SageMath
Used as the mathematical reference environment for verifying ECC operations and timing experiments.
https://www.sagemath.org/Embedded cryptography · Linux driver · Hardware accelerator
ECC Key Material Generation with CryptoCore on DE1 SoC
This project implements and verifies ECC related GF(p) operations for CryptoCore based key material generation. The work combines Jacobian coordinate formulas, Montgomery domain arithmetic, Linux kernel driver integration, user space testing, and SageMath based result verification.
Basic Idea
ECC public key generation is based on scalar multiplication. A private scalar k is selected and the public key is obtained as Q = kG on a chosen elliptic curve. This project studies how the required arithmetic can be mapped into a CryptoCore accelerated environment while keeping the mathematical results checkable with SageMath.
The strongest parts of the work are the connection between explicit ECC formulas and driver level CryptoCore execution, the Montgomery domain timing comparison, and the verification workflow between Linux device output and SageMath reference output.
Project Facts
- Curve
- brainpoolP512r1 over GF(p)
- Coordinate model
- Jacobian projective coordinates
- Arithmetic domain
- Montgomery domain for modular arithmetic
- Verification
- SageMath and SageCell reference calculations
- Main constraint
- MWMAC register allocation for 512 bit operands
Technical Walkthrough
1. Project overview+−
This project explores ECC key material generation over a prime field GF(p) using the CryptoCore hardware accelerator on the DE1 SoC platform. The implementation focuses on the driver level integration of ECC related arithmetic operations and verifies the reported device results against SageMath reference calculations.
Technical form
Goal pipeline:
private scalar k from TRNG
→ Montgomery transformation
→ affine to Jacobian conversion
→ Point Doubling and Point Addition
→ Point Multiplication Q = kG
→ Jacobian to affine conversion
→ SageMath verificationThe page avoids presenting the work as a production ready cryptographic library. The report documents successful driver experiments together with remaining limitations.
2. ECC key material generation+−
A private key is a randomly generated scalar k. The public key is derived by multiplying a fixed generator point G by this scalar. The central operation is therefore scalar multiplication on an elliptic curve. For the selected curve family, this operation is built from repeated Point Doubling and conditional Point Addition.
Technical form
Private key: k ∈ [1, n − 1] Public key: Q = k · G Double and Add idea: scan scalar bits double current point each step add G when the processed bit is 1
Skipping or preloading the most significant set bit is treated here as an algorithmic control flow choice. It is not described as a complete side channel countermeasure.
3. Curve model and brainpoolP512r1+−
The project works with elliptic curves in short Weierstrass form and uses brainpoolP512r1 as the main 512 bit prime field curve. This makes the implementation relevant to standardized prime field ECC parameters while keeping the arithmetic structure compatible with the formulas used in the Explicit Formulas Database.
Technical form
Short Weierstrass form: y² = x³ + ax + b Selected curve family: brainpoolP512r1 Field: GF(p), where p is a large prime
This section should include either a clean curve model figure or a compact table with curve name, field size, coordinate system, and verification tool.
4. Jacobian coordinates+−
Affine point operations require modular inversion, which is expensive in prime field arithmetic. Jacobian projective coordinates reduce the number of inversions by introducing a third coordinate Z. Most intermediate ECC arithmetic in the project is therefore represented in Jacobian coordinates before converting the final result back to affine form.
Technical form
Affine point: (x, y) Jacobian representation: x = X / Z² y = Y / Z³ Point in Jacobian form: (X : Y : Z)
Use the term Jacobian coordinates in the final website text. The report sometimes says Jacobi, but Jacobian is the standard terminology for this representation.
5. Point Addition and Point Doubling+−
The implementation is based on explicit Jacobian formulas for short Weierstrass curves. Point Addition combines two distinct points. Point Doubling computes 2P from a single point. These operations form the lower level building blocks for scalar multiplication and public key derivation.
Technical form
Formula cost used in the report: Point Addition: 16M Point Doubling: 9M M = field multiplication S = field squaring
Important limitation: the final driver implementation has a known standalone Point Addition constraint. The selected MWMAC register layout was optimized around one active point, while Point Addition needs two distinct input points.
6. Montgomery domain arithmetic+−
Montgomery domain arithmetic is used to reduce the cost of modular arithmetic. Instead of performing expensive division based modular reductions directly, values are transformed into a Montgomery representation, processed there, and transformed back at the end of the calculation.
