Browse > Article
http://dx.doi.org/10.4218/etrij.2018-0445

Compact implementations of Curve Ed448 on low-end IoT platforms  

Seo, Hwajeong (Division of IT Convergence Engineering, Hansung University)
Publication Information
ETRI Journal / v.41, no.6, 2019 , pp. 863-872 More about this Journal
Abstract
Elliptic curve cryptography is a relatively lightweight public-key cryptography method for key generation and digital signature verification. Some lightweight curves (eg, Curve25519 and Curve Ed448) have been adopted by upcoming Transport Layer Security 1.3 (TLS 1.3) to replace the standardized NIST curves. However, the efficient implementation of Curve Ed448 on Internet of Things (IoT) devices remains underexplored. This study is focused on the optimization of the Curve Ed448 implementation on low-end IoT processors (ie, 8-bit AVR and 16-bit MSP processors). In particular, the three-level and two-level subtractive Karatsuba algorithms are adopted for multi-precision multiplication on AVR and MSP processors, respectively, and two-level Karatsuba routines are employed for multi-precision squaring. For modular reduction and finite field inversion, fast reduction and Fermat-based inversion operations are used to mitigate side-channel vulnerabilities. The scalar multiplication operation using the Montgomery ladder algorithm requires only 103 and 73 M clock cycles on AVR and MSP processors.
Keywords
efficient elliptic curve cryptography implementation; embedded processors; Internet of Things;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. O. Wallin and T. Zimmerman, Strategic Roadmap for IoT Network Technology, 2017, available at: https://www.gartner.com/doc/3587517/-strategic-roadmap-iot-network.
2 N. Gura et al., Comparing elliptic curve cryptography and RSA on 8-bit CPUs, in Int. Workshop Cryptographic Hardw. Embedded Syst., Cambridge, MA, USA, Aug. 2004, pp. 119-132.
3 D. J. Bernstein, Curve25519: new Diffie-Hellman speed records, in Int. workshop Public Key Cryptography, New York, USA, Apr. 2006, pp. 207-228.
4 M. Hamburg, Ed448-Goldilocks, a new elliptic curve, Cryptology ePrint Archive: Report 2015/625, 2015.
5 M. Hutter and E. Wenger, Fast multi-precision multiplication for public-key cryptography on embedded microprocessors, in Int. Workwhop Crytographic Hardw. Embedded Syst., Nara, Japan, 2011, pp. 459-474.
6 Z. Liu et al., Reverse product-scanning multiplication and squaring on 8-bit AVR processors, in Int. Conf. Inform. Commun. Security, Hong Kong, China, Dec. 2014, pp. 158-175.
7 Z. Liu, E. Wenger, and J. Grossschadl, MoTE-ECC: Energy-scalable elliptic curve cryptography for wireless sensor networks, in Int. Conf. Appl. Cryptography Netw. Security., Lausanne, Switzerland, June 2014, pp. 361-379.
8 E. Rescorla et al., The Transport Layer Security (TLS) Protocol Version 1.3., 2017, available at https://tools.ietf.org/html/draft-ietf-tls-tls13-21.
9 H. Edwards, A normal form for elliptic curves, Bull. Amer. Math. Soc. 44 (2007), no. 3, 393-422.   DOI
10 D. J. Bernstein et al., High-speed high-security signatures. J. Crypto. Eng. 2 (2012), no. 2, 77-89.   DOI
11 Z. Liu et al., On emerging family of elliptic curves to secure internet of things: ECC comes of age, IEEE Trans. Dependable Secure Comput. 14 (2017), no. 3, 237-248.   DOI
12 D. J. Bernstein et al., SafeCurves: choosing safe curves for elliptic-curve cryptography, 2013, available at: http://safecurves.cr.yp.to.
13 A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of applied cryptography, CRC press, Boca Raton, FL, USA, 1996.
14 H. Seo and H. Kim, Multi-precision multiplication for public-key cryptography on embedded microprocessors, in Int. Workshop Inform. Security Applicat., Nara, Japan, 2012, pp. 55-67.
15 P. G. Comba, Exponentiation cryptosystems on the IBM PC, IBM Syst. J. 29 (1990), no. 2, 526-538.   DOI
16 Z. Liu et al., Efficient implementation of ECDH key exchange for MSP430-based wireless sensor networks, in Proc. ACM Symp. Inform., Comput. Commun. Security, Singapore, 2015, pp. 145-153.
17 L. Qiu et al., Implementing RSA for sensor nodes in smart cities, Pers. Ubiquit. Comput. 21 (2017), no. 5, 807-813.   DOI
18 H. Seo and H. Kim, Optimized multi-precision multiplication for public-key cryptography on embedded microprocessors, Inter. J. Comput. Commun. Eng. 2 (2013), no. 3, 255-259.
19 M. Dull et al., High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers, Des. Codes Crypt. 77 (2015), no. 2-3, 493-514.   DOI
20 M. Hutter and P. Schwabe, Multiprecision multiplication on AVR revisited, J. Crypto. Eng. 5 (2015), no. 3, 201-214.   DOI
21 H. Seo et al., Hybrid Montgomery reduction, ACM Trans. Emb. Comput. Syst. 15 (2016), no. 3, Article no. 58.
22 P. L. Gouvea and J. Lopez, Software implementation of pairingbased cryptography on sensor networks using the MSP430 microcontroller, in Int. Conf. Cryptology India New Delhi, India, Dec. 2009, pp. 248-262.
23 H. Seo et al., Multi-precision squaring for public-key cryptography on embedded microprocessors, in Int. Conf. Cryptology in India, Munbai, India, 2013, pp. 227-243.
24 P. L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Math. Comp. 48 (1987), no. 177, 243-264.   DOI
25 E. Wenger, T. Unterluggauer, and M. Werner, 8/16/32 shades of elliptic curve cryptography on embedded processors. in Int. Conf. Cryptology India, Mumbai, India, 2013, pp. 244-261.
26 G. Hinterwalder et al., Full-size high-security ECC implementation on MSP430 microcontrollers, in Int. Conf. Cryptology Inform. Security Latin America, Florianopolis, Brazil, 2014, pp. 31-47.