Low complexity montgomery multiplication architecture for elliptic curve cryptography over GF(pm)

In this paper, a scalable VLSI multiplication architecture based on Montgomery multiplication (MM) algorithm for elliptic curve cryptography (ECC) over GF(p^m), where p is a positive prime and m is the degree of extension of the base field GF(p), is presented. The elements of the GF(p^m) are in polynomial basis (PB) representation. The coefficients of the polynomials are represented in Montgomery residue format to simplify the multiplications over GF(p). The proposed algorithm of MM over GF(p^m) requires m(m+1) MMs and m² additions over GF(p). However, the proposed architecture takes {m(m+1)N_mm+N_add +1} cycles to compute MM over GF(p^m), where N_mm > N_add = 2, and N_mm and N_add are the numbers of cycles to complete an MM and an addition over GF(p), respectively. The security of an ECC scheme depends on the number of elements in GF(p^m). Hence, for a p with nominal bit length (p≫2), the value of m can be small, but the GF(p^m) still contains almost equal number of elements to a GF(2^k), where k is positive integer. The complexity of the MM architecture over GF(p) is reduced by using carry-save-adder (CSA) based implementation, where N_PE is the depth of the CSA. Analysis shows that the area complexity of the proposed architecture is significantly less. Implementation in AMS-0.35um technology, with L=30 (for p=536872717), m=23 and N_PE=8, yields a clock frequency of 20.885 MHz, throughput of 6243.68 multiplications per second and power consumption of 86.8 mW (at 20 MHz).