Abstract
Public key cryptography is widely used in key exchange and digital signature protocols. Public key cryptography requires expensive primitive operations, such as finite-field and group operations. These finite-field and group operations require a number of clock cycles to execute. By carefully optimizing these primitive operations, public key cryptography can be performed with reasonably fast execution timing. In this paper, we present the new implementation result of Curve448 on 32-bit ARM Cortex-M4 microcontrollers. We adopted state-of-art implementation methods, and some previous methods were re-designed to fully utilize the features of the target microcontrollers. The implementation was also performed with constant timing by utilizing the features of microcontrollers and algorithms. Finally, the scalar multiplication of Curve448 on 32-bit ARM Cortex-M4@168 MHz microcontrollers requires 6,285,904 clock cycles. To the best of our knowledge, this is the first optimized implementation of Curve448 on 32-bit ARM Cortex-M4 microcontrollers. The result is also compared with other ECC and post-quantum cryptography (PQC) implementations. The proposed ECC and the-state-of-art PQC results show the practical usage of hybrid post-quantum TLS on the target processor.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hamburg, M.: Ed448-Goldilocks, a new elliptic curve. IACR Cryptol. ePrint Arch. 2015, 625 (2015)
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM Cortex-M4 (2019)
Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in \(\mathbb{Z}_{2m}[x]\) on Cortex-M4 to speed up NIST PQC candidates. In: Deng, R., Gauthier-Umana, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 281–301. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_14
Seo, H., Jalali, A., Azarderakhsh, R.: SIKE round 2 speed record on ARM Cortex-M4. In: Mu, Y., Deng, R., Huang, X. (eds.) CANS 2019. LNCS, vol. 11829, pp. 39–60. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31578-8_3
Botros, L., Kannwischer, M.J., Schwabe, P.: Memory-efficient high-speed implementation of Kyber on Cortex-M4. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 209–228. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_11
Edwards, H.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44(3), 393–422 (2007)
Bernstein, D.J., Lange, T., et al.: SafeCurves: choosing safe curves for elliptic-curve cryptography (2013). http://safecurves.cr.yp.to
Rescorla, E., et al.: The transport layer security (TLS) protocol version 1.3 (2017). https://tools.ietf.org/html/draft-ietf-tls-tls13-21
Seo, H.: Compact implementations of Curve Ed448 on low-end IoT platforms. ETRI J. 41(6), 863–872 (2019)
de Groot, W.: A performance study of X25519 on Cortex-M3 and M4, Ph. D. thesis, Eindhoven University of Technology (2015)
De Santis, F., Sigl, G.: Towards side-channel protected X25519 on ARM Cortex-M4 processors. In: Proceedings of Software Performance Enhancement for Encryption and Decryption, and Benchmarking, Utrecht, The Netherlands, pp. 19–21 (2016)
Fujii, H., Aranha, D.F.: Curve25519 for the Cortex-M4 and beyond. In: Lange, T., Dunkelman, O. (eds.) LATINCRYPT 2017. LNCS, vol. 11368, pp. 109–127. Springer, Cham (2017). https://doi.org/10.1007/978-3-030-25283-0_6
Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. IACR Trans. Cryptogr. Hardw. Embed. Syst. 1–48, 2019 (2019)
Hutter, M., Wenger, E.: Fast multi-precision multiplication for public-key cryptography on embedded microprocessors. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 459–474. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_30
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)
Wenger, E., Unterluggauer, T., Werner, M.: 8/16/32 shades of elliptic curve cryptography on embedded processors. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 244–261. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03515-4_16
Hutter, M., Schwabe, P.: NaCl on 8-bit AVR microcontrollers. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 156–172. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38553-7_9
Nascimento, E., López, J., Dahab, R.: Efficient and secure elliptic curve cryptography for 8-bit AVR microcontrollers. In: Chakraborty, R.S., Schwabe, P., Solworth, J. (eds.) SPACE 2015. LNCS, vol. 9354, pp. 289–309. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24126-5_17
Düll, M., et al.: High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Des. Codes Cryptogr. 77(2–3), 493–514 (2015). https://doi.org/10.1007/s10623-015-0087-1
Liu, Z., Longa, P., Pereira, G., Reparaz, O., Seo, H.: Four\(\mathbb{Q}\) on embedded devices with strong countermeasures against side-channel attacks. IEEE Trans. Depend. Secure Comput. 17, 536–549 (2018)
Gouvêa, C.P.L., López, J.: Software implementation of pairing-based cryptography on sensor networks using the MSP430 microcontroller. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 248–262. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10628-6_17
Hinterwälder, G., Moradi, A., Hutter, M., Schwabe, P., Paar, C.: Full-size high-security ECC implementation on MSP430 microcontrollers. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 31–47. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16295-9_2
Franck, C., Großschädl, J., Le Corre, Y., Tago, C.L.: Energy-scalable montgomery-curve ECDH key exchange for ARM cortex-M3 microcontrollers. In: 2018 6th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 231–236. IEEE (2018)
Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_22
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M., et al.: Recommendation for key management: Part 1: General. National Institute of Standards and Technology, Technology Administration (2006)
Orman, H., Hoffman, P.: Determining strengths for public keys used for exchanging symmetric keys. Technical report, BCP 86, RFC 3766, April 2004
Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_9
Campagna, M., Crockett, E.: Hybrid post-quantum key encapsulation methods (PQ KEM) for transport layer security 1.2 (TLS). Internet Engineering Task Force, Internet-Draft draft-campagna-tls-bike-sike-hybrid-01 (2019)
Seo, H., Anastasova, M., Jalali, A., Azarderakhsh, R.: Supersingular isogeny key encapsulation (SIKE) round 2 on ARM Cortex-M4. IACR Cryptol. ePrint Arch. 2020, 410 (2020)
Acknowledgement
This work of Hwajeong Seo was supported by Institute for Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (<Q|Crypton>, No.2019-0-00033, Study on Quantum Security Evaluation of Cryptography based on Computational Quantum Complexity). This work of Reza Azarderakhsh was supported by ARO grant W911NF2010328.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Seo, H., Azarderakhsh, R. (2021). Curve448 on 32-Bit ARM Cortex-M4. In: Hong, D. (eds) Information Security and Cryptology – ICISC 2020. ICISC 2020. Lecture Notes in Computer Science(), vol 12593. Springer, Cham. https://doi.org/10.1007/978-3-030-68890-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-68890-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68889-9
Online ISBN: 978-3-030-68890-5
eBook Packages: Computer ScienceComputer Science (R0)