**Ultra Low-Power implementation of ECC on the ARM Cortex-M0+**

*Ruan de Clercq and Leif Uhsadel and Anthony Van Herrewege and Ingrid Verbauwhede*

**Abstract: **In this work, elliptic curve cryptography (ECC) is used to make an efficient implementation of a public-key cryptography algorithm on the ARM Cortex-M0+. The goal of this implementation is to make not only a fast, but also a very low-power software implementation. To aid in the elliptic curve parameter selection, the energy consumption of different instructions on the ARM Cortex-M0+ was measured and it was found that there is a variation of up to 22.5% between different instructions. The instruction set architecture (ISA) and energy measurements were used to make a simulation of both a binary curve and a prime curve implementation, and the former was found to have a slightly faster execution time with a lower power consumption. Binary curve arithmetic use instructions which requires less energy than prime curve arithmetic on the target platform. A new field multiplication algorithm is proposed, called Lopez-Dahab with fixed registers, which is an optimization of the Lopez-Dahab (LD) algorithm. The proposed algorithm has a performance improvement of 15\% over the LD with rotating registers algorithm (which is the current fastest optimization of the LD algorithm). A software implementation that uses the proposed algorithm was made in C and assembly, and on average our implementation of a random point multiplication requires 34.16uJ, whereas our fixed point multiplication requires 20.63uJ. The energy consumption of our implementation beats all known software implementations on embedded platforms, of a point multiplication, on the same equivalent security level by a factor of 7.4.

**Category / Keywords: **public-key cryptography / ECC, ARM, Cortex-M0+, low-power, software

**Date: **received 20 Sep 2013

**Contact author: **ruan declercq at esat kuleuven be

**Available format(s): **PDF | BibTeX Citation

**Version: **20130923:034033 (All versions of this report)

**Short URL: **ia.cr/2013/609

[ Cryptology ePrint archive ]