Paper 2015/343

High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers

Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe

Abstract

This paper presents new speed records for 128-bit secure elliptic-curve Diffie-Hellman key-exchange software on three different popular microcontroller architectures. We consider a 255-bit curve proposed by Bernstein known as Curve25519, which has also been adopted by the IETF. We optimize the X25519 key-exchange protocol proposed by Bernstein in 2006 for AVR ATmega 8-bit microcontrollers, MSP430X 16-bit microcontrollers, and for ARM Cortex-M0 32-bit microcontrollers. Our software for the AVR takes only 13 900 397 cycles for the computation of a Diffe-Hellman shared secret, and is the first to perform this computation in less than a second if clocked at 16 MHz for a security level of 128 bits. Our MSP430X software computes a shared secret in 5 301 792 cycles on MSP430X microcontrollers that have a 32-bit hardware multiplier and in 7 933 296 cycles on MSP430X microcontrollers that have a 16-bit multiplier. It thus outperforms previous constant-time ECDH software at the 128-bit security level on the MSP430X by more than a factor of 1.2 and 1.15, respectively. Our implementation on the Cortex-M0 runs in only 3 589 850 cycles and outperforms previous 128-bit secure ECDH software by a factor of 3.

Note: Typo in the abstract.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Design Codes and Cryptography
DOI
bd41e6b96370dea91c5858f1b809b581
Keywords
elliptic curve cryptographyCurve25519ECDH key-exchangemicrocontrollerAVR ATmegaMSP430ARM Cortex-M0implementation
Contact author(s)
bjoern m haase @ web de
History
2015-04-20: received
Short URL
https://ia.cr/2015/343
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/343,
      author = {Michael Düll and Björn Haase and Gesine Hinterwälder and Michael Hutter and Christof Paar and Ana Helena Sánchez and Peter Schwabe},
      title = {High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers},
      howpublished = {Cryptology ePrint Archive, Paper 2015/343},
      year = {2015},
      doi = {bd41e6b96370dea91c5858f1b809b581},
      note = {\url{https://eprint.iacr.org/2015/343}},
      url = {https://eprint.iacr.org/2015/343}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.