Advertisement
RM0432
Public key accelerator (PKA) applied to STM32L4P5xx and STM32L4Q5xx only
Alice, to decrypt ciphertext c using her private key, follows the steps indicated below:
1.
Convert the ciphertext C to an integer ciphertext representative c.
2.
Recover plaintext m = c
dp, dq, qInv), then plaintext m is obtained by performing the operations:
a)
b)
c)
d)
3.
Convert the integer message representative m to an encoded message EM.
4.
Recover message M= DECODE(EM), where DECODE is a decoding method.
Above operations can be accelerated by PKA using
private key is d, or
qInv).
Note:
The decoding operation and the conversion operations between message and integers are
specified in PKCS#1 standard.
Elliptic curve selection
For following ECC operations curve parameters are defined as below:
•
Curve corresponds to the elliptic curve field agreed among actors (Alice and Bob).
Supported curves parameters are summarized in
curves.
•
G is the chosen elliptic curve base point (also known as generator), with a large prime
order n (i.e. n x G = identity element O).
ECDSA message signature generation
ECDSA (Elliptic Curve Digital Signature Algorithm) signature generation function principle is
the following: Alice, to sign a message m using her private key integer d
below.
1.
Calculate e = HASH(m), where HASH is a cryptographic hash function.
2.
Let z be the L
3.
Select a cryptographically secure random integer k where 0 < k < n.
4.
Calculate the curve point (x
5.
Calculate r = x
6.
Calculate s = k
7.
The signature is the pair (r, s).
Steps 4 to 7 are accelerated by PKA using:
•
ECDSA sign
•
All of the operations below:
–
–
–
–
d
mod n = (m
dp
m
= c
mod p
1
dq
m
= c
mod q
2
h = qInv (m
– m
) mod p
1
2
m = m
+ h q
2
RSA CRT exponentiation
leftmost bits of e, where L
n
mod n. If r =0 go back to step 3.
1
-1
(z + rd
) mod n. If s =0 go back to step 3.
A
or
ECC Fp scalar multiplication
Modular reduction
A mod n
-1
Modular inversion
A
Modular addition
and
e
d
)
mod n. If the private key is the quintuple (p, q,
Modular exponentiation
if the private key is the quintuple (p, q, dp, dq,
is the bit length of the group order n.
n
, y
) = k x G.
1
1
k x P
mod n
Modular and Montgomery multiplication
RM0432 Rev 6
Section 36.5.1: Configuration of
, follows the steps
A
e
A
mod n if the
1171/2301
1196
Advertisement
Need help?
Do you have a question about the STM32L4+ Series and is the answer not in the manual?