Abstract
The decision regarding the best suitable microprocessor for a given task is one of the most challenging assignments a hardware designer has to face. In this paper, we make a comparison of cycle-accurate VHDL clones of the 8-bit Atmel ATmega, the 16-bit Texas Instruments MSP430, and the 32-bit ARM Cortex-M0+. We investigate their runtime, chip area, power, and energy characteristics regarding Elliptic