In recent years, the complexity and connectivity of automotive electronic systems have been continually increasing, exposing vehicles to unprecedented risks of cyberattacks. Hackers can easily access sensitive vehicle information through network vulnerabilities and even control key functions of vehicles, posing serious threats to the safety of drivers and passengers. The fourth one of Calterah’s cybersecurity white paper series, "Calterah Asymmetric Cryptography Design", introduces the advanced encryption technology of asymmetric cryptosystems and Calterah's unique asymmetric cryptographic engine design. By using the pairing mechanism of public and private keys, it ensures that only authorized users can access sensitive information, thereby reducing the risk of data leakage and effectively safeguarding the security of data transmission.

1. Dangers of Data Leakage
2. Asymmetric Cryptosystem
3. Asymmetric Cryptographic Algorithms
4. Application of Asymmetric Cryptography in Automotive Cybersecurity
5. Calterah Asymmetric Cryptographic Engine Design

1 Dangers of Data Leakage

In the era of digital information explosion, massive data transmissions happen every day.  If no protective measures are applied, the data sent and received can be easily intercepted by hackers. If plaintext transmission is used for sensitive data, hackers can effortlessly read the contents once the data is intercepted. Therefore, it is crucial to apply cryptographic methods to data transmission.

Figure 1: Risks of Data Transmission Leakage

2 Asymmetric Cryptosystem

The asymmetric cryptosystem (also known as public-key cryptosystem) is an encryption technology that uses two keys: a public key and a private key. The former can be made public and used by anyone to encrypt messages, while the latter is kept secret by the user for decrypting messages encrypted with the corresponding public key or for creating digital signatures.

Figure 2 Asymmetric Cryptosystem

In a symmetric cryptosystem, security relies on the confidentiality of keys, which means if the keys are leaked, the encrypted information becomes insecure. In contrast, the advantage of asymmetric cryptosystems is that the public key can be open to public, and even if the public key is stolen, it cannot be used to decrypt messages, thus offering higher security.

Current implementation solutions of asymmetric cryptographic engines primarily include the Rivest-Shamir-Adleman (RSA) algorithm, which is based on the difficulty of solving large number factorization problems, and the Elliptic Curve Cryptography (ECC) system, which is based on elliptic curve discrete logarithm problems.

3 Asymmetric Cryptographic Algorithms

3.1 RSA Algorithm

Invented by Ronald L. Rivest, Adi Shamir, and Leonard Adleman in 1977, the RSA algorithm is based on a simple principle of number theory: while it is easy to multiply two prime numbers, it is considerably difficult to deduce the original prime numbers from their product.

The steps of RSA algorithm are as follows:

1. Given two large prime numbers p and q (kept secret)
2. Calculate N = p * q (public) and Euler's totient function m = φ(N) = (p - 1) * (q - 1) (kept secret)
3. Randomly select a positive integer e, 1 < e < m, ensuring gcd(e, m) = 1, where (N, e) is the public encryption key
4. Calculate d such that d * e ≡ 1 (mod m), where (N, d) is the private decryption key (Private)
5. Encryption: For plaintext M ∈ Zn, ciphertext is: C = M^emod N
6. Decryption: For ciphertext C ∈ Zn, plaintext is: M = C^dmod N

3.2 ECC Algorithm

Elliptic Curve Cryptography (ECC) is a public key cryptosystem initially proposed by Neal Koblitz and Victor Miller in 1985. ECC can achieve comparable or higher security with shorter keys, compared to RSA. ECC with a 160-bit key offers a security level equivalent to RSA with a 1024-bit key, while a 210-bit ECC key equals the security level of RSA with a 2046-bit key.

