Ahmadi et al. / J Zhejiang Univ-Sci C (Comput & Electron) 2010 11(9):724-736 724 A low-power and low-energy flexible GF(p) elliptic-curve cryptography processor *# Hamid Reza AHMADI, Ali AFZALI-KUSHA (School of Electrical and Computer Engineering, University of Tehran, P.O. Box 14395-515, Tehran, Iran) E-mail: {hrahmadi, afzali}@ut.ac.ir Received Oct. 30, 2009; Revision accepted Mar. 27, 2010; Crosschecked Aug. 2, 2010 Abstract: We investigate the use of two integer inversion algorithms, a modified Montgomery modulo inverse and a Fermat’s Little Theorem based inversion, in a prime-field affine-coordinate elliptic-curve crypto-processor. To perform this, we present a low-power/energy GF(p) affine-coordinate elliptic-curve cryptography (ECC) processor design with a simplified architecture and complete flexibility in terms of the field and curve parameters. The design can use either of the inversion algorithms. Based on the implementations of this design for 168-, 192-, and 224-bit prime fields using a standard 0.13 μm CMOS technology, we compare the efficiency of the algorithms in terms of power/energy consumption, area, and calculation time. The results show that while the Fermat’s theorem approach is not appropriate for the affine-coordinate ECC processors due to its long computation time, the Montgomery modulo inverse algorithm is a good candidate for low-energy implementations. The results also show that the 168-bit ECC processor based on the Montgomery modulo inverse completes one scalar multiplication in only 0.4 s at a 1 MHz clock frequency consuming only 12.92 μJ, which is lower than the reported values for similar designs. Key words: Elliptic-curve cryptography (ECC), Prime field, Montgomery multiplication, Montgomery inverse, Low-energy doi:10.1631/jzus.C0910660 Document code: A CLC number: TN4 1 Introduction Standard public-key cryptography (PKC) algo- rithms and protocols have been used as the basis for providing security in many real-life applications (Stamp, 2006). The implementation of these algo- rithms for use in applications based on energy/area constrained devices, like radio-frequency identifica- tion (RFID) tags and wireless sensors, has been the subject of many recent research activities (Kaps, 2006; Kumar, 2006). These implementations are difficult due to the limitations of the power/energy consump- tion and calculation time and also due to the complex and calculation-intensive nature of the algorithms (Kaps, 2006). Amongst standard PKC algorithms, elliptic-curve cryptography (ECC) algorithms have the advantage of providing an equal level of security using smaller numbers (Hankerson et al., 2004). This makes ECC algorithms more suitable for use in ap- plications with limitations in power/energy and tim- ing (Kaps, 2006). Recently, ECC hardware imple- mentations have been shown to be able to meet pow- er/energy and timing limitations of these devices and applications (Öztürk et al., 2004; Gaubatz et al., 2005; Wolkerstorfer, 2005; de Dormale et al., 2006; Batina et al., 2007; Feldhofer and Wolkerstorfer, 2007; Fürbass and Wolkerstorfer, 2007). Different approaches have been taken by re- searchers to design low-power/energy ECC proces- sors. In many of these approaches, whilst the main goal has been to reach lower power consumption levels, researchers have concentrated on minimizing * Project supported in part by the Iran Telecommunication Research Center (ITRC) and the Research Council of University of Tehran # This paper is the extension on the papers “Very low-power flexible GF(p) elliptic-curve crypto-processor for non-time-critical applica- tions”, which appeared in the Proceedings of the International Sym- posium on Circuits and Systems, Taipei, Taiwan, May 24–27, 2009, and “Low-power low-energy prime-field ECC processor based on Montgomery modular inverse algorithm”, which appeared in the Proceedings of EUROMICRO Conference on Digital System Design, Architectures, Methods and Tools, Patras, Greece, Aug. 27–29, 2009 © Zhejiang University and Springer-Verlag Berlin Heidelberg 2010 Journal of Zhejiang University-SCIENCE C (Computers & Electronics) ISSN 1869-1951 (Print); ISSN 1869-196X (Online) www.zju.edu.cn/jzus; www.springerlink.com E-mail: jzus@zju.edu.cn