A Novel Low-Area Point Multiplication Architecture for Elliptic-Curve Cryptography

Round 1

Reviewer 1 Report

The paper presents the hardware architecture for point multiplication over GF(2^163) employing Xilinx FPGAs. The paper is well-structured and easy to follow. However, there are several concerns that should be addressed by authors before accepting the paper:

• The abstract needs to be revised. The best results over Virtex-7 should be reported and compared to the best previous works.
• Abstract: it relatively requires a higher amount of computation time (latency)? Do you mean the Virtex-7 takes more time compared to other platforms (e.g., Virtex-6)?
• Recently, no works utilized Virtex-4, Virtex-5, or even Virtex-6 to report the result since they are almost obsolete. Although reporting the results in the same platform would be helpful to have a fair comparison, none of the listed works in Table 2 has been implemented on Virtex-4 and Virtex-6.
• Page 3-Line 100-107: The recent works on GF(P) are missing, including 1109/ARITH48897.2020.00019, https://doi.org/10.1007/978-3-030-65277-7_10, and 10.1109/TVLSI.2021.3077885
• The novelty of the work is not enough. Using the pipeline stages and implementing the schoolbook multiplier cannot be considered as contributions.
• A figure is required to show the scheduling of one-step PA and PD corresponding the Algorithm 1. The data dependency between the operations should be illustrated in this figure.
• The cycle count should be reported in all tables.
• The area breakdown and latency breakdown should be listed.
• The references in Table 2 are not up to date. The comparison between the presented architecture and the recent FPGA-based works (even over GF(P)) would be helpful. The authors can assume time complexity is growing cubic in the field size to extrapolate their performance.
• Considering the quantum computer treat to break the ECC-based architecture, how can the presented architecture over GF(2^163) be integrated with the current PQC scheme as a hybrid cryptosystem? What are the optimization perspectives for this integration?
• Although the evaluation of the proposed architecture considering the side-channel leakage is not presented, the authors should suggest the necessary countermeasure and discuss the possible leakages for their design.

Author Response

You are requested to please find the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Review report on "A Novel Low-area Point Multiplication Architecture
for Elliptic-curve Cryptography".

This paper reports implementation of Weierstrass elliptic curve point multiplication over the binary field GF(2^163) on Xilinx Virtex family FPGAs.

1. There is no need to put your detailed results in the Abstract section; A comparison with other works in the literature can give an insight to the reader.   
2. Line 23, Cryptographic algorithms are two types, symmetric and asymmetric(Public-key cryptography). We do not have private cryptography. 
3. Line 25, Symmetric cryptographic algorithms are mainly preferred because of the speed of encryption/decryption as they require fewer computations. 
4. Line 41. What ECC scheme is referenced? You need to cite a reference.
5. Line 46. What is the "basis" refers to in this line?  Basically, ECC can be defined in binary finite fields F(2^n) or prime fields. F(p^n). 
6. Line 101. In [23], implementation of ECC in prime fields is presented which is not related to this work. 
7. Line 129. Implementation is done on FPGA's of same family devices (Virtex), which gives out no information. The architecture of this device family is similar and the fabrication technology advanced from 90 nm to 28 nm. Moreover the speed grades of the devices are not mentioned. Obviously, implementation on more advanced fabrication technology will give higher clock rates and throughputs. It is recommended to report implementations on different family devices. 
8. Line 142, equation 1,  iteration k-1 times. There are k-1 additions. 
9. Page 5 algorithm 1. It is recommended to show Point addition and Point doubling formulae separately, then use them as functions in Algorithm1.
10. Line 286, repetition of line 131.
11. Page 9. Figure 3. same as comment no.7. You have implemented the same design on FPGA devices of same family. The throughput increased due to the FPGA fabrication technology. There is no information in this figure.
12. Page 10. Table 2.  "Weierstrass"  is correct.
13. The power consumption of your work is not reported. It is essential to compare dynamic and static power consumption with the works in literature as this design uses higher clock rates and higher latency. 

Author Response

You are requested to please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Thanks for incorporating most of my suggestions and comments. The only minor issue is regarding the area breakdown comment. Instead of comparing results over different technologies, it would be helpful to show how much area is occupied for each of the proposed blocks in the design, including the arithmetic, controller, etc.

Author Response

You are requested to find the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

all comments are addressed in the revision.

Author Response

You are requested to please find the attachment.

Author Response File: Author Response.pdf