Received 19 August 2024, accepted 27 September 2024, date of publication 3 October 2024, date of current version 14 October 2024.

Digital Object Identifier 10.1109/ACCESS.2024.3472650

A Fast and Efficient 191-bit Elliptic Curve

Cryptographic Processor Using a Hybrid
Karatsuba Multiplier for IoT Applications
SUMIT SINGH DHANDA 1 , BRAHMJIT SINGH 2 , (Member, IEEE),
CHIA-CHEN LIN 3 , (Member, IEEE), POONAM JINDAL2 , (Member, IEEE), DEEPAK PANWAR 4 ,
TARUN KUMAR SHARMA5 , SAURABH AGARWAL 6 , AND WOOGUIL PAK 6 , (Member, IEEE)
1 Department of Computer Science and Engineering, IILM University, Greater Noida, Uttar Pradesh 201306, India
2 Department of ECE, National Institute of Technology, Kurukshetra, Haryana 136119, India
3 Department of Computer Science and Information Engineering, National Chin-Yi University of Technology, Taichung 411, Taiwan
4 Department of CSE, Manipal University Jaipur, Jaipur 303007, India
5 Department of Computer Science and Engineering, Shobhit University Gangoh, Saharanpur, Uttar Pradesh 247341, India
6 Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Republic of Korea

Corresponding authors: Chia-Chen Lin ([email protected]), Saurabh Agarwal ([email protected]), and Wooguil Pak
([email protected])
This work was supported in part by the National Science and Technology Council under Grant NSC 111-2410-H-167-005-MY2 and Grant
NSC 112-2634-F-005-001-MBK.

ABSTRACT The most widely used asymmetric cipher is ECC. It can be applied to IoT applications to offer
various security services. However, a wide range of sectors have been investigated for applying ECC. The
field of elliptic curve cryptographic processors for GF (2191) has received less attention. This study presents
a low-resource, high-efficiency architecture for a 191-bit ECC processor. This design uses a novel hybrid
Karatsuba multiplier for the multiplication of finite fields. For GF (2191), the Quad-Itoh-Tsuji algorithm has
been altered to provide a small-size inversion unit. PlanAhead software synthesizes the CPU, which is then
implemented on several Xilinx FPGAs. With savings in slice consumption ranging from 16 to 43 percent,
the implemented design is the most restricted compared to the current designs. Compared to previously
published designs, it is 3.8–1000 times faster. The elliptic curve scalar multiplication on the Virtex-7 FPGA
is computed in 7.24 µs. Additionally, the proposed design achieves savings in area-time products of 77 to
90 percent. It may be beneficial for IoT edge devices. It utilizes 3120 mW of power for the operation.
A state-of-the-art comparison based on the figure of merit (FoM) reveals that the proposed design outclasses
the newest designs by a large margin. It also exhibits a throughput of 138.121 Kbps.

INDEX TERMS Elliptic curve cryptography (ECC), field programmable gate arrays (FPGA), information
security, Internet of Things (IoT), Karatsuba multiplier.

I. INTRODUCTION devices, which were 25 and 50 billion in 2015 and 2020, will
The Internet of Things (IoT) provides the means to automate be 500 billion in 2025 [3]. The growth is exponential and will
various processes in different fields of life. It is the first soon overtake the population on the earth.
evolution of the internet [1], [2]. Since its inception in the late Billions of smart devices, from servers to sensors, com-
nineties, IoT has expanded to engulf the entire earth, extend- municating amongst different platforms, present diverse sets
ing its horizons beyond it. The number of connected devices is of challenges such as interoperability of technologies, secu-
growing day by day. As per CISCO, the number of connected rity & privacy, longevity & support, etc. [4]. These devices
can be categorized into resource-rich, such as servers, tablets,
The associate editor coordinating the review of this manuscript and etc., and resource-constrained, such as connected sensors,
approving it for publication was Alessandro Pozzebon. RFID tags, etc. As IoT devices are deployed openly to
2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
144304 For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ VOLUME 12, 2024
S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

collect confidential data, they are easy targets for attack- ECCP. As the security of the ECCP is directly related to field
ers and susceptible to many security attacks. All these size, it provides higher bit security than 163-bit fields. Hence,
circumstances make the cybersecurity of IoT devices a considering all these factors, this work proposes a 191-bit
major challenge. Meneghello et al. [5] classified the security ECCP that is smaller in size and reduces the computation time
requirements of IoT into three operational levels. These are of the ECSM.
functional, information, and access levels. Lightweight cryp- The contribution of this work can be summarized as
tography is considered the main security mechanism for IoT. follows:
These are shown in Figure 1. • A hybrid Karatsuba multiplier for the Galois field (2191 )
has been designed.
• A new elliptic curve crypto-processor for a 191-bit field
has been designed.
• The Quad-Itoh Tsuji algorithm is used to design this
processor.
• The latency and area for the processor are minimal.
There are five portions in the work. The importance of ECC
in information security was highlighted in the first section.
In the related work section, significant works from the past
and present are covered. Section III contains the processor’s
specifications and an overview of its design. In Section IV,
FIGURE 1. Operational level classification of security requirements [5].
the ECCP’s implementation outcomes are presented and con-
Cryptographic algorithms can be used to secure data trasted with previous works. In section V, future work is
from such threats. Symmetric and asymmetric algorithms are explored, and the conclusion is finally delivered.
available for this purpose. Still, asymmetric algorithms can
provide a base for multiple security services such as confiden- II. RELATED WORK
tiality, data integrity, availability, privacy, non-repudiation, Several security services for the Internet of Things (IoT) can
authentication & authorization, etc. Among security stan- be offered using ECC. In this primitive, scalar multiplication
dards, elliptic curve cryptography (ECC) is the first-choice (SM) is the most expensive operation. ECC can be made
asymmetric key cipher [6]. Numerous security protocols [7], lighter if SM can work with limited resources. The FFM
[8], including BLE 4.2, 6LoWPAN, TLS, and CoAP, have employed in the ECCP design is one of the key criteria deter-
employed ECC. The degree of security offered by ECC mining its size and calculation time. In [10], authors propose
relies on the key sizes and the difficulty of the elliptic curve a design for calculating scalar multiplication in elliptic curve
discrete logarithm problem (ECDLP). There isn’t a known cryptography (ECC) using two distinct algorithms. Binary
sub-exponential algorithm for figuring out ECDLP. There- Karatsuba multiplication was one of the algorithms, while a
fore, much smaller key sizes are needed to offer adequate classical method was the other.
security than other public key cryptosystems. Much effort is being put into the prime fields and general
Crypto-processors are used to implement cryptographic architecture. These prime fields are less vulnerable than the
algorithms in hardware. It helps accelerate the encryp- binary fields. More secure curves are being utilized for the
tion, enhances tamper, provides key protection, and allows implementations. One such effort is presented by [12]. It used
users true end-to-end encryption. Due to the vulnerable twisted Edward curves and a radix 23 multiplier for the opti-
nature of the wireless channel, encryption parameters can- mized implementation, which used .8 ms and 132.2K cycle
not be trusted with such communication [9]. It makes use counts.
of crypto-processors all the more necessary. ECC’s elliptic By merging these two methods, the authors created a
curve scalar multiplication (ECSM) is expensive. With the speedier algorithm. Using the same idea, a quicker hybrid
advancement of technology, the size of sensors and other Karatsuba multiplier was developed in [13] by substituting
devices is becoming smaller. To accommodate these devices, a new version of Karatsuba multiplication for the classical
the crypto-processor should also be made lightweight. The algorithm. The writers have made one such attempt in [14].
performance of ECCP can be improved by reducing the The authors reported an effective FPGA implementation of
computation time for ECSM. This can be achieved by elliptic curve point multiplication for GF (2191)n [11]. The
improving the underlying finite field multipliers and inver- authors intended to use both a modified Karatsuba-Ofman
sion algorithm. multiplication and an adaptive design. Using a modular mul-
Binary-extension fields are chosen to implement such pro- tiplier in Jacobian coordinates, a fast multiplication was
cessors mainly. NIST [9] recommends 163-, 233-, 283-, proposed for a random Weierstrass curve. Multiplication and
409- and 571-bit fields for the design of such processors. division are optimized using the common Z-coordinate [15].
But some efforts [10], [11] were also made in the 191-bit A fast design based on an arbitrary Weierstrass curve has been
field, which is less explored for the implementation of the proposed for the prime fields.

