Paper 2016/352

Closing the Gap in RFC 7748: Implementing Curve448 in Hardware

Pascal Sasdrich and Tim Güneysu

Abstract

With the evidence on comprised cryptographic standards in the context of elliptic curves, the IETF TLS working group has issued a request to the IETF Crypto Forum Research Group (CFRG) to recommend new elliptic curves that do not leave a doubt regarding their rigidity or any backdoors. This initiative has recently published RFC 7748 proposing two elliptic curves, known as Curve25519 and Curve448, for use with the next generation of TLS. This choice of elliptic curves was already picked up by the IETF working group curdle for adoption in further security protocols, such as DNSSEC. Hence it can be expected that these two curves will become predominant in the Internet and will form one basis for future secure communication. Unfortunately, both curves were solely designed and optimized for pure software implementation; their implementation in hardware or their physical protection against side-channel attacks were not considered at any time. However, for Curve25519 it has been shown recently that efficient implementations in hardware along with side-channel protection are possible. In this work we aim to close this gap and demonstrate that fortunately the second curve can be efficiently implemented in hardware as well. More precisely, we demonstrate that the high-security Curve448 can be implemented on a Xilinx XC7Z7020 at moderate costs of just 963 logic and 30 DSP slices and performs a scalar multiplication in 2.5ms.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
RFC7748Curve448hardware implementationFPGAside-channel protection
Contact author(s)
pascal sasdrich @ rub de
History
2016-04-06: received
Short URL
https://ia.cr/2016/352
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/352,
      author = {Pascal Sasdrich and Tim Güneysu},
      title = {Closing the Gap in {RFC} 7748: Implementing Curve448 in Hardware},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/352},
      year = {2016},
      url = {https://eprint.iacr.org/2016/352}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.