Cryptology ePrint Archive: Report 2016/330

NaCl's Crypto_Box in Hardware

Michael Hutter and Jürgen Schilling and Peter Schwabe and Wolfgang Wieser

Abstract: This paper presents a low-resource hardware implementation of the widely used crypto_box function of the Networking and Cryptography library (NaCl). It supports the X25519 Diffie-Hellman key exchange using Curve25519, the Salsa20 stream cipher, and the Poly1305 message authenticator. Our targeted application is a secure communication between devices in the Internet of Things (IoT) and Internet servers. Such devices are highly resource-constrained and require carefully optimized hardware implementations. We propose the first solution that enables 128-bit-secure public-key authenticated encryption on passively-powered IoT devices like WISP nodes. From a cryptographic point of view we thus make a first step to turn these devices into fully-fledged participants of Internet communication. Our crypto processor needs a silicon area of 14.6 kGEs and less than 40 uW of power at 1MHz for a 130nm low-leakage CMOS process technology.

Category / Keywords: implementation / Internet of Things, ASIC, Salsa20, Poly1305, Curve25519

Original Publication (with minor differences): Cryptographic Hardware and Embedded Systems -- CHES 2015

Date: received 24 Mar 2016

Contact author: michael hutter at cryptography com

Available format(s): PDF | BibTeX Citation

Version: 20160325:082948 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]