VOLUME 12, 2024 144305

 S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

Using a pipeline for Montgomery modular multiplication routing with pipelining and parallelism was given in [26].
has resulted in faster calculation. It can also be used for the In [27], a high-speed FPGA implementation of ECC was
SCA resistance [16]. The authors present [17] an innovative demonstrated through several forms of data route pipelining.
hardware design for ECSM that implements several optimiza- The authors suggested a multiplier [28] for quick ECC exe-
tion techniques at both the circuit and system levels. At the cution. Energy efficiency is another requirement for a cipher
circuit level, it relies on a highly efficient finite field multi- that offers security in tiny devices. The authors of [28] and
plier that requires a reduced number of clock cycles, results [29] suggest an energy-efficient d2d communication for the
in less delay, and utilizes fewer hardware resources. The sys- Internet of Medical Things (IoMT) and smart cities utiliz-
tem utilizes Jacobian coordinates, the Montgomery laddering ing ECC. A simple authentication system utilizing ECC is
technique, and a rapid scheduling technique to perform group put out in [30] to protect privacy in smart grids. A brand-
operations. A scalar multiplier design is introduced in [18], new asymmetric multiple-image encryption technique based
considering both area and time. Implementing this design on elliptic curve cryptography and quick response code is
on several FPGA platforms yields superior area-time product put forth in [31]. This novel approach’s elliptic curve cryp-
and efficiency outcomes. The system relies on unified finite tography picture encryption system uses four fast response
field arithmetic (UFFA) units to perform fundamental field code images converted from four photos and a randomly
computations. These components utilize practical parallelism generated intensity key as the input. This system can pro-
approaches to enhance the attainable frequency while imple- duce two real-number ciphertexts. Another technique for
menting innovative resource-sharing tactics to minimize the IoT image encryption is used in [32] to improve network
cost of hardware resource consumption. The authors of [19] security. A Karatsuba multiplier with fully parallel archi-
implemented SIKE-based ECCP using a low-latency modular tecture has been designed in [33]. While [34], [35], [36],
multiplier. For that reason, a distinct field arithmetic logic [37], [38], [39], [40], [41], [42] discuss the state-of-the-art
unit is built, and SIKEp751 is completed in 9.3 ms. A Mont- designs proposed in ECCP based on new and safe curves,
gomery modular multiplier [20] creates a lightweight ECC scalability/reconfigurability/ flexibility and, prime fields, etc.
solution for IoT devices. These are discussed briefly in Table 1.
The ECCP’s inversion algorithm is the second crucial com- According to a thorough analysis of the currently acces-
ponent that needs to be improved. The process of inversion sible literature, the majority of the development efforts for
is expensive and time-consuming. Therefore, the emphasis ECCP have been concentrated on the NIST curves in 163-,
designer should use it as little as possible. Lopez-Dahab 233-, 283-, 409-, and 571-bit fields. Fewer efforts have been
coordinates [21] have helped solve this challenge. These made for the 191-bit Galois field, which has been the primary
coordinates are used to calculate ECSM, which only needs driving force for creating a quick and effective ECCP for the
one inversion. This inversion is only computed once after the 191-bit field.
algorithm transforms the findings back to affine coordinates. This survey has identified the following gaps:
Scientists have tried to improve the efficiency of inversion.
i. A limited number of attempts are made for ECCP-191
In reference [22], a new architecture for point multiplication
have been proposed.
was presented using a modified Montgomery ladder. It is
ii. Time and resource requirements can be optimized with
intended for use with irreducible polynomials in general. The
a new implementation
modified Itoh-Tsuji algorithm reduces computing time. The
iii. A new hybrid multiplier with sub-quadratic complexity
target fields for the design are GF (2233 ) and GF (2163 ).
can be designed.
Another element that influences the ECCP design is the
choice of curves. Typically, ECCP is designed using binary
extension curves. However, prime curves can also be utilized III. PROCESSOR DESIGN
for the ECCP design. One type of curve that can be used A. FIELDS
to create ECCP is the Koblitz curve. The constant values Galois fields are decomposed into two types of fields. One
on these curves differ from those on binary curves. Using is a binary extension field denoted by GF(2m ), and another
the right-to-left multiplication with a Frobenius map on all is a prime field denoted by GF(p). As binary fields are
NIST fields, the authors of [23] presented the design of more effective when implemented on hardware and have
ECCP. Another attempt to provide security using Koblitz more accessible mathematics, they have been employed in
curves is [24], which uses AMD-Xilinx Kintex-7 FP, El- this work. Addition and subtraction operations are carried
Gamal encryption, and ECC on Intel Cyclone 10 processors. out using the logical exclusive-OR (XOR) operation, while
In [25], curve 25519 was used to develop ECSM. It uses the multiplication operations are carried out using the logical
Karatsuba-Ofman multiplier and achieves minimal latency. AND operation.
It has been implemented in the Galois field (2163). A detailed investigation of the ECC hardware implemen-
Moreover, parallelism and pipelining can enhance an tation’s performance over the binary and prime fields can
ECCP’s performance. To reduce resource consumption in be found in the reference [33]. Polynomial-basis is a widely
ECC, a system that combined effective LUT placement and used method for implementing GF(2m). Given a degree

