Paper 2021/471

Size, Speed, and Security: An Ed25519 Case Study

Cesar Pereida García and Sampo Sovio

Abstract

Ed25519 has significant performance benefits compared to ECDSA using Weierstrass curves such as NIST P-256, therefore it is considered a good digital signature algorithm, specially for low performance IoT devices. However, such devices often have very limited resources and thus, implementations for these devices need to be as small and as performant as possible while being secure. In this paper we describe a scenario in which an obvious strategy to aggressively optimize an Ed25519 implementation for code size leads to a small memory footprint that is functionally correct but vulnerable to side-channel attacks. This strategy serves as an example of aggressive optimizations that might be considered by cryptography engineers, developers, and practitioners unfamiliar with the power of Side-Channel Analysis (SCA). As a solution to the flawed implementation example, we use a computer-aided cryptography tool generating formally verified finite field arithmetic to generate two secure Ed25519 implementations fulfilling different size requirements. After benchmarking and comparing these implementations to other widely used implementations our results show that computer-aided cryptography is capable of generating competitive code in terms of security, speed, and size.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
applied cryptographyEdDSAEd25519side-channel analysiscomputer-aided cryptography
Contact author(s)
cesar pereidagarcia @ tuni fi
sampo sovio @ huawei com
History
2021-04-12: received
Short URL
https://ia.cr/2021/471
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/471,
      author = {Cesar Pereida García and Sampo Sovio},
      title = {Size, Speed, and Security: An Ed25519 Case Study},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/471},
      year = {2021},
      url = {https://eprint.iacr.org/2021/471}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.