Paper 2021/471
Size, Speed, and Security: An Ed25519 Case Study
Cesar Pereida García and Sampo Sovio
Abstract
Ed25519 has significant performance benefits compared to ECDSA using Weierstrass curves such as NIST P-256, therefore it is considered a good digital signature algorithm, specially for low performance IoT devices. However, such devices often have very limited resources and thus, implementations for these devices need to be as small and as performant as possible while being secure. In this paper we describe a scenario in which an obvious strategy to aggressively optimize an Ed25519 implementation for code size leads to a small memory footprint that is functionally correct but vulnerable to side-channel attacks. This strategy serves as an example of aggressive optimizations that might be considered by cryptography engineers, developers, and practitioners unfamiliar with the power of Side-Channel Analysis (SCA). As a solution to the flawed implementation example, we use a computer-aided cryptography tool generating formally verified finite field arithmetic to generate two secure Ed25519 implementations fulfilling different size requirements. After benchmarking and comparing these implementations to other widely used implementations our results show that computer-aided cryptography is capable of generating competitive code in terms of security, speed, and size.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- applied cryptographyEdDSAEd25519side-channel analysiscomputer-aided cryptography
- Contact author(s)
-
cesar pereidagarcia @ tuni fi
sampo sovio @ huawei com - History
- 2021-04-12: received
- Short URL
- https://ia.cr/2021/471
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/471, author = {Cesar Pereida García and Sampo Sovio}, title = {Size, Speed, and Security: An Ed25519 Case Study}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/471}, year = {2021}, url = {https://eprint.iacr.org/2021/471} }