144306 VOLUME 12, 2024

S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

TABLE 1. A comparison table for different ECC implementation. B. POINT MULTIPLICATION

Scalar multiplication is the most time-consuming operation
on elliptic curves. It is carried out as a chain of addition.
Hence, point addition and point doubling are used to com-
plete the operation. The double and add method is used for
efficient and fast multiplication. However, the higher num-
ber of inversion operations in affine coordinates makes it
time-consuming. The Lopez-Dahab algorithm uses projective
coordinates in this multiplication. It helps in minimizing
the number of inversions and optimizes the multiplication
process. The algorithm uses addition and doubling as main
operations, and their calculation is carried as follows:
First, the slope γ is calculated.
y2 − y1
γ = (2)
x2 − x1
Point Addition
y1 + y2 2
   
y1 + y2
x3 = + + x1 + x2 + a (3)
x1 + x2 x1 + x2
 
y1 + y2
y3 = + (x1 + x3 ) + x3 + y1 (4)
x1 + x2
Point Doubling
3x12 + 2ax1 + y1
γ1 = (5)
2y1 + x1
y1
γ1 = x1 + (6)
x1
b
x3 = x12 + 2 (7)
x
1 
y1
y3 = x12 + x1 + x3 + x3 (8)
x1
If P1 ̸= P2 , then we have
y1 + y2 2
   
y1 + y2
x3 = + + x1 + x2 + a (9)
x1 + x2 x1 + x2
x1 y2 + x2 y1 + x1 x22 + x2 x12
= (10)
(x1 + x2 )2
Here P = (x0 , y0 ), and as P = P2 − P1 , then,
m irreducible polynomialPover GF(2), the GF(2m) field is x1 y2 + x2 (x1 + y1 ) + x1 x22 + x2 x12
defined as P (x), P (x) = k−1
j=0 bj ∗ x
j x= (11)
In elliptic curve cryptography, the equation depends on (x1 + x2 )2
the chosen field. In the case of a binary field, the equation By combining (10) and (11)
becomes 
x1
2 
x1

x3 = x1 + + (12)
Y 2 + XY = X 3 + aX 2 + b with b ̸ = 0 x1 + x2 x1 + x2
Finally, we have
While the Weierstrass equation is used for the prime field   2  
x1 x1
 x1 + + if P1 ̸= P2


W
Ea,b : y2 = x 3 + ax + b (1) x1 + x2 x1 + x2
x3 =
b
 x12 + 2

with 4a3 + 27b2 ̸ = 0.
 if P1 = P2
x1
The security threshold is set at 160 bits for ECC. A field
(13)
with an order ≥ 2160 will be considered safe. There-
fore, a binary extension field GF (2191 ) is considered for This means that a y-coordinate is not required during the loop
implementation. process. Consequently, the y-coordinate can be calculated

VOLUME 12, 2024 144307

 S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

based on the x-coordinate in the final stage. As P2 = P1 + P, D. HYBRID KARATSUBA MULTIPLIER

then from (9) and (10) The hybrid-Karatsuba multiplier, proposed in [10], is uti-
lized in this design. The authors implemented it using 19-bit
x1 y + xy1 + x1 x 2 + xx12
x2 = (14) ECC. It was a hybrid of a traditional multiplier and a binary
(x1 + x)2 Karatsuba multiplier. GF (2191) bits comprised the field, and
x n o
y1 =
1
+ 1 (x1 + x) (x2 + x) + x 2 + y + x (15) the irreducible polynomials were x191 + x9 + 1. One way to
x express the fundamental polynomial product is as
Therefore, only x-coordinate is required in the loop process.   m
It helps in reducing the number of finite field operations. C = x m AH BH + AH BL + AL BH x + AL BL (22)
2
C. PROJECTIVE COORDINATES Equation (23) presents the Karatsuba-Ofman Algorithm
The use of projective coordinates helps in making calcu-   
lations more effortless and faster. In standard projective C = x m AH BH + AL BL + AH BH + AL BL + AH + AL
coordinates, the when Z ̸ = 0   m
× BH + BL x (23)
(X , Y , Z ) ↔ (X Z , Y Z ).
 
(16) 2

By substituting (X Z , Y Z ) in equation (16), the projective

  Or equivalently
form of the EC is
C = xm CH + CL (24)
2 3 2 3
ZY + XYZ = X + aX Z + bZ (17)
the equation below can be used to display the coordinates of
Lopez-Dahab [34] is the most suitable system to minimize the the polynomial products.
number of inversions in finite fields. In the Lopez-Dahab sys-
tem, a point on E(GF (2m )) can also be written as (X , Y , Z ). C H = [c2m−2 , c2m−3 , . . . , cm+1 , cm ] (25)
The relation with affine
 coordinates can be expressed as
(X , Y , Z ) ↔ (X Z , Y Z 2 ). Hence, the elliptic curve from C L = [cm−1 , cm−2 , . . . , c1 , c0 ] (26)
equation (1) becomes
However, that design has been modified for the Hybrid
2 3 2 2 6 Karatsuba-Ofman multiplier employed here. Here, the last
E : Y + XYZ = X + aX Z + bZ (18)
recursion has been handled by the general Karatsuba mul-
The use of Lopez-Dahab coordinates helps in optimizing the tiplier, and the simple Karatsuba multiplier has dealt with
calculation method, as equation (13) can now be written as the first ‘‘k-1’’ recursions. This design’s key motivation is
to make the best possible use of the FPGA architecture. The
If P1 = P2 ,
  2  2 idea behind using these two methods is to minimize LUT
X3 Z3 = (X1 Z1 ) + b(Z1 X1 ) consumption by making the most use of LUTs possible. For
. values of m less than 29, [13] shows fewer underutilized
X3 Z3 = x14 + bZ14 Z12 X12

