calculations over an elliptic curve how do we do it why do we need it for wsn
Download
Skip this Video
Download Presentation
Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?

Loading in 2 Seconds...

play fullscreen
1 / 20

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?. Ortal Arazi Electrical & Computer Engineering Department The University of Tennessee Knoxville, TN 37996-2100. Outline. What is an Elliptic Curve? Point by Scalar multiplication Experimental results

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?' - keith


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
calculations over an elliptic curve how do we do it why do we need it for wsn

Calculations over an Elliptic curve,HOW DO WE DO IT?Why do we need it for WSN?

Ortal Arazi

Electrical & Computer Engineering Department

The University of Tennessee

Knoxville, TN 37996-2100

outline
Outline
  • What is an Elliptic Curve?
  • Point by Scalar multiplication
    • Experimental results
  • Scalar by Scalar multiplication
what is an elliptic curve
What is an Elliptic Curve?

In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation :

Example:

point by scalar multiplication

Point by scalar

multiplication involves

Point additions and

multiplications of a

pint by 2

Point by Scalar multiplication:

Example: (k=1101, Q-point, n=4)

13*Q=?

K(2)=1, K(3)=0, K(4)=1,

C=Q

i=2: C=2*Q

C=2*Q+Q=3*Q

i=3: C=2*3*Q=6*Q

i=4: C=2*6*Q=12*Q

C=12*Q+Q=13*Q

Q- point on the curve

K- scalar

k*Q=?

C=Q

For i=2 to n

C=2*C

If k(i)=1 then C=C+Q

C= k*Q

How do we multiply a point by 2?

How do we add two points?

These arithmetics involve calculations over the field GF(2m)

cryptocomplexity analysis
Cryptocomplexity Analysis

MIPS: million of instructions per second.

A MIPS computer performs about 240 elliptic curve additions per year

The number of MIPS years it takes to compute an elliptic curve logarithm

experimental results on the tpr 2400ca telosb motes
Experimental results on the TPR 2400CA TelosB motes:

The curves that

we are using:

(1)

(2)

experimental results on the tpr 2400ca telosb motes1
Experimental results on the TPR 2400CA TelosB motes:

Time computed for establishing an online pairwise self-certified fixed and ephemeral key

fixed key vs ephemeral key
Fixed key:

The private key shared by a pair of nodes is constant

Ephemeral key:

The private key shared by the same pair of nodes change

Fixed key Vs. Ephemeral key

Offloading the calculations

Cluster B

Cluster A

scalar by scalar multiplication
Scalar by Scalar Multiplication
  • All calculations over an Elliptic curve are modulo the order of the curve
  • For example: If the order of the curve is Ord G, then:
  • What is Ord G?
  • A number in which multiplying G (a point ton the curve)
  • by a scalar is periodic.
  • i.e. when exceeding ordG you start from the beginning:
  • 1×G = (ordG + 1)×G.
  • s×P = (s mod ordG)×P.

What does all this have to do with WSN?

self certified dh key generation
Self certified DH key generation

In both Fixed and Ephemeral key generations,

each node needs to multiply 2 scalars mod ord G

Node i

Node j

Fixed:xi *H(IDj , Uj)*Uj + xiR

Ephemeral: Pvi*H(IDj , Uj) * Uj +(xi+ Pvi) (Evj +R) - xi * R

the montgomery multiplication
The Montgomery Multiplication

How do we achieve the multiplication ?

a

Step (1)

Step (2)

Montgomery

(mod n)

b

X- number of bits in the scalar

Montgomery

(mod n)

the montgomery multiplication cont
The Montgomery Multiplication (cont)

p

(128 or 160 bits)

q

16

16

16

16

16

(128 or 160 bits)

16

s = 0

for i = 0 to n-1

0 n-1

Ord G: 163 or 131 bits

(r- a number obtained form the curve)

(u is the least significant coefficient of the value obtained from multiplying

the least significant coefficient of t, by r.)

(the least significant coefficient of v is now 0)

(s is obtained by erasing the least significant coefficient of v)

if s = 164 (or 132) bits then s = s – OrdG

the montgomery multiplication cont1
The Montgomery Multiplication (cont)

Xi, Pvi

Ord G: 163 or 131 bits

H(IDj , Uj)

16

16

16

16

16

16

0 n-1

the montgomery multiplication cont2
The Montgomery Multiplication (cont)
  • How do we generatexi * H(IDj , Uj) Mod Ord G
  • instead of xi*H(IDj , Uj)*2-16nMod Ord G?
  • use the Montgomery procedure again ?
    • Problem: using more resources (time, memory and energy)
  • Do not change it, change the calculations of the secrect key xi!
the montgomery multiplication cont3
The Montgomery Multiplication (cont)

Calculations of node i:

Calculations of node j:

mathematical equations
Mathematical equations:

Calculations of node i:

Calculations of node j:

summery
Summery
  • Despite the elaborate calculations, point by scalar multiplications is feasible on a WS mote
  • Cryptocomplexity Analysis shows that using ECC is highly desirable
  • Offloading will help in: gaining execution speed and better power distribution across the network
  • The need for scalar by scalar Multiplication was introduced.
  • The Montgomery multiplication procedure was introduced
    • saving resources (energy, memory and time)
  • Implementing the Montgomery multiplication procedure only ONCE is feasible, hence saving more resources (energy, memory and time)
future directions
Future directions
  • Finish the implementation of a self-certified DH key generation
  • Implementation of a group key generation
  • Fault tolerance key exchange
    • Ensuring group key generation even if some of the nodes fail
    • Probability of failure as a function of node density
    • % of nodes without a group key (treated as malicious or malfunctioned)
  • Reduction of the time it takes to calculate the shared keys by the pairs

a

Kca

c

Kab

Kac

b

Kba

future directions1
Future directions
  • Self certified DH key exchange between cluster heads (within different clusters)
  • Using base stations to help with the calculations
  • Key exchange between nodes and the base station (taking into advantage the fact that the base station does not have computational problems)
  • Hijacking of nodes by malicious party (how do we establish a way to distinguish the attackers)
  • Mobile nodes
ad