fog, A.: Instruction tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs. Manual, avialable for download at http://www.agner.org/optimize/instruction_tables.pdf (2019)
Gueron, S., Krasnov, V.: Software implementation of modular exponentiation, using advanced vector instructions architectures. In: Özbudak, F., Rodríguez-Henríquez, F. (eds.) Arithmetic of Finite Fields – WAIFI 2012. Lecture Notes in Computer Science, vol. 7369, pp. 119–135. Springer Verlag (2012)
Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. Journal of Cryptographic Engineering 5(2), 141–151 (2015)
Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic CurveCryptography. Springer Verlag (2004)
Hutter, M., Joye, M., Sierra, Y.: Memory-constrained implementations of elliptic curve cryptography in co-Z coordinate representation. In: Nitaj, A., Pointcheval, D. (eds.) Progress in Cryptology – AFRICACRYPT 2011. Lecture Notes in Computer Science, vol. 6737, pp. 170–187. Springer Verlag (2011)
Intel Corporation: Intel instruction set architecture extensions. Documentation, available online at http://software.intel.com/en-us/isa-extensions (2013)
International Organization for Standardization: ISO/IEC 14888–3:2018 - IT security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms (2018)
Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography – PKC 2002. Lecture Notes in Computer Science, vol. 2274, pp. 280–296. Springer Verlag (2002)
Koblitz, N.I.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)
Meloni, N.: New point addition formulae for ECC applications. In: Carlet, C., Sunar, B. (eds.) Arithmetic of Finite Fields – WAIFI 2007. Lecture Notes in Computer Science, vol. 4547, pp. 189–201. Springer Verlag (2011)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Advances in Cryptology – CRYPTO ’85. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer Verlag (1986)
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)
OpenSSL Software Foundation: OpenSSL. Software, available for download at http://www.openssl.org (2019)
Peng, B.Y., Hsu, Y.C., Chen, Y.J., Chueh, D.C., Cheng, C.M., Yang, B.Y.: Multi-core FPGA implementation of ECC with homogeneous co-Z coordinate representation. In: Foresti, S., Persiano, G. (eds.) Cryptology and Network Security – CANS 2016. Lecture Notes in Computer Science, vol. 10052, pp. 637–647 (2016)
Rivain, M.: Fast and regular algorithms for scalar multiplication over elliptic curves. Cryptology ePrint Archive, Report 2011/338 (2011)
Seo, H., Liu, Z., Großschädl, J., Choi, J., Kim, H.: Montgomery modular multiplication on ARM-NEON revisited. In: Lee, J., Kim, J. (eds.) Information Security and Cryptology – ICISC 2014. Lecture Notes in Computer Science, vol. 8949, pp. 328–342. Springer Verlag (2014)
Solinas, J.A.: Generalized Mersenne numbers. Tech. Rep. CORR-99-39, University of Waterloo, Waterloo, Canada (1999)
State Cryptography Administration of China: Public key cryptographic algorithm SM2 based on elliptic curves. Specification, available for download at http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002386.shtml (2010)
State Cryptography Administration of China: Recommended curve parameters of public key cryptographic algorithm SM2 based on elliptic curves. Specification, available for download at http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002386.shtml (2010)
Venelli, A., Dassance, F.: Faster side-channel resistant elliptic curve scalar multiplication. In: Kohel, D., Rolland, R. (eds.) Contemporary Mathematics (Volume 512), pp. 29–40. American Mathematical Society (2010)
Zhao, Y., Pan, W., Lin, J., Liu, P., Xue, C., Zheng, F.: PhiRSA: Exploiting the computing power of vector instructions on Intel Xeon Phi for RSA. In: Avanzi, R.M., Heys, H.M. (eds.) Selected Areas in Cryptography – SAC 2016. Lecture Notes in Computer Science, vol. 10532, pp. 482–500. Springer Verlag (2016)
Zhou, L., Su, C., Hu, Z., Lee, S., Seo, H.: Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device. ACM Transactions on Embedded Computing Systems 18(3), ??-?? (Apr 2019)
Acknowledgments
Zhe Liu is supported by the National Natural Science Foundation of China (grant no. 61802180), the Natural Science Foundation of Jiangsu Province (grant no. BK20180421), the National Cryptography Development Fund (grant no. MM-JJ20180105) and the Fundamental Research Funds for the Central Universities (grant no. NE2018106). Zhi Hu is supported by the Natural Science Foundation of China (grants no. 61972420, 61602526) and the Hunan Provincial Natural Science Foundation of China (grants no. 2019JJ50827 and 2020JJ3050).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A SimpleRed Operation
A SimpleRed Operation
Based on the congruence relations in Eq. (5), we add or subtract each of the upper limbs \(z_i\) with \(i \in [10, 20)\) to the corresponding lower limbs in Z to obtain the residue \(\langle E, F \rangle _i\) from the intermediate result Z. For example, all the terms with weight \(2^0 \sim 2^{26}\) and \(2^{26} \sim 2^{52}\) will be added to or subtracted from \(Z_0\) to obtain \(\langle E, F \rangle _0\). Similarly to \(Z_0\), the terms with other weights will be added to or subtracted from the corresponding terms of the intermediate result Z. The details are fully specified in Algorithm 8, which executes only simple additions (resp. subtractions), shifts, and permutation instructions.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Huang, J., Liu, Z., Hu, Z., Großschädl, J. (2020). Parallel Implementation of SM2 Elliptic Curve Cryptography on Intel Processors with AVX2. In: Liu, J., Cui, H. (eds) Information Security and Privacy. ACISP 2020. Lecture Notes in Computer Science(), vol 12248. Springer, Cham. https://doi.org/10.1007/978-3-030-55304-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-55304-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55303-6
Online ISBN: 978-3-030-55304-3
eBook Packages: Computer ScienceComputer Science (R0)