(19)
LUTs in m-bit general Karatsuba than in m-bit basic Karat-
Then, suba. Thus, by combining these two multipliers to create a
hybrid Karatsuba multiplier, which employs simple Karat-
X3 = X12 + bZ14 suba for larger values of m and general Karatsuba for ‘‘m
< 29-bits,’’ the multiplier will be significantly more efficient
Z3 = Z12 X12 (20)
and have fewer underutilized LUTs.
Similarly, if P1 ̸ = P2 According to [13], the standard Karatsuba multiplier has a
small LUT usage since it employs a lot of inputs in the final
X3 = xZ3 + (X1 Z2 )(X2 Z1 ) multiplication. As such, it uses fewer slices. FPGA and a typ-
Z3 = (X1 Z2 + X2 Z1 )2 (21) ical K-O multiplier can be equivalent. There are four stages
to the 191-bit multiplication. A 191-bit multiplier comprises
The arithmetic unit, control unit, and register file comprise the first level, while 95- and 96-bit multipliers comprise the
the three tiers of the elliptic curve processor’s architecture. second. 48- and 47-bit multipliers are found at the third level,
Three register units are contained in a register file. Eight while 24- and 23-bit multipliers are found at the fourth level.
registers in total, each sized at 191 bits. The arithmetic unit The generic Karatsuba multipliers found in level four are used
uses the quad-Itoh-Tsuji algorithm and the hybrid-Karatsuba instead of the simpler multipliers found in the other levels.
multiplier to calculate the various components of scalar mul- Most of the multipliers have quadratic complexities of
tiplication. Scheduling must be done so that the multiplier is (n2 ). However, the design being shown has a sub-quadratic
never left empty. Here, each element is covered individually. complexity of (n1.58 ). Therefore, it is evident that the design
Initially, the Hybrid Karatsuba Multiplier is talked about. reaches a reduced size compared to the previous designs.

144308 VOLUME 12, 2024

S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

E. ELLIPTIC CURVE PROCESSOR

Figure 2 displays the multiplier’s whole design. It comprises a
ROM memory that stores base points in affine form and curve
constant values for use in elliptic curve scalar multiplication
(ECSM). After each clock cycle, the calculated multiplication
values are stored in a register bank. At the beginning of each
clock cycle, these eight registers, each with a bit size of 191,
provide the operands to the arithmetic unit.
The arithmetic unit comprises the Quad-Itoh-Tsuji
(Quad-ITA) inversion method and the Hybrid Karatsuba
Multiplier (HKMul).

FIGURE 3. Finite state machine for ECCP-191.

TABLE 2. Quad-Itoh-Tsuji algorithm for the inverse in GF (2191 ).

FIGURE 2. Block diagram for ECCP-191.

The initial part of this section explains the hybrid Karat-

suba multiplier algorithm. The coordinate system used for
the multiplication is Lopez-Dahab. Quad-ITA performs the
inversion using the field multiplier, or HKMul. The proces-
sor’s architecture also includes a control unit, whose primary
job is to keep the processor’s many components coordinated
and operating correctly so that the task may be completed.
With the aid of control signals, the inversion procedure uses
the same multiplier. Doing this decreases the requirement for
the additional multiplier for the inversion. The processor’s G. FINITE STATE MACHINE / CONTROL UNIT
multiplier is the component that uses the most significant The multiplication is carried out by this processor’s finite
resources. Therefore, replicating it can lead to an exponential state machine/control unit in 38 cycles. Multiplication is a
rise in resource use. very complex process. It uses different circuits. To optimally
utilize the available resources, 33 control signals are gener-
ated in a finite-state machine. Ten distinct signals regulate the
F. Quad-Itoh Tsuji INVERSION
multiplier’s two outputs and ten inputs. The inversion process
In the scalar multiplication circuit, inversion is the circuit that
will use four control signals. The remaining signals are used
uses the second most resources. Many inversion algorithms
to read from or write into register banks. The CPU completes
are used in binary fields. The quickest of all is the Itoh-Tsuji
the calculation in three steps. In the first phase, the proce-
algorithm (ITA). Exponentiation circuits and Brauer addition
dure is initialized using three clock cycles. The second step
chains are used for the calculations. The calculations are
provides the multiplication of projective coordinates. The
replicated to get the desired result quickly. Suppose n is
obtained multiplication in projective coordinates is converted
the size of the addition chain for the inversion. The use of
to an affine one in the third phase, which requires inversion.
quad-ITA will reduce it to (n-1)/2. Hence, the overall inver-
The total number of clock cycles can be calculated as
sion size will be reduced. Figure 3 depicts the cycles required
follows:
to calculate the inverse, as Table 2 shows. In all, 23 cycles
are used in this operation. The Quad-ITA’s matching control #CC = 3 + 12 (h − 1) + 4 (l − h) + 22
signal status is likewise shown in Table 3. The computation = 13 + 8h + 4l
can be completed in 23 cycles because inherent circuitry in
cohesiveness and multipliers are used at each stage. Scalar k, whose length is l and it has a hamming weight h

VOLUME 12, 2024 144309

 S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

TABLE 3. Cycle calculation and control word for Quad-Itoh-Tsuji here. The maximum resources are required for the Virtex-4
algorithm of Table 2.
implementation, while the Spartan-3 implementation is the
second largest. Virtex-6 is the third largest with 8041 slices,
while Virtes-5 consumes only 7412 slices. The consumption
of LUTs also follows a similar trend, except that Virtex-
5 has a minimum count of 21319 LUTs. These results are
presented in Figure 4. Figure 5 presents the results related to
the performance of the implementations. Time for computa-
tion decreases from Spartan-3 to Virtex-7. A similar trend is
followed in area-time products with both LUTs and Slices.

TABLE 4. Comparison table for the Virtex-7 implementation.

Due to space constraints, spartan-3 FPGA is written as S-

3 in Tables and Figures. Similarly, Virtex-4, -5, and -7 are
IV. RESULTS AND DISCUSSIONS represented as V-4, V-5, and V-7, respectively.
This work uses the PlanAhead IDE from Xilinx for synthe-
sis and implements an elliptic curve processor on several
Xilinx FPGAs. Verilog was used to code the design. The
fact that the FPGA needs to support every port in the
design is considered while choosing the boards. The acquired
findings were compared with the designs currently used in
Table 4. It demonstrates that, in comparison to previous
works, a notable improvement in resource use has been made
(Slices). When the gadget is small, the resources become cru-
cial parameters. This 191-bit ECC processor is implemented
on various Xilinx FPGAs and generated using PlanAhead
software. On Virtex-7 FPGA, the design used 21804 LUTs
and 7400 slices. The design achieves a maximum frequency
of 152.3 MHz. The design has a maximum computa-
tional delay of 7.24 µs. Table 4 compares the design and FIGURE 4. Design’s resource consumption on different FPGAs.
other current designs using data from the Spartan-3 FPGA
implementation. Table 5 presents the internal distribution of LUTs for
First of all, the design implementation details for the dif- subsystems of the ECCP-191 on Virtex-7 implementation.
ferent FPGAs are provided in Table 4. The related results It shows that the multiplier, i.e., HKMul-191, is the most
for resource consumption and performance are presented in resource-consuming unit. The complete ALU utilizes 13134
Figure 4 and Figure 5. Resource consumption is calculated in LUTs on Virtex-7 FPGA. Out of these, 10815 LUTs are used
terms of Slices and LUTs. The performance has two parame- for HKMul-191. The squarer unit required 153 LUTs for the
ters: first is time for the computation of scalar multiplication, implementation. The second most resource-consuming unit
and another is the area-time product. This area-time prod- is inversion. The Quad-ITA consumes 4272 LUT. The three
uct has been calculated in two ways in existing literature blocks of registers that store intermediate results and curve
for FPGA implementations. First is the LUTs-Time product parameters need 3112 LUTs for their realization.
presented in [24], and another is the Slices-Time product as Table 6 presents the comparison of the proposed design
given in [13]. Both the calculations are presented in the table with the existing ones. It uses the implementation details on

144310 VOLUME 12, 2024

S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

TABLE 5. Comparison table for ECP-191 implementation. 3.8 times faster than this. Compared to both design imple-
mentations of [11], it is 4.4 and 6 times faster.

