Paper 2016/366
\(\mu\)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers
Joost Renes and Peter Schwabe and Benjamin Smith and Lejla Batina
Abstract
We describe the design and implementation of efficient signature and key-exchange schemes for the AVR~ATmega and ARM Cortex~M0 microcontrollers, targeting the 128-bit security level. Our algorithms are based on an efficient Montgomery ladder scalar multiplication on the Kummer surface of Gaudry and Schost's genus-2 hyperelliptic curve, combined with the Jacobian point recovery technique of Chung, Costello, and Smith. Our results are the first to show the feasibility of software-only hyperelliptic cryptography on constrained platforms, and represent a significant improvement on the elliptic-curve state-of-the-art for both key exchange and signatures on these architectures. Notably, our key-exchange scalar-multiplication software runs in under 9520k cycles on the ATmega and under 2640k cycles on the Cortex M0, improving on the current speed records by 32% and 75% respectively.
Metadata
- Available format(s)
- Publication info
- Published by the IACR in CHES 2016
- Keywords
- Hyperelliptic curve cryptographyKummer surfaceAVR ATmegaARM Cortex M0
- Contact author(s)
- j renes @ cs ru nl
- History
- 2017-01-26: last of 3 revisions
- 2016-04-12: received
- See all versions
- Short URL
- https://ia.cr/2016/366
- License
-
CC BY