Cryptology ePrint Archive: Report 2016/366

\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers

Joost Renes and Peter Schwabe and Benjamin Smith and Lejla Batina

Abstract: We describe the design and implementation of efficient signature and key-exchange schemes for the AVR~ATmega and ARM Cortex~M0 microcontrollers, targeting the 128-bit security level. Our algorithms are based on an efficient Montgomery ladder scalar multiplication on the Kummer surface of Gaudry and Schost's genus-2 hyperelliptic curve, combined with the Jacobian point recovery technique of Chung, Costello, and Smith. Our results are the first to show the feasibility of software-only hyperelliptic cryptography on constrained platforms, and represent a significant improvement on the elliptic-curve state-of-the-art for both key exchange and signatures on these architectures. Notably, our key-exchange scalar-multiplication software runs in under 9520k cycles on the ATmega and under 2640k cycles on the Cortex M0, improving on the current speed records by 32% and 75% respectively.

Category / Keywords: Hyperelliptic curve cryptography, Kummer surface, AVR ATmega, ARM Cortex M0

Original Publication (in the same form): IACR-CHES-2016

Date: received 8 Apr 2016, last revised 26 Jan 2017

Contact author: j renes at cs ru nl

Available format(s): PDF | BibTeX Citation

Version: 20170126:170329 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]