FIGURE 6. Comparison of slice consumption with existing designs.

The proposed design is 712.9 times faster than the

design [6] and 1068.154 times faster than [45]-a. It is 127,
224 times faster than design [46] and [47]-a respectively. It is
also 11 and 16 times faster than [43] and [44]. It shows that
FIGURE 5. Design performance on different FPGAs.
there are significant improvements in terms of calculation
time as well.

Spartan-3 to compare with existing designs, as the designs are

primarily implemented on Virtex-E and Virtex-II, represented
as V-E and V-II, due to space constraints.

TABLE 6. Comparison table for ECP-191 implementation.

FIGURE 7. Computational time comparison with existing designs.

FIGURE 8. Area-time product comparison with existing designs.

Figure 8 presents the design’s area-time product, and a

comparison is drawn. It helps identify the efficiency of the
In Figure 6, the comparison of slice consumption with operation. Here, the slice-time product is considered as the
the existing designs has been presented. It shows that the compared designs reported only the slice consumption and
proposed design has a minimum among these designs. The time for computation, which were used to calculate this
savings in resources are 43 percent concerning both imple- parameter. On comparing, it can be observed that the design
mentations of [11], while it achieves 16 percent of area is 5 to 10 times more efficient than the existing designs,
savings when compared to [10]. Figure 7 compares the i.e., it has achieved 90, 87, and 77 percent improvement
time required for the computation of scalar multiplication. over [11]-a, [11]-b and [10] respectively. Overall, this design
The nearest comparison is with [10], which uses 63 µs for can also minimize resource consumption and computation
the computation, while the proposed design at 16.58 µs is time. Its high performance and efficiency make it suitable for

VOLUME 12, 2024 144311

 S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

TABLE 7. A comparison with other curves based on throughput and FoM. TABLE 8. ECC Utilization in IoT Applications.

edge devices where it provides sufficient security with fast

calculations.
Table 7 presents a detailed comparison with state-of-the-art
designs for generalized architectures and new and safe curves
based on the abovementioned factors, along with throughput
and figure of merit (FoM). FoM is a factor that can help fairly
evaluate the design, irrespective of which technology it is
utilizing. It utilizes the methodology used in [37]. Latency,
P, is calculated using equation (27). The units here are in
microseconds.
CCs
P= (27)
Freq
’Thrpt’ is throughput computed in equation (28).
1 106
Thrpt (kbps) = = (28)
Latency (µs) Latency(s)
Thrpt(kbps) Thrpt(bps)
FoM = = × 103 (29)
Area slices
specialized curves, such as Curve25519, are available. These
Using equation (27), latency can be calculated. It is the curves will be used to test the design in the future.
amount of time needed for a single ECPM computation. ECC’s resource efficiency, low power requirement, and
Throughput is computed using equation (28), which is the scalability make it an ideal asymmetric choice for secure edge
reciprocal of delay. Finally, as described in equation (29), device communication. It can also ensure its integrity, making
the FoM is characterized by throughput-to-area, with FPGA it ideal for use. Table 8 below lists applications and devices
slices serving as the area measure. The higher value of FoM where ECC can enhance security with improved throughput
identifies with better performance. Its primary function is to and reduced latency.
remove the bias generated by technology. Table 4 presents a The proposed ECCP can provide privacy, security, and
detailed comparison of the proposed design based on these integrity for applications like Smart supply chains, Smart
three parameters and other factors. The methodology for retail, smart metering, IIoT, and smart healthcare (wearables).
comparison is followed from [37]. The proposed design per- ECCP-191 has minimized latency, improved throughput, and
forms much better than the other designs in all three criteria achieved resource consumption, making it suitable for such
mentioned in equations (27)-(29). The throughput value is applications. Moreover, a 191-bit field will provide greater
138.121 kbps, and the latency is 7.24 µs. The FoM value of security than a 163-bit field with comparable consumption.
18.66 is the highest among all the designs.
The main limitation of the work is the use of simple curves V. CONCLUSION
in binary fields. It was chosen for the fair comparison of The most widely used asymmetric cipher is ECC. It can
the proposed design with existing designs [6], [10], [11], be applied to IoT applications to offer various security ser-
[31], [32], [33], [34] in GF (2191 ). Many safe curves, such vices. Most designs emphasize the ECCP above the 163-,
as Montgomery Curves and Edwards Curves, and even some 233-, and 283-bit fields mentioned by NIST. Few attempts

