隨著電子商務逐年的發展，對資訊安全的需求也逐漸的增加。為了提供完整的及強而有力的資訊安全的服務，我們需要不同的對稱式密碼系統及非對稱式的密碼系統，像是橢圓曲線加密演算法，來提供資訊安全的解決方案。在非對稱加密系統中，RSA加密演算法一直都被普遍的使用。但是近年來，橢圓曲線加密演算法成為非對稱式的密碼系統的另一種考量。相對於RSA加密演算法而言，橢圓曲線加密演算法只需要較少的金鑰長度即可提供相同的安全層級。因此橢圓曲線加密演算法更容易使用在智慧卡、PDA、手機或其它的嵌入式系統中。

在橢圓曲線加密演算法中，橢圓曲線純量乘法是最耗時的運算，因此在本篇論文裡，我們提出了一個在二元域的橢圓曲線純量乘法演算法。因為這個演算法的主要架構是一個有限狀態機，所以它很適合用在硬體的實現上，而且在軟體的實現上也是可行的。在效能上，它能夠降低傳統的雙重一加純量乘法演算法的運算量達到 12.8%，而且如果模數倒數運算的時間相對於模數乘法運算的時間不會太高的話，它的表現也能超過其它的橢圓曲線純量乘法，像是蒙哥馬利純量乘法演算法及加減純量乘法演算法。

根據這個新提出來的在二元域的橢圓曲線純量乘法演算法，我們設計了一個基於語塊的，可擴展的雙域橢圓曲線加密演算法的處理器。若記憶體的大小擴充的話，它可以處理更大的金鑰長度。

Due to the prevalance of e-commerce increases year by year, the demand for information security also increases. In order to provide comprehensive and robust security sevices, we need security solutions built from cryptosystems including secret-key cryptosystems and public-key cryptosystems.
Using Rivest-Shamir-Adleman algorithm (RSA) as the public-key cryptosystem has been prevailed over years. However, in recent years, elliptic curve cryptography (ECC) has emerged as an alternative to other public-key cryptosystems because it can provide the same security level with a smaller key size. Therefore it has advantage to be implemented in smart cards, PDA, cellular phones and other embedded systems.
In elliptic curve cryptography, the most time-consuming operation is the scalar point multiplication, so we propose a new algorithm to compute scalar point multiplication over GF($2^n$) with the on-the-fly recoding. Due to the framework of a finite state machine within this algorithm, it is easy to implement in hardware. Besides, it is also not difficult to implement in software. It improves the conventional scalar point multiplication method, double-and-add (affine), around 12.8%, and can compete other scalar point multiplication methods, such as Montgomery scalar point multiplication or addition-subtraction method if the cost ratio of modular inverse to modular multiplication is not high. Based on this new algorithm, a scalable dual-field ECC processor is also implemented. Due to the word-based design, it can process larger key size when the memory is expanded.

