Table of Contents
Advertisement
Public key accelerator (PKA)
Alice, to decrypt ciphertext c using her private key, follows the steps indicated below:
1.
Convert the ciphertext C to an integer ciphertext representative c.
2.
Recover plaintext m = c
dp, dq, qInv), then plaintext m is obtained by performing the operations:
a)
b)
c)
d)
3.
Convert the integer message representative m to an encoded message EM.
4.
Recover message M= DECODE(EM), where DECODE is a decoding method.
Above operations can be accelerated by PKA using
private key is d, or
qInv).
Note:
The decoding operation and the conversion operations between message and integers are
specified in PKCS#1 standard.
Elliptic curve selection
For following ECC operations curve parameters are defined as below:
•
Curve corresponds to the elliptic curve field agreed among actors (Alice and Bob).
Supported curves parameters are summarized in
curves.
•
G is the chosen elliptic curve base point (also known as generator), with a large prime
order n (i.e. n x G = identity element O).
ECDSA message signature generation
ECDSA (Elliptic Curve Digital Signature Algorithm) signature generation function principle is
the following: Alice, to sign a message m using her private key integer d
below.
1.
Calculate e = HASH(m), where HASH is a cryptographic hash function.
2.
Let z be the L
3.
Select a cryptographically secure random integer k where 0 < k < n.
4.
Calculate the curve point (x
5.
Calculate r = x
6.
Calculate s = k
7.
The signature is the pair (r, s).
Steps 4 to 7 are accelerated by PKA using:
•
ECDSA sign
•
All of the operations below:
–
–
–
–
596/1306
d
mod n = (m
dp
m
= c
mod p
1
dq
m
= c
mod q
2
h = qInv (m
– m
) mod p
1
2
m = m
+ h q
2
RSA CRT exponentiation
leftmost bits of e, where L
n
mod n. If r =0 go back to step 3.
1
-1
(z + rd
) mod n. If s =0 go back to step 3.
A
or
ECC Fp scalar multiplication
Modular reduction
A mod n
-1
Modular inversion
A
Modular addition
and
e
d
)
mod n. If the private key is the quintuple (p, q,
Modular exponentiation
if the private key is the quintuple (p, q, dp, dq,
is the bit length of the group order n.
n
, y
) = k x G.
1
1
k x P
mod n
Modular and Montgomery multiplication
RM0461 Rev 5
Section 22.5.1: Supported elliptic
, follows the steps
A
RM0461
e
A
mod n if the
Advertisement
Chapters
Table of Contents
Need help?
Do you have a question about the STM32WLEx and is the answer not in the manual?