1 / 20

# Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? - PowerPoint PPT Presentation

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?. Ortal Arazi Electrical & Computer Engineering Department The University of Tennessee Knoxville, TN 37996-2100. Outline. What is an Elliptic Curve? Point by Scalar multiplication Experimental results

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?' - keith

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Calculations over an Elliptic curve,HOW DO WE DO IT?Why do we need it for WSN?

Ortal Arazi

Electrical & Computer Engineering Department

The University of Tennessee

Knoxville, TN 37996-2100

• What is an Elliptic Curve?

• Point by Scalar multiplication

• Experimental results

• Scalar by Scalar multiplication

In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation :

Example:

multiplication involves

multiplications of a

pint by 2

Point by Scalar multiplication:

Example: (k=1101, Q-point, n=4)

13*Q=?

K(2)=1, K(3)=0, K(4)=1,

C=Q

i=2: C=2*Q

C=2*Q+Q=3*Q

i=3: C=2*3*Q=6*Q

i=4: C=2*6*Q=12*Q

C=12*Q+Q=13*Q

Q- point on the curve

K- scalar

k*Q=?

C=Q

For i=2 to n

C=2*C

If k(i)=1 then C=C+Q

C= k*Q

How do we multiply a point by 2?

How do we add two points?

These arithmetics involve calculations over the field GF(2m)

MIPS: million of instructions per second.

A MIPS computer performs about 240 elliptic curve additions per year

The number of MIPS years it takes to compute an elliptic curve logarithm

Experimental results on the TPR 2400CA TelosB motes:

The curves that

we are using:

(1)

(2)

Experimental results on the TPR 2400CA TelosB motes:

Time computed for establishing an online pairwise self-certified fixed and ephemeral key

The private key shared by a pair of nodes is constant

Ephemeral key:

The private key shared by the same pair of nodes change

Fixed key Vs. Ephemeral key

Cluster B

Cluster A

• All calculations over an Elliptic curve are modulo the order of the curve

• For example: If the order of the curve is Ord G, then:

• What is Ord G?

• A number in which multiplying G (a point ton the curve)

• by a scalar is periodic.

• i.e. when exceeding ordG you start from the beginning:

• 1×G = (ordG + 1)×G.

• s×P = (s mod ordG)×P.

What does all this have to do with WSN?

In both Fixed and Ephemeral key generations,

each node needs to multiply 2 scalars mod ord G

Node i

Node j

Fixed:xi *H(IDj , Uj)*Uj + xiR

Ephemeral: Pvi*H(IDj , Uj) * Uj +(xi+ Pvi) (Evj +R) - xi * R

How do we achieve the multiplication ?

a

Step (1)

Step (2)

Montgomery

(mod n)

b

X- number of bits in the scalar

Montgomery

(mod n)

p

(128 or 160 bits)

q

16

16

16

16

16

(128 or 160 bits)

16

s = 0

for i = 0 to n-1

0 n-1

Ord G: 163 or 131 bits

(r- a number obtained form the curve)

(u is the least significant coefficient of the value obtained from multiplying

the least significant coefficient of t, by r.)

(the least significant coefficient of v is now 0)

(s is obtained by erasing the least significant coefficient of v)

if s = 164 (or 132) bits then s = s – OrdG

Xi, Pvi

Ord G: 163 or 131 bits

H(IDj , Uj)

16

16

16

16

16

16

0 n-1

• How do we generatexi * H(IDj , Uj) Mod Ord G

• instead of xi*H(IDj , Uj)*2-16nMod Ord G?

• use the Montgomery procedure again ?

• Problem: using more resources (time, memory and energy)

• Do not change it, change the calculations of the secrect key xi!

Calculations of node i:

Calculations of node j:

Calculations of node i:

Calculations of node j:

• Despite the elaborate calculations, point by scalar multiplications is feasible on a WS mote

• Cryptocomplexity Analysis shows that using ECC is highly desirable

• Offloading will help in: gaining execution speed and better power distribution across the network

• The need for scalar by scalar Multiplication was introduced.

• The Montgomery multiplication procedure was introduced

• saving resources (energy, memory and time)

• Implementing the Montgomery multiplication procedure only ONCE is feasible, hence saving more resources (energy, memory and time)

• Finish the implementation of a self-certified DH key generation

• Implementation of a group key generation

• Fault tolerance key exchange

• Ensuring group key generation even if some of the nodes fail

• Probability of failure as a function of node density

• % of nodes without a group key (treated as malicious or malfunctioned)

• Reduction of the time it takes to calculate the shared keys by the pairs

a

Kca

c

Kab

Kac

b

Kba

• Self certified DH key exchange between cluster heads (within different clusters)

• Using base stations to help with the calculations

• Key exchange between nodes and the base station (taking into advantage the fact that the base station does not have computational problems)

• Hijacking of nodes by malicious party (how do we establish a way to distinguish the attackers)

• Mobile nodes