144312 VOLUME 12, 2024

S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

have been made to construct a 191-bit field ECCP. This [13] C. Rebeiro and D. Mukhopadhyay, ‘‘Power attack resistant efficient FPGA
research describes a 191-bit ECC processor design that is architecture for Karatsuba multiplier,’’ in Proc. 21st Int. Conf. VLSI Design
(VLSID ), vol. 7, Jan. 2008, pp. 706–711, doi: 10.1109/VLSI.2008.65.
highly efficient and low-resource. The design used a new [14] C. A. Lara-Nino, A. Diaz-Perez, and M. Morales-Sandoval, ‘‘Lightweight
hybrid-Karatsuba multiplier and quad-Itoh-Tsuji algorithm elliptic curve cryptography accelerator for Internet of Things appli-
cations,’’ Ad Hoc Netw., vol. 103, Jun. 2020, Art. no. 102159, doi:
to achieve a tiny size and low latency. PlanAhead software
10.1016/j.adhoc.2020.102159.
synthesizes the CPU, which is then implemented on several [15] Y. Hao, S. Zhong, M. Ma, R. Jiang, S. Huang, J. Zhang, and W. Wang,
Xilinx FPGAs. The implemented design is determined to be ‘‘Lightweight architecture for elliptic curve scalar multiplication over
prime field,’’ Electronics, vol. 11, no. 14, p. 2234, Jul. 2022, doi:
the most limited when compared to the current designs. 10.3390/electronics11142234.
With a 7.24 µs computing time, it offers quick processing. [16] A. M. Awaludin, H. T. Larasati, and H. Kim, ‘‘High-speed and unified ECC
Additionally, it has improved area-time products by 77 to processor for generic weierstrass curves over GF(p) on FPGA,’’ Sensors,
vol. 21, no. 4, p. 1451, Feb. 2021, doi: 10.3390/s21041451.
90 percent over previous designs. In latency, throughput, and [17] K. Javeed, A. El-Moursy, and D. Gregg, ‘‘E2 CSM: Efficient FPGA imple-
FoM, the proposed design performs much better than all the mentation of elliptic curve scalar multiplication over generic prime field
other designs. The value of throughput is 138.121 kbps, and GF(p),’’ J. Supercomput., vol. 80, no. 1, pp. 50–74, Jan. 2024, doi:
10.1007/s11227-023-05428-4.
the latency is 7.24 µs. The FoM value of 18.66 is the highest [18] K. Javeed, ‘‘FPGA implementation of area-time aware ECC scalar mul-
among all the designs. It will be beneficial for IoT edge tiplication core,’’ in Proc. 30th IEEE Int. Conf. Electron., Circuits Syst.
(ICECS), Dec. 2023, pp. 1–4, doi: 10.1109/ICECS58634.2023.10382761.
devices. We shall attempt to enhance the design in the future [19] J. Tian, B. Wu, and Z. Wang, ‘‘High-speed FPGA implementation of
in terms of area and frequency performance by employing SIKE based on an ultra-low-latency modular multiplier,’’ IEEE Trans.
pipelining and parallelizing the point multiplication. Future Circuits Syst. I, Reg. Papers, vol. 68, no. 9, pp. 3719–3731, Sep. 2021,
doi: 10.1109/TCSI.2021.3094889.
work will also be aimed at implementing a scalable, flexible, [20] A. A. H. Abd-Elkader, M. Rashdan, E.-S.-A. M. Hasaneen, and
generalized architecture that targets safe curves. H. F. A. Hamed, ‘‘Efficient implementation of Montgomery modular mul-
tiplier on FPGA,’’ Comput. Electr. Eng., vol. 97, Jan. 2022, Art. no. 107585,
REFERENCES doi: 10.1016/j.compeleceng.2021.107585.
[21] T. Itoh and S. Tsujii, ‘‘A fast algorithm for computing multiplicative
[1] D. Evans, ‘‘The Internet of Things: How the next evolutions of the inverses in GF(2m ) using normal bases,’’ Inf. Comput., vol. 78, no. 3,
internet is changing everything,’’ Cisco Internet Bus. Solutions Group, pp. 171–177, Sep. 1988, doi: 10.1016/0890-5401(88)90024-7.
Tech. Rep., 2011. [Online]. Available: http://www.cisco.com/web/ [22] P. K. G. Nadikuda and L. Boppana, ‘‘An area-time efficient point-
about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf multiplication architecture for ECC over GF(2m ) using polynomial basis,’’
[2] S. S. Dhanda, B. Singh, and P. Jindal, ‘‘IoT security: A comprehensive Microprocessors Microsyst., vol. 91, Jun. 2022, Art. no. 104525, doi:
view,’’ Intell. Syst. Reference Library, vol. 174, pp. 467–494, Nov. 2020, 10.1016/j.micpro.2022.104525.
doi: 10.1007/978-3-030-33596-0_19. [23] L. Li and S. Li, ‘‘High-performance pipelined architecture of point
[3] S. Alnefaie, S. Alshehri, and A. Cherif, ‘‘A survey on access control in multiplication on Koblitz curves,’’ IEEE Trans. Circuits Syst. II,
IoT: Models, architectures and research opportunities,’’ Int. J. Secur. Netw., Exp. Briefs, vol. 65, no. 11, pp. 1723–1727, Nov. 2018, doi:
vol. 16, no. 1, p. 60, 2021, doi: 10.1504/ijsn.2021.112837. 10.1109/TCSII.2017.2785382.
[4] W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. Bangash, ‘‘An [24] R. Amiri and O. Elkeelany, ‘‘FPGA design of elliptic curve cryptosys-
