Public key accelerator (PKA) RM0453
700/1454 RM0453 Rev 2
Alice, to decrypt ciphertext c using her private key, follows the steps indicated below:
1. Convert the ciphertext C to an integer ciphertext representative c.
2. Recover plaintext m = c
d
mod n = (m
e
)
d
mod n. If the private key is the quintuple (p, q,
dp, dq, qInv), then plaintext m is obtained by performing the operations:
a) m
1
= c
dp
mod p
b) m
2
= c
dq
mod q
c) h = qInv (m
1
– m
2
) mod p
d) m = m
2
+ h q
3. Convert the integer message representative m to an encoded message EM.
4. Recover message M= DECODE(EM), where DECODE is a decoding method.
Above operations can be accelerated by PKA using Modular exponentiation A
e
mod n if the
private key is d, or RSA CRT exponentiation if the private key is the quintuple (p, q, dp, dq,
qInv).
Note: The decoding operation and the conversion operations between message and integers are
specified in PKCS#1 standard.
Elliptic curve selection
For following ECC operations curve parameters are defined as below:
• Curve corresponds to the elliptic curve field agreed among actors (Alice and Bob).
Supported curves parameters are summarized in Section 24.5.1: Supported elliptic
curves.
• G is the chosen elliptic curve base point (also known as generator), with a large prime
order n (i.e. n x G = identity element O).
ECDSA message signature generation
ECDSA (Elliptic Curve Digital Signature Algorithm) signature generation function principle is
the following: Alice, to sign a message m using her private key integer d
A
, follows the steps
below.
1. Calculate e = HASH(m), where HASH is a cryptographic hash function.
2. Let z be the L
n
leftmost bits of e, where L
n
is the bit length of the group order n.
3. Select a cryptographically secure random integer k where 0 < k < n.
4. Calculate the curve point (x
1
, y
1
) = k x G.
5. Calculate r = x
1
mod n. If r =0 go back to step 3.
6. Calculate s = k
-1
(z + rd
A
) mod n. If s =0 go back to step 3.
7. The signature is the pair (r, s).
Steps 4 to 7 are accelerated by PKA using:
• ECDSA sign or
• All of the operations below:
– ECC Fp scalar multiplication k x P
– Modular reduction A mod n
– Modular inversion A
-1
mod n
– Modular addition and Modular and Montgomery multiplication
To Next Page
Loading...
Need help?
General