[1] IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, Jan. 2000.
[2] The Elliptic Curve Cryptosystem. Certicom corporation, 2000.
[3] R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck, “Fast key exchange with elliptic curve systems,” Lecture Notes in Computer Science, vol. 963, pp. 43–56, 1995.
[4] S. Moon, “Speeding up the computations on an elliptic curve using addition-subtraction chains,” in Proc. Int. Conf. Solid-State and Integraed Circuits Technology, vol. 3, (Beijing), pp. 2063–2066, Oct. 2004.
[5] Security Architecture for an Open Systems Interconnections for CCIT Applications Recommendation X.800. International Telecommunication Union (ITU), 1991.
[6] National Institute of Standards and Technology (NIST), Data Encryption Standard (DES). Springfield, VA 22161: National Technical Information Service, Oct. 1999.
[7] National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES). Springfield, VA 22161: National Technical Information Service, Nov. 2001.
[8] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Information Theory, pp. 644–654, 1976.
[9] W. Stallings, Cryptography and Network Security: Principles and Practice, Third edition. Prentice Hall, 2003. Winner of the 1999 Award for the best Computer Science and Engineering text book, award by the Text and Academic Authors Association, Inc.
[10] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem,” Communications of the ACM, vol. 21, pp. 120–126, Feb. 1978.
[11] E. W. W. et al., Group. MathWorld–A Wolfram Web Resource. http://mathworld.wolfram.com/Group.html.
[12] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 21, 1987.
[13] V. Miller, “Uses of elliptic curves in cryptography,” in Advances in Cryptography, Crypto 85,
pp. 417–426, Springs Verlag LNCS 218, 1986.
[14] P. L. Montgomery, “Modular multiplication without trial division,” Mathematics of Computation, vol. 44, pp. 519–521, Apr. 1985.
[15] Cetin Kaya Koc﹐ and B. S. Kaliski, Jr., “Analyzing and comparingMontgomerymultiplication
algorithms,” IEEE Micro, vol. 16, pp. 26–33, June 1996.
[16] J. Lopez and R. Dahab, “Improved algorithms for elliptic curve arithmetic in GF(2n),” in
Selected Areas in Cryptography, pp. 201–212, 1998.
[17] E. Al-Daoud, R. Mahmod, M. Rushdan, and A. Kilicman, “A new addition formula for elliptic
curves over GF(2n),” IEEE Trans. Computers, vol. 51, pp. 972–975, Aug. 2002.
[18] F. Morain and J. Olivos, “Speeding up the computations on an elliptic curve using additionsubtraction
chains,” in Inform. Theor. Appl., vol. 24, pp. 531–543, 1990.
[19] D. M. Gordon, “A survey of fast exponentiationmethods,” Jornal of Algorithms, pp. 129–146, 1998.
[20] D. Hankerson, J. Lopez, and A. Menezes, “Software implementation of elliptic curve cryptography
over binary fields,” in Cryptographic Hardware and Embedded Systems (CHES),
pp. 1–24, Aug. 2000.
[21] R. Katti, “Speeding up elliptic cryptosystems using a new signed binary representation for integers,” in Proceedings of the Euromicro Symposium on Digital System Design, pp. 380–
384, Sept. 2002.
[22] J. Lopez and R. Dahab, “Fast multiplication on elliptic curves over GF(2m) without precomputation,” in Cryptographic Hardware and Embedded Systems (CHES), pp. 316–327, 1999.
[23] G. Orlando and C. Paar, “A high-performance reconfigurable elliptic curve processor for GF(2m),” Lecture Notes in Computer Science, vol. 1965, pp. 41–57, 2001.
[24] N. Saqib, F. Rodriguez-Henriquez, and A. Diaz-Perez, “A parallel architecture for fast computation of elliptic curve scalar multiplication over GF(2m),” in IEEE Int. Parallel & Distributed
Processing Symposium (IPDPS), p. 144, Apr. 2004.
[25] A. Satoh and K. Takano, “A scalable dual-field elliptic curve cryptographic processor,” IEEE Trans. Computers, vol. 52, no. 4, pp. 449–460, 2003.
[26] M.-C. Sun, C.-P. Su, C.-T. Huang, and C.-W. Wu, “Design of a scalable RSA and ECC crypto-processor,” in Proc. Asia and South Pacific Design Automation Conf. (ASP-DAC),
(Kitakyushu), pp. 495–498, Jan. 2003. (Best Paper Award).
[27] S. Moon, “A 193-bit encryption processor for elliptic curve cryptosystem using fast VLSI algorithms in finite fields,” in Consumer Communications and Networking Conference
(CCNC), (Las Vegas), pp. 611–613, Jan. 2005.
[28] E. Savas and C.K.Koc﹐“The montgomery modular inverse-revisited,” IEEE Trans. Computers, vol. 49, pp. 763–766, July 2000.
[29] K. Fong, D. Hankerson, J. Lopez, and A. Menezes, “Field inversion and point halving revisited,” IEEE Trans. Computers, vol. 53, pp. 1047–1059, Aug. 2004.