Paper 2016/366

\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers

Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina

Abstract

We describe the design and implementation of efficient signature and key-exchange schemes for the AVR~ATmega and ARM Cortex~M0 microcontrollers, targeting the 128-bit security level. Our algorithms are based on an efficient Montgomery ladder scalar multiplication on the Kummer surface of Gaudry and Schost's genus-2 hyperelliptic curve, combined with the Jacobian point recovery technique of Chung, Costello, and Smith. Our results are the first to show the feasibility of software-only hyperelliptic cryptography on constrained platforms, and represent a significant improvement on the elliptic-curve state-of-the-art for both key exchange and signatures on these architectures. Notably, our key-exchange scalar-multiplication software runs in under 9520k cycles on the ATmega and under 2640k cycles on the Cortex M0, improving on the current speed records by 32% and 75% respectively.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in CHES 2016
Keywords
Hyperelliptic curve cryptographyKummer surfaceAVR ATmegaARM Cortex M0
Contact author(s)
j renes @ cs ru nl
History
2017-01-26: last of 3 revisions
2016-04-12: received
See all versions
Short URL
https://ia.cr/2016/366
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/366,
      author = {Joost Renes and Peter Schwabe and Benjamin Smith and Lejla Batina},
      title = {\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers},
      howpublished = {Cryptology ePrint Archive, Paper 2016/366},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/366}},
      url = {https://eprint.iacr.org/2016/366}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.