Loading in 5 sec....

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?PowerPoint Presentation

Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?

- By
**keith** - Follow User

- 114 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN?' - keith

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Calculations over an Elliptic curve,HOW DO WE DO IT?Why do we need it for WSN?

Ortal Arazi

Electrical & Computer Engineering Department

The University of Tennessee

Knoxville, TN 37996-2100

Outline

- What is an Elliptic Curve?
- Point by Scalar multiplication
- Experimental results

- Scalar by Scalar multiplication

What is an Elliptic Curve?

In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation :

Example:

multiplication involves

Point additions and

multiplications of a

pint by 2

Point by Scalar multiplication:Example: (k=1101, Q-point, n=4)

13*Q=?

K(2)=1, K(3)=0, K(4)=1,

C=Q

i=2: C=2*Q

C=2*Q+Q=3*Q

i=3: C=2*3*Q=6*Q

i=4: C=2*6*Q=12*Q

C=12*Q+Q=13*Q

Q- point on the curve

K- scalar

k*Q=?

C=Q

For i=2 to n

C=2*C

If k(i)=1 then C=C+Q

C= k*Q

How do we multiply a point by 2?

How do we add two points?

These arithmetics involve calculations over the field GF(2m)

Cryptocomplexity Analysis

MIPS: million of instructions per second.

A MIPS computer performs about 240 elliptic curve additions per year

The number of MIPS years it takes to compute an elliptic curve logarithm

Experimental results on the TPR 2400CA TelosB motes:

Time computed for establishing an online pairwise self-certified fixed and ephemeral key

The private key shared by a pair of nodes is constant

Ephemeral key:

The private key shared by the same pair of nodes change

Fixed key Vs. Ephemeral keyOffloading the calculations

Cluster B

Cluster A

Scalar by Scalar Multiplication

- All calculations over an Elliptic curve are modulo the order of the curve
- For example: If the order of the curve is Ord G, then:
- What is Ord G?
- A number in which multiplying G (a point ton the curve)
- by a scalar is periodic.
- i.e. when exceeding ordG you start from the beginning:
- 1×G = (ordG + 1)×G.
- s×P = (s mod ordG)×P.

What does all this have to do with WSN?

Self certified DH key generation

In both Fixed and Ephemeral key generations,

each node needs to multiply 2 scalars mod ord G

Node i

Node j

Fixed:xi *H(IDj , Uj)*Uj + xiR

Ephemeral: Pvi*H(IDj , Uj) * Uj +(xi+ Pvi) (Evj +R) - xi * R

The Montgomery Multiplication

How do we achieve the multiplication ?

a

Step (1)

Step (2)

Montgomery

(mod n)

b

X- number of bits in the scalar

Montgomery

(mod n)

The Montgomery Multiplication (cont)

p

(128 or 160 bits)

q

16

16

16

16

16

(128 or 160 bits)

16

s = 0

for i = 0 to n-1

0 n-1

Ord G: 163 or 131 bits

(r- a number obtained form the curve)

(u is the least significant coefficient of the value obtained from multiplying

the least significant coefficient of t, by r.)

(the least significant coefficient of v is now 0)

(s is obtained by erasing the least significant coefficient of v)

if s = 164 (or 132) bits then s = s – OrdG

The Montgomery Multiplication (cont)

Xi, Pvi

Ord G: 163 or 131 bits

H(IDj , Uj)

16

16

16

16

16

16

0 n-1

The Montgomery Multiplication (cont)

- How do we generatexi * H(IDj , Uj) Mod Ord G
- instead of xi*H(IDj , Uj)*2-16nMod Ord G?
- use the Montgomery procedure again ?
- Problem: using more resources (time, memory and energy)

- Do not change it, change the calculations of the secrect key xi!

Summery

- Despite the elaborate calculations, point by scalar multiplications is feasible on a WS mote
- Cryptocomplexity Analysis shows that using ECC is highly desirable
- Offloading will help in: gaining execution speed and better power distribution across the network
- The need for scalar by scalar Multiplication was introduced.
- The Montgomery multiplication procedure was introduced
- saving resources (energy, memory and time)

- Implementing the Montgomery multiplication procedure only ONCE is feasible, hence saving more resources (energy, memory and time)

Future directions

- Finish the implementation of a self-certified DH key generation
- Implementation of a group key generation
- Fault tolerance key exchange
- Ensuring group key generation even if some of the nodes fail
- Probability of failure as a function of node density
- % of nodes without a group key (treated as malicious or malfunctioned)

- Reduction of the time it takes to calculate the shared keys by the pairs

a

Kca

c

Kab

Kac

b

Kba

Future directions

- Self certified DH key exchange between cluster heads (within different clusters)
- Using base stations to help with the calculations
- Key exchange between nodes and the base station (taking into advantage the fact that the base station does not have computational problems)
- Hijacking of nodes by malicious party (how do we establish a way to distinguish the attackers)
- Mobile nodes

Download Presentation

Connecting to Server..