Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?

1 / 20

# Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? - PowerPoint PPT Presentation

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?. Ortal Arazi Electrical &amp; Computer Engineering Department The University of Tennessee Knoxville, TN 37996-2100. Outline. What is an Elliptic Curve? Point by Scalar multiplication Experimental results

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?' - keith

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Calculations over an Elliptic curve,HOW DO WE DO IT?Why do we need it for WSN?

Ortal Arazi

Electrical & Computer Engineering Department

The University of Tennessee

Knoxville, TN 37996-2100

Outline
• What is an Elliptic Curve?
• Point by Scalar multiplication
• Experimental results
• Scalar by Scalar multiplication
What is an Elliptic Curve?

In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation :

Example:

Point by scalar

multiplication involves

multiplications of a

pint by 2

Point by Scalar multiplication:

Example: (k=1101, Q-point, n=4)

13*Q=?

K(2)=1, K(3)=0, K(4)=1,

C=Q

i=2: C=2*Q

C=2*Q+Q=3*Q

i=3: C=2*3*Q=6*Q

i=4: C=2*6*Q=12*Q

C=12*Q+Q=13*Q

Q- point on the curve

K- scalar

k*Q=?

C=Q

For i=2 to n

C=2*C

If k(i)=1 then C=C+Q

C= k*Q

How do we multiply a point by 2?

How do we add two points?

These arithmetics involve calculations over the field GF(2m)

Cryptocomplexity Analysis

MIPS: million of instructions per second.

The number of MIPS years it takes to compute an elliptic curve logarithm

Experimental results on the TPR 2400CA TelosB motes:

The curves that

we are using:

(1)

(2)

Experimental results on the TPR 2400CA TelosB motes:

Time computed for establishing an online pairwise self-certified fixed and ephemeral key

Fixed key:

The private key shared by a pair of nodes is constant

Ephemeral key:

The private key shared by the same pair of nodes change

Fixed key Vs. Ephemeral key

Cluster B

Cluster A

Scalar by Scalar Multiplication
• All calculations over an Elliptic curve are modulo the order of the curve
• For example: If the order of the curve is Ord G, then:
• What is Ord G?
• A number in which multiplying G (a point ton the curve)
• by a scalar is periodic.
• i.e. when exceeding ordG you start from the beginning:
• 1×G = (ordG + 1)×G.
• s×P = (s mod ordG)×P.

What does all this have to do with WSN?

Self certified DH key generation

In both Fixed and Ephemeral key generations,

each node needs to multiply 2 scalars mod ord G

Node i

Node j

Fixed:xi *H(IDj , Uj)*Uj + xiR

Ephemeral: Pvi*H(IDj , Uj) * Uj +(xi+ Pvi) (Evj +R) - xi * R

The Montgomery Multiplication

How do we achieve the multiplication ?

a

Step (1)

Step (2)

Montgomery

(mod n)

b

X- number of bits in the scalar

Montgomery

(mod n)

The Montgomery Multiplication (cont)

p

(128 or 160 bits)

q

16

16

16

16

16

(128 or 160 bits)

16

s = 0

for i = 0 to n-1

0 n-1

Ord G: 163 or 131 bits

(r- a number obtained form the curve)

(u is the least significant coefficient of the value obtained from multiplying

the least significant coefficient of t, by r.)

(the least significant coefficient of v is now 0)

(s is obtained by erasing the least significant coefficient of v)

if s = 164 (or 132) bits then s = s – OrdG

The Montgomery Multiplication (cont)

Xi, Pvi

Ord G: 163 or 131 bits

H(IDj , Uj)

16

16

16

16

16

16

0 n-1

The Montgomery Multiplication (cont)
• How do we generatexi * H(IDj , Uj) Mod Ord G
• instead of xi*H(IDj , Uj)*2-16nMod Ord G?
• use the Montgomery procedure again ?
• Problem: using more resources (time, memory and energy)
• Do not change it, change the calculations of the secrect key xi!
The Montgomery Multiplication (cont)

Calculations of node i:

Calculations of node j:

Mathematical equations:

Calculations of node i:

Calculations of node j:

Summery
• Despite the elaborate calculations, point by scalar multiplications is feasible on a WS mote
• Cryptocomplexity Analysis shows that using ECC is highly desirable
• Offloading will help in: gaining execution speed and better power distribution across the network
• The need for scalar by scalar Multiplication was introduced.
• The Montgomery multiplication procedure was introduced
• saving resources (energy, memory and time)
• Implementing the Montgomery multiplication procedure only ONCE is feasible, hence saving more resources (energy, memory and time)
Future directions
• Finish the implementation of a self-certified DH key generation
• Implementation of a group key generation
• Fault tolerance key exchange
• Ensuring group key generation even if some of the nodes fail
• Probability of failure as a function of node density
• % of nodes without a group key (treated as malicious or malfunctioned)
• Reduction of the time it takes to calculate the shared keys by the pairs

a

Kca

c

Kab

Kac

b

Kba

Future directions
• Self certified DH key exchange between cluster heads (within different clusters)
• Using base stations to help with the calculations
• Key exchange between nodes and the base station (taking into advantage the fact that the base station does not have computational problems)
• Hijacking of nodes by malicious party (how do we establish a way to distinguish the attackers)
• Mobile nodes