ECC boasts advantages including higher security, lower power consumption, and smaller storage space, making it widely applicable for identity authentication, fast encryption, digital signatures, etc. A plane curve represented by the Weierstrass equation is known as an elliptic curve, commonly denoted as E:

E=y²+a₁xy+a₃y=x₃+a₂x²+a₄x+a₆

In practical applications, the elliptic curve used in the ECC public key cryptosystem is a simplified form of the Weierstrass equation. Additionally, the discriminant of the simplified elliptic curve must not be zero, as shown in the following formula:

y²=x³+ax+b mod p  (4a³+27b²≠0)

y2 = x3 + x + 1	y2 = x3 - 1

Figure 3 Examples of Elliptic Curves

Mathematically, elliptic curves are continuous, which poses security threats if directly used for encryption. Therefore, ECC restricts the curve to a finite integer field, turning it into a discrete set of points (similar to grid coordinates). The total number of these discrete points is known as the "order" of the curve, which is a critical parameter for ensuring encryption security.

The core operation in ECC is point multiplication, which refers to the calculation in the Abelian group composed of points on the elliptic curves, accounting for about 90% of the total cryptographic computation time. Point multiplication can be divided into point addition and doubling operations, implemented through the underlying operation units of modular multiplication, modular addition, modular subtraction, modular inversion, and modular squaring.

Modular arithmetic in the Montgomery domain can efficiently enhance performance for modular multiplication and squaring operations. In the point operation layer of ECC, using the projective coordinate system avoids the time-consuming modular inversion. Thus, all modular arithmetic operates within the Montgomery domain, and all point operations are conducted in the projective coordinate system for improved operational efficiency of ECC.

4 Application of Asymmetric Cryptography in Automotive Cybersecurity

With the further development of information technology and the rise of automotive intelligence, ensuring automotive cybersecurity has become increasingly important. Since the asymmetric cryptographic algorithms have two keys, they are particularly suitable for identity authentication, data encryption, and digital signatures in distributed systems.

1. Identity Authentication: During Vehicle-to-Vehicle (V2V) or Vehicle-to-Infrastructure (V2I) communication, asymmetric cryptography can be used for identity authentication. For example, when a roadside charging station establishes a secure connection with a vehicle, the station can encrypt a random number with the public key of vehicle and send it to the vehicle. The vehicle decrypts it using its private key and returns the result to the station, which verifies the result to confirm the legitimacy of vehicle, preventing unauthorized devices from accessing the automotive network.
2. Data Encryption: Sensitive data transmitted within vehicles, such as navigation information or vehicle control commands, can be encrypted using asymmetric cryptography. For instance, when a vehicle uploads driving behavior data to a cloud platform, it first encrypts the data with the public key of the platform, ensuring that only the platform can decrypt it using a corresponding private key, maintaining confidentiality during transmission and preventing data theft or tampering.
3. Digital Signatures: When crucial information, such as software updates, is communicated between electronic control units (ECUs), the sender can create a digital signature using a private key. The recipient uses the sender's public key to verify the validity of signature. This ensures the message originates from a legitimate sender and remains unaltered during transmission, maintaining its integrity and authenticity.

5 Calterah Asymmetric Cryptography Engine Design

Calterah radar SoC products implement asymmetric cryptography engines designed based on a microcode architecture, which uses instruction sequencer to support various asymmetric algorithms, including:

• RSA algorithm with or without the Chinese Remainder Theorem (CRT) support
• Elliptic Curve Cryptography (ECC), including NIST recommended curves:

• • Prime field curves: P-192, P-224, P-256, P-384, P-521
  • Binary field curves: K-163, K-233, K-283, K-409, K-571
  • Binary field curves: B-163, B-233, B-283, B-409, B-571

• ECDH elliptic curve key exchange
• Digital Signature Algorithm (DSA) and elliptic curve digital signature algorithms (ECDSA and EdDSA)
• ShangMi2 (SM2) algorithm
• ShangMi9 (SM9) algorithm
• Miller-Rabin primality testing algorithm

The microcode-based architecture design of Calterah cryptography engine significantly enhances scalability, allowing support for new asymmetric algorithms through microcode upgrades.

Figure 5 Calterah Asymmetric Cryptography Engine Design

By employing Calterah asymmetric cryptographic engine, vehicle radar cybersecurity is effectively enhanced, protecting user data and preventing potential cyber threats. In the future, Calterah will continue to deepen the application of asymmetric cryptosystems, driving the automotive industry towards a safer and smarter future.