\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers

Joost Renes; Peter Schwabe; Benjamin Smith; Lejla Batina

Paper 2016/366

\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers

Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina

Abstract

We describe the design and implementation of efficient signature and key-exchange schemes for the AVR~ATmega and ARM Cortex~M0 microcontrollers, targeting the 128-bit security level. Our algorithms are based on an efficient Montgomery ladder scalar multiplication on the Kummer surface of Gaudry and Schost's genus-2 hyperelliptic curve, combined with the Jacobian point recovery technique of Chung, Costello, and Smith. Our results are the first to show the feasibility of software-only hyperelliptic cryptography on constrained platforms, and represent a significant improvement on the elliptic-curve state-of-the-art for both key exchange and signatures on these architectures. Notably, our key-exchange scalar-multiplication software runs in under 9520k cycles on the ATmega and under 2640k cycles on the Cortex M0, improving on the current speed records by 32% and 75% respectively.

Metadata

Available format(s): PDF
Publication info: Published by the IACR in CHES 2016
Keywords: Hyperelliptic curve cryptography Kummer surface AVR ATmega ARM Cortex M0
Contact author(s): j renes @ cs ru nl
History: 2017-01-26: last of 3 revisions; 2016-04-12: received; See all versions
Short URL: https://ia.cr/2016/366
License: CC BY

BibTeX

@misc{cryptoeprint:2016/366,
      author = {Joost Renes and Peter Schwabe and Benjamin Smith and Lejla Batina},
      title = {\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/366},
      year = {2016},
      url = {https://eprint.iacr.org/2016/366}
}