in-depth analysis of IoT security requirements, challenges, and their coun- tem (ECC) for isomorphic transformation and EC ElGamal encryption,’’
termeasures via software-defined security,’’ IEEE Internet Things J., vol. 7, IEEE Embedded Syst. Lett., vol. 13, no. 2, pp. 65–68, Jun. 2021, doi:
no. 10, pp. 10250–10276, Oct. 2020, doi: 10.1109/JIOT.2020.2997651. 10.1109/LES.2020.3003978.
[5] F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, ‘‘IoT: [25] R. Salarifard and S. Bayat-Sarmadi, ‘‘An efficient low-latency point-
Internet of Threats? A survey of practical security vulnerabilities in real IoT multiplication over curve25519,’’ IEEE Trans. Circuits Syst. I,
devices,’’ IEEE Internet Things J., vol. 6, no. 5, pp. 8182–8201, Oct. 2019, Reg. Papers, vol. 66, no. 10, pp. 3854–3862, Oct. 2019, doi:
doi: 10.1109/JIOT.2019.2935189. 10.1109/TCSI.2019.2914247.
[6] A. B. El-Sisi, S. M. Shohdy, and N. Ismail, ‘‘Reconfigurable imple- [26] A. P. Fournaris, J. Zafeirakis, and O. Koufopavlou, ‘‘Designing and
mentation of Karatsuba multiplier for Galois field in elliptic curves,’’ in evaluating high speed elliptic curve point multipliers,’’ in Proc. 17th
Novel Algorithms and Techniques in Telecommunications and Networking. Euromicro Conf. Digit. Syst. Design, Aug. 2014, pp. 169–174, doi:
Dordrecht, The Netherlands: Springer, 2010, pp. 87–92, doi: 10.1007/978- 10.1109/DSD.2014.104.
90-481-3662-9_14. [27] W. N. Chelton and M. Benaissa, ‘‘Fast elliptic curve cryptography on
[7] S. S. Dhanda, B. Singh, and P. Jindal, ‘‘Lightweight cryptography: FPGA,’’ IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 16, no. 2,
A solution to secure IoT,’’ Wireless Pers. Commun., vol. 112, no. 3, pp. 198–205, Feb. 2008, doi: 10.1109/TVLSI.2007.912228.
pp. 1947–1980, Jun. 2020, doi: 10.1007/s11277-020-07134-3. [28] T. K. Dang, C. D. M. Pham, and T. L. P. Nguyen, ‘‘A pragmatic elliptic
[8] S. S. Dhanda, B. Singh, and P. Jindal, ‘‘Demystifying elliptic curve curve cryptography-based extension for energy-efficient device-to-device
cryptography: Curve selection, implementation and countermeasures to communications in smart cities,’’ Sustain. Cities Soc., vol. 56, May 2020,
attacks,’’ J. Interdiscipl. Math., vol. 23, no. 2, pp. 463–470, Feb. 2020, doi: Art. no. 102097, doi: 10.1016/j.scs.2020.102097.
10.1080/09720502.2020.1731959. [29] K. Sowjanya, M. Dasgupta, and S. Ray, ‘‘Elliptic curve cryptography based
[9] P. Nannipieri, S. D. Matteo, L. Baldanzi, L. Crocetti, L. Zulberti, authentication scheme for Internet of Medical Things,’’ J. Inf. Secur. Appl.,
S. Saponara, and L. Fanucci, ‘‘VLSI design of advanced-features AES vol. 58, May 2021, Art. no. 102761, doi: 10.1016/j.jisa.2021.102761.
cryptoprocessor in the framework of the European processor initiative,’’ [30] D. Sadhukhan, S. Ray, M. S. Obaidat, and M. Dasgupta, ‘‘A secure and
IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 30, no. 2, privacy preserving lightweight authentication scheme for smart-grid com-
pp. 177–186, Feb. 2022, doi: 10.1109/TVLSI.2021.3129107. munication using elliptic curve cryptography,’’ J. Syst. Archit., vol. 114,
[10] F. Rodríguez-Henríquez, N. A. Saqib, and A. Díaz-Pérez, ‘‘A fast paral- Mar. 2021, Art. no. 101938, doi: 10.1016/j.sysarc.2020.101938.
lel implementation of elliptic curve point multiplication over GF(2m ),’’ [31] W. Li, X. Chang, A. Yan, and H. Zhang, ‘‘Asymmetric multiple image
Microprocessors Microsyst., vol. 28, nos. 5–6, pp. 329–339, Aug. 2004, elliptic curve cryptography,’’ Opt. Lasers Eng., vol. 136, Jan. 2021,
doi: 10.1016/j.micpro.2004.03.003. Art. no. 106319, doi: 10.1016/j.optlaseng.2020.106319.
[11] S. M. Shohdy, A. B. El-Sisi, and N. Ismail, ‘‘FPGA implementation [32] N. Sasikaladevi, K. Geetha, K. Sriharshini, and M. D. Aruna, ‘‘H3-hybrid
of elliptic curve point multiplication over GF(2191 ),’’ in Proc. 3rd Int. multilayered hyper chaotic hyper elliptic curve based image encryption
Conf. Adv. Inf. Secur. Assurance, in Lecture Notes in Computer Science, system,’’ Opt. Laser Technol., vol. 127, Jul. 2020, Art. no. 106173, doi:
vol. 5576, 2191, pp. 619–634, doi: 10.1007/978-3-642-02617-1_63. 10.1016/j.optlastec.2020.106173.
[12] K. Javeed and A. El-Moursy, ‘‘Area-time efficient point multiplication [33] F. Rodriguez-Henriquez, ‘‘On fully parallel Karatsuba multipliers
architecture on twisted Edwards curve over general prime field GF(p),’’ for GF(2m ),’’ in Proc. Int. Conf. Comput. Sci. Technol. (CST),
Int. J. Circuit Theory Appl., vol. 51, no. 12, pp. 5962–5979, Dec. 2023, May 2003, pp. 405–410. Accessed: May 14, 2024. [Online]. Available:
doi: 10.1002/cta.3708. https://cir.nii.ac.jp/crid/1573668925154808832.bib?lang=en

