Cryptology ePrint Archive: Report 2013/609

Ultra Low-Power implementation of ECC on the ARM Cortex-M0+

Ruan de Clercq and Leif Uhsadel and Anthony Van Herrewege and Ingrid Verbauwhede

Abstract: In this work, elliptic curve cryptography (ECC) is used to make an efficient implementation of a public-key cryptography algorithm on the ARM Cortex-M0+. The goal of this implementation is to make not only a fast, but also a very low-power software implementation. To aid in the elliptic curve parameter selection, the energy consumption of different instructions on the ARM Cortex-M0+ was measured and it was found that there is a variation of up to 22.5% between different instructions. The instruction set architecture (ISA) and energy measurements were used to make a simulation of both a binary curve and a prime curve implementation, and the former was found to have a slightly faster execution time with a lower power consumption. Binary curve arithmetic use instructions which requires less energy than prime curve arithmetic on the target platform. A new field multiplication algorithm is proposed, called Lopez-Dahab with fixed registers, which is an optimization of the Lopez-Dahab (LD) algorithm. The proposed algorithm has a performance improvement of 15\% over the LD with rotating registers algorithm (which is the current fastest optimization of the LD algorithm). A software implementation that uses the proposed algorithm was made in C and assembly, and on average our implementation of a random point multiplication requires 34.16uJ, whereas our fixed point multiplication requires 20.63uJ. The energy consumption of our implementation beats all known software implementations on embedded platforms, of a point multiplication, on the same equivalent security level by a factor of 7.4.

Category / Keywords: public-key cryptography / ECC, ARM, Cortex-M0+, low-power, software

Date: received 20 Sep 2013

Contact author: ruan declercq at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20130923:034034 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]