Technical form
Montgomery multiplication idea:
MontMult(A, B, P) = A · B · R⁻¹ mod P
Typical flow:
normal domain
→ Montgomery domain
→ arithmetic operations
→ back transformationThe report measurements show clear speed improvements in Sage based comparisons, especially for the random key point multiplication experiment.
7. CryptoCore driver integration+−
The implementation extends the Linux side access to the CryptoCore accelerator. The user space application communicates with the kernel driver, while the driver controls CryptoCore operations and maps intermediate values into the MWMAC RAM register structure. This is the embedded software core of the project.
Technical form
Software and hardware path:
user space application
→ header interface
→ kernel driver
→ CryptoCore command
→ MWMAC RAM registers
→ result read back to user spaceThis section should be supported by the MWMAC RAM figure and one Linux terminal output screenshot.
8. Verification with SageMath+−
The reported Point Addition, Point Doubling, and Point Multiplication outputs were compared against SageMath calculations. SageMath was used as a mathematical reference because it can model finite field elliptic curve operations directly and allows fast checking of expected values.
Technical form
Verification loop: choose curve parameters run operation on CryptoCore driver run same operation in SageMath compare x and y coordinates report whether the device result matches
Use the Point Doubling or Point Multiplication verification screenshot as the primary evidence image because the result comparison is visible there.
9. Known engineering limitations+−
The report documents limitations that should stay visible on the project page. The code does not fully check point at infinity cases. The driver code also contains optimization issues due to the project deadline. Copy heavy helper paths can be cleaned up. Standalone Point Addition needs a revised register allocation if it should safely handle two independent input points in the final branch.
Technical form
Remaining work: add point at infinity handling add point validation redesign standalone Point Addition register allocation reduce copy heavy driver code add side channel hardening extend automated test vectors
This limitation section makes the page more credible. It shows what worked and what still needs engineering work.
Montgomery Domain Timing Comparison
| Operation | Non Montgomery | Montgomery domain | Note |
|---|---|---|---|
| Point Addition | 14.05 µs | 6.70 µs | SageCell comparison from the project report |
| Point Doubling | 12.74 µs | 7.55 µs | Jacobian formula compared with Montgomery domain variant |
| Point Multiplication | 45.4 µs | 8.13 µs | Small scalar verification experiment |
| Random key experiment | 1313.7 µs | 79.5 µs | Large prime experiment showing the strongest speed difference |
Figures and Evidence Slots
Each figure card is intentionally prepared as a popup. Small cards keep the page readable while the modal view allows wide register maps, terminal screenshots, and formula screenshots to remain legible.
Key Accomplishments
- CryptoCore Linux kernel driver extended with ECC related GF(p) operations.
- Jacobian Point Addition and Point Doubling formulas implemented and verified.
- Montgomery domain arithmetic applied to reduce modular arithmetic cost.
- Point Addition, Point Doubling, and Point Multiplication outputs checked with SageMath.
- brainpoolP512r1 used as the main 512 bit prime field curve.
- MWMAC register allocation studied and documented for 512 bit operands.
Possible Extensions
- Add point at infinity handling and complete edge case validation.
- Redesign register allocation for standalone Point Addition with two independent points.
- Replace copy heavy driver code with cleaner helper functions.
- Add point validation before scalar multiplication.
- Harden the implementation against timing and side channel leakage.
- Add automated test vectors for brainpoolP512r1 and smaller debug curves.
References and Materials
These references support the mathematical background, curve parameters, verification environment, and formula selection used in the project.
SageCell
Used for browser based SageMath execution during formula verification and comparison experiments.
https://sagecell.sagemath.org/Explicit Formulas Database
Source of the Jacobian coordinate formulas for short Weierstrass curves used for Point Addition and Point Doubling.
https://hyperelliptic.org/EFD/RFC 5639 Brainpool Standard Curves
Reference for the brainpoolP512r1 elliptic curve parameters used in the project.
https://datatracker.ietf.org/doc/html/rfc5639Cryptool Book
Background source for learning cryptography concepts with Cryptool and SageMath.
https://www.cryptool.org/en/documentation/ctbook/ECC gentle introduction
Background reference for elliptic curve cryptography concepts and geometric intuition.
https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/