VOLUME 12, 2024 144313

 S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

[34] N. P. Kumar and C. Shirisha, ‘‘An area-efficient ECC architec- BRAHMJIT SINGH (Member, IEEE) received
ture over GF(2m ) for resource-constrained applications,’’ AEU-Int. the Bachelor of Engineering degree in electronics
J. Electron. Commun., vol. 125, Oct. 2020, Art. no. 153383, doi: engineering from the Malaviya National Institute
10.1016/j.aeue.2020.153383. of Technology, Jaipur, the Master of Engineer-
[35] A. R. Alharbi, M. M. Hazzazi, S. S. Jamal, A. Aljaedi, A. Aljuhni, ing degree, with a specialization in microwave
and D. J. Alanazi, ‘‘DCryp-Unit: Crypto hardware accelerator unit
and radar from the Indian Institute of Technol-
design for elliptic curve point multiplication,’’ IEEE Access, vol. 12,
ogy, Roorkee, and the Ph.D. degree from GGS
pp. 17823–17835, 2024, doi: 10.1109/ACCESS.2024.3358213.
[36] M. Imran, M. Rashid, A. R. Jafri, and M. Kashif, ‘‘Throughput/area Indraprastha University, Delhi. He is with the
optimised pipelined architecture for elliptic curve crypto processor,’’ IET Department of Electronics and Communication
Comput. Digit. Techn., vol. 13, no. 5, pp. 361–368, Sep. 2019, doi: Engineering, National Institute of Technology
10.1049/iet-cdt.2018.5056. (NIT), Kurukshetra, as a Professor. He has 24 years of teaching and research
[37] M. Kashif, I. Cicek, and M. Imran, ‘‘A hardware efficient elliptic curve experience. He is the Dean of P&D and a Regional Coordinator of the
accelerator for FPGA based cryptographic applications,’’ in Proc. 11th Regional Academic Centre for Space, NIT Kurukshetra. He has held several
Int. Conf. Electr. Electron. Eng. (ELECO), Nov. 2019, pp. 362–366, doi: administrative and academic positions with NIT Kurukshetra, including the
10.23919/ELECO47770.2019.8990437. Chairman of the ECE Department and the Computer Engineering Depart-
[38] M. Zeghid, H. Y. Ahmed, A. Chehri, and A. Sghaier, ‘‘Speed/area-
ment, a Professor in charge of the Centre of Computing and Networking, and
efficient ECC processor implementation over GF(2m ) on FPGA via
a member of the Planning and Development Board. He was also in charge
novel algorithm-architecture co-design,’’ IEEE Trans. Very Large Scale
Integr VLSI Syst, vol. 31, no. 8, pp. 1192–1203, Aug. 2023, doi:
of the Siemens Centre of Excellence, NIT Kurukshetra. He has published
10.1109/TVLSI.2023.3268999. 100 research papers in international/national journals and conferences and
[39] D. Wang, Y. Lin, J. Hu, C. Zhang, and Q. Zhong, ‘‘FPGA implementation organized several conferences and short-term courses. His current research
for elliptic curve cryptography algorithm and circuit with high efficiency interests include wireless sensor networks, cognitive radio, security algo-
and low delay for IoT applications,’’ Micromachines, vol. 14, no. 5, p. 1037, rithms for wireless networks, mobility management in wireless networks,
May 2023, doi: 10.3390/mi14051037. and planning and designing of mobile cellular networks. He is a Life Member
[40] M. Rashid, M. Imran, M. Kashif, and A. Sajid, ‘‘An optimized architecture of IETE and ISTE. He received the Best Research Paper Award by the
for binary huff curves with improved security,’’ IEEE Access, vol. 9, Institution of Engineers (India).
pp. 88498–88511, 2021, doi: 10.1109/ACCESS.2021.3090216.
[41] K. Javeed, A. El-Moursy, and D. Gregg, ‘‘EC-crypto: Highly efficient
area-delay optimized elliptic curve cryptography processor,’’ IEEE Access,
vol. 11, pp. 56649–56662, 2023, doi: 10.1109/ACCESS.2023.3282781.
[42] A. M. Awaludin, J. Park, R. W. Wardhani, and H. Kim, ‘‘A high- CHIA-CHEN LIN (Member, IEEE) received the
performance ECC processor over curve448 based on a novel variant of the Ph.D. degree in information management from the
Karatsuba formula for asymmetric digit multiplier,’’ IEEE Access, vol. 10, National Chiao Tung University, in 1998. Since
pp. 67470–67481, 2022, doi: 10.1109/ACCESS.2022.3184786. 2018, she has been with the School Counselor,
[43] S. C. Shantz, From Euclid’s GCD to Montgomery Multiplication to the Providence University. She is a Professor of com-
Great Divide. Santa Clara, CA, USA: Sun Microsystems, 2001. puter science and information engineering with
[44] D. Hankerson, S. Vanstone, and A. Menezes, Guide to Elliptic Curve the National Chin-Yi University of Technology.
Cryptography (Springer Professional Computing). New York, NY, USA: Her research interests include image and signal
Springer, 2004, doi: 10.1007/b97644. processing, information hiding, mobile agents, and
[45] N. P. Smart, ‘‘The Hessian form of an elliptic curve,’’ in Proc. 3rd Int.
Workshop Cryptograph. Hardw. Embedded Syst. (CHES), in Lecture Notes
electronic commerce. Since 2018, she has been a
in Computer Science, vol. 2162, 2001, pp. 118–125, doi: 10.1007/3-540- fellow of IET. From 2009 to 2012, she served as the Vice Chairman for the
44709-1_11. Tainan Chapter of the IEEE Signal Processing Society. She also serves as an
[46] K. Sakiyama, E. De Mulder, B. Preneel, and I. Verbauwhede, ‘‘A parallel associate editor and an editor for several representative EI and SCIE journals.
processing hardware architecture for elliptic curve cryptosystems,’’ in
Proc. IEEE Int. Conf. Acoust. Speed Signal Process., vol. 3, May 2006,
pp. 904–907, doi: 10.1109/ICASSP.2006.1660801.
[47] M. Bednara, M. Daldrup, J. von zur Gathen, J. Shokrollahi, and J. Teich, POONAM JINDAL (Member, IEEE) received the
‘‘Reconfigurable implementation of elliptic curve crypto algorithms,’’ in B.E. degree in electronics and communication
Proc. 16th Int. Parallel Distrib. Process. Symp., vol. 24, 2002, p. 8, doi: engineering from Punjab Technical University,
10.1109/IPDPS.2002.1016557.
Punjab, in 2003, the M.E. degree in electron-
ics and communication engineering from Thapar
University, Patiala, India, in 2005, and the Ph.D.
degree from the National Institute of Technology,
Kurukshetra, India. She is an Assistant Professor
with the Electronics and Communication Engi-
neering Department, National Institute of Technol-
ogy. She has published more than 50 research papers in international/national
journals and conferences. Her research interests include security algorithms
for wireless networks and mobile communication.
SUMIT SINGH DHANDA received the B.Tech.
and M.Tech. degrees in electronics and commu-
nication engineering from Kurukshetra University,
Kurukshetra, India, in 2005 and 2011, respectively, DEEPAK PANWAR received the master’s and
and the Ph.D. degree from the ECE Department, Ph.D. degrees in computer science and engi-
National Institute of Technology, Kurukshetra. neering from Gautam Buddha University, India,
He worked on lightweight cryptography for IoT in 2011 and 2018, respectively. He is currently
devices during the doctoral degree. He is an an Associate Professor with Manipal University
Associate Professor with the School of Com- Jaipur, India. He has published many research
puter Science and Engineering, IILM University, papers in reputed journals and conferences. His
Greater Noida. He has published 20 research papers at international and main research interests include software quality
national conferences. His research interests include security algorithms for assurance and computational intelligence.
the Internet of Things and wireless and mobile communication.

144314 VOLUME 12, 2024

S. S. Dhanda et al.: Fast and Efficient 191-bit Elliptic Curve Cryptographic Processor

TARUN KUMAR SHARMA received the Ph.D. WOOGUIL PAK (Member, IEEE) received the
degree in soft computing from the Department of B.S. and M.S. degrees in electrical engineering
Applied Science and Engineering, IIT Roorkee. and the Ph.D. degree in electrical engineering
Since April 2022, he has been associated with and computer science from Seoul National Uni-
Shobhit University, as a Professor. He was with versity, in 1999, 2001, and 2009, respectively.
Amity University, Rajasthan, as an Associate Pro- In 2010, he joined the Jangwee Research Institute
fessor; the Head of the Department of Computer for National Defence, as a Research Professor,
Science and Engineering/IT; and the Alternate and Keimyung University, Daegu, South Korea,
Director of Outcome. He has supervised seven in 2013. Since 2019, he has been an Associate
Ph.D. and 25 M.Tech. dissertations. He has over Professor with Yeungnam University, Gyeongsan,
100 research publications to his credit. He has edited 15 volumes of con- South Korea. His research interests include network and system security,
ference proceedings books and authored one book. His research interests blockchain, and real-time network intrusion prevention based on machine
include evolutionary algorithms, nature inspired algorithms, and machine learning for over 1Tbps networks.
intelligence.

SAURABH AGARWAL received the Ph.D. degree

in computer engineering from the University of
Delhi, in 2017, India. From 2019 to 2023, he was
a Korean Research Fellow in South Korea and
has been a Research Professor with Yeungnam
University, Gyeongsan, South Korea, since 2024.
His research focuses on image forensics, computer
vision, and machine learning.

VOLUME 12, 2024 144315