1. Introduction

Nowadays WSNs become a part of the Internet; the integration of WSNs into the Internet of Things (IoT) must involve new security issues. Symmetric cryptography can be the best solution in a constrained platform and embedded devices such as sensor. For a large number of nodes, the asymmetric key cryptography is the widely used algorithm because of its scalability. Elliptic curve cryptography (ECC) is one of the most famous asymmetric cryptographic schemes, which offers the same level of security with much shorter keys than the other widely used asymmetric cryptographic algorithm, Rivest, Shamir, and Adleman (RSA) [1]. Scalar multiplication is denoted by kP (where P is a point on an elliptic curve and k represents a scalar). The scalar multiplication is the recurrent and most heavily used operation in ECC because it is used for key generation, encryption/decryption of data, and signing/verification of digital signatures. The mathematics of an elliptic curve implies three arithmetic levels: scalar arithmetic, point arithmetic, and field arithmetic [2]. To make fast computation of scalar multiplication, which is the major computation involved in ECC, many works are devoted to the point arithmetic and scalar arithmetic. Point operations mean point addition and doubling, tripling, or quadrupling (or similar operation). In the framework of this chapter, we will concisely examine various researchers on the scalar arithmetic level.

The discussion on this chapter proceeds as follows: In Section 2, we start with the background on ECC over prime fields. Section 3 gives works on fast scalar multiplication on scalar arithmetic, followed by Section 4 which describes works on parallelization of scalar multiplication on scalar arithmetic. The conclusion and perspectives are given in the last section.

#### 2. Overview on ECC over finite prime fields

#### 2.1 Preliminaries

In this section, we give a brief overview on ECC over finite prime fields. By definition, an elliptic curve E over finite field F (of order n) denoted by E(F) can be described by the Weierstrass Eq. [3]:

$$E: \mathbf{y}^2 = \mathbf{x}^3 + a\mathbf{x} + b \tag{1}$$

2.2.1 Key generation with ECC

DOI: http://dx.doi.org/10.5772/intechopen.86584

Algorithm 1. Keys generation

Figure 1.

begin

end

Point addition in ECC.

2.2.2 Encryption with ECC

2. Compute Q=dP 3. Return(Q , d)

point: m=C2 -kQ.

begin

end

45

Algorithm 2. Encryption.

2. Select k ∈[1, n-1] 3. Compute C1=kP 4. Compute C2=M+kQ 5. Return(C1, C2)

Output: (C1,C2) // encrypted text

1. Mapping message m to a point M ∈ E(Fp)

Public and private keys are associated with public parameters (p, E, P, n) where P is the generator point, with order n. n is always equal to the order of the elliptic curve group E and nP= . The private key d is randomly selected in the interval [1, n 1], and the corresponding public key is Q=dP. The ECDLP consists

A Survey of Fast Scalar Multiplication on Elliptic Curve Cryptography for Lightweight…

For encryption, the message m is mapped to a valid point M on the curve and is encrypted by point addition with kQ where k is a random positive integer chosen by the sender and Q = dP represents the public key of receiver. The random k makes sure that even for a same message, the cipher text generated is different each time. The sender then sends the pair of cipher point C2=M+kQ and C1=kP to the receiver. The receiver, upon receiving the cipher point pair C1 and C2, computes dC1=d(k) P=k(dP)= kQ by its own private key d and subtracts the result from the second

Input: (p, E, P, n), Q and m //public parameters,public key and plaintext message m

in determining d from public parameters (p, E, P, n).

Input: p, E, P, n // public parameters generated Output: Public key (Q) and private key d generated

1. Select randomly d in interval [1, n-1]

where a and b ∈ Fp and Fp is a prime field. Most important finite fields used to date to implement cryptosystem have been binary, prime, and extension fields. In this chapter, we work in the context of prime field Fp, where p > 3 and p = qr , with r = 1 and q a prime number called the characteristic of Fp.

Before it can be used for cryptography, the necessary condition is the discriminant of polynomial:

$$F(\mathbf{x}) = \mathbf{x}^3 + a\mathbf{x} + b, \ \mathbf{A} = 4a^3 + 27b^2 \neq 0 \tag{2}$$

The set of pairs (x, y) solves (1), where x,y ∈ Fp and the point at infinity (denoted ∞) forms an abelian group. The scalar multiplication directly depends on two basic operations over points on an elliptic curve: point doubling (2P) and point addition (P + Q) where P and Q are two different points on the elliptic curve. If P = (xp,yp) and Q = (xq,yq), two points (6¼ ∞) on the elliptic curve over Fp denoted by E(Fp), then point addition P + Q = (xpq,ypq) or point doubling 2P = P +Q= (xpq,ypq) if P = Q can be calculated as

$$\begin{cases} \boldsymbol{\chi}\_{pq} = \boldsymbol{\lambda}^2 - \boldsymbol{\chi}\_p - \boldsymbol{\chi}\_q \\ \boldsymbol{\chi}\_{pq} = \boldsymbol{\lambda}(\boldsymbol{\chi}\_p - \boldsymbol{\chi}\_{p+q}) - \boldsymbol{\chi}\_p \end{cases} \tag{3}$$

$$\begin{cases} \boldsymbol{\lambda} = \frac{\boldsymbol{\mathcal{Y}}\_q - \boldsymbol{\mathcal{Y}}\_p}{\boldsymbol{\mathcal{X}}\_q - \boldsymbol{\mathcal{X}}\_p} \text{ if } P \neq \mathbf{Q} \end{cases} \tag{4}$$

$$\begin{cases} \lambda = \frac{\lambda^2}{2\lambda\_p^2 + a} & \text{if } P = Q \\ \lambda = \frac{2\lambda\_p}{2\lambda\_p} & \text{if } P = Q \end{cases} \tag{4}$$

The negative of point P = (xp,yp) is point -P (xp,-yp), where P and -P are two points on the elliptic curve (Figure 1).

#### 2.2 Encryption/decryption with ECC

The security of ECC relies on the difficulty of solving the elliptic curve discrete log problem (ECDLP). Let E be an elliptic curve over finite field F and P ∈ E(F), given a multiple Q of P, the elliptic curve discrete log problem is to find d ∈ F such that dP = Q. For example, if P = (2, 2) and Q = (0, 6), then 3P = Q, so d=3 is a solution to the discrete logarithm problem. Three operations are very much required to formulate a valid cryptosystem in ECC: key generation, encryption, and decryption.

A Survey of Fast Scalar Multiplication on Elliptic Curve Cryptography for Lightweight… DOI: http://dx.doi.org/10.5772/intechopen.86584

The discussion on this chapter proceeds as follows: In Section 2, we start with the background on ECC over prime fields. Section 3 gives works on fast scalar multiplication on scalar arithmetic, followed by Section 4 which describes works on parallelization of scalar multiplication on scalar arithmetic. The conclusion and

In this section, we give a brief overview on ECC over finite prime fields. By definition, an elliptic curve E over finite field F (of order n) denoted by E(F) can be

where a and b ∈ Fp and Fp is a prime field. Most important finite fields used to date to implement cryptosystem have been binary, prime, and extension fields. In this chapter, we work in the context of prime field Fp, where p > 3 and p = qr

Before it can be used for cryptography, the necessary condition is the discrimi-

The set of pairs (x, y) solves (1), where x,y ∈ Fp and the point at infinity (denoted ∞) forms an abelian group. The scalar multiplication directly depends on two basic operations over points on an elliptic curve: point doubling (2P) and point addition (P + Q) where P and Q are two different points on the elliptic curve. If P = (xp,yp) and Q = (xq,yq), two points (6¼ ∞) on the elliptic curve over Fp denoted by E(Fp), then point addition P + Q = (xpq,ypq) or point doubling 2P = P +Q=

> xpq <sup>¼</sup> <sup>λ</sup><sup>2</sup> � xp � xq ypq ¼ λ xp � xpþ<sup>q</sup>

> > <sup>p</sup> þ a 2yp

The negative of point P = (xp,yp) is point -P (xp,-yp), where P and -P are two

The security of ECC relies on the difficulty of solving the elliptic curve discrete log problem (ECDLP). Let E be an elliptic curve over finite field F and P ∈ E(F), given a multiple Q of P, the elliptic curve discrete log problem is to find d ∈ F such that dP = Q. For example, if P = (2, 2) and Q = (0, 6), then 3P = Q, so d=3 is a solution to the discrete logarithm problem. Three operations are very much

required to formulate a valid cryptosystem in ECC: key generation, encryption, and

<sup>λ</sup> <sup>¼</sup> yq � yp xq � xp

<sup>λ</sup> <sup>¼</sup> <sup>3</sup>x<sup>2</sup>

� � � yp

if P 6¼ Q

if P ¼ Q

<sup>E</sup> : <sup>y</sup><sup>2</sup> <sup>¼</sup> <sup>x</sup><sup>3</sup> <sup>þ</sup> ax <sup>þ</sup> <sup>b</sup> (1)

<sup>þ</sup>axþb, <sup>Δ</sup> <sup>¼</sup> 4a3 <sup>þ</sup> 27b2 6¼ <sup>0</sup> (2)

, with

(3)

(4)

perspectives are given in the last section.

described by the Weierstrass Eq. [3]:

(xpq,ypq) if P = Q can be calculated as

points on the elliptic curve (Figure 1).

2.2 Encryption/decryption with ECC

decryption.

44

2.1 Preliminaries

nant of polynomial:

2. Overview on ECC over finite prime fields

Modern Cryptography – Current Challenges and Solutions

r = 1 and q a prime number called the characteristic of Fp.

F xð Þ¼x<sup>3</sup>

(

8 >>><

>>>:

#### 2.2.1 Key generation with ECC

Public and private keys are associated with public parameters (p, E, P, n) where P is the generator point, with order n. n is always equal to the order of the elliptic curve group E and nP= . The private key d is randomly selected in the interval [1, n 1], and the corresponding public key is Q=dP. The ECDLP consists in determining d from public parameters (p, E, P, n).

Algorithm 1. Keys generation


#### 2.2.2 Encryption with ECC

For encryption, the message m is mapped to a valid point M on the curve and is encrypted by point addition with kQ where k is a random positive integer chosen by the sender and Q = dP represents the public key of receiver. The random k makes sure that even for a same message, the cipher text generated is different each time. The sender then sends the pair of cipher point C2=M+kQ and C1=kP to the receiver. The receiver, upon receiving the cipher point pair C1 and C2, computes dC1=d(k) P=k(dP)= kQ by its own private key d and subtracts the result from the second point: m=C2 -kQ.

Algorithm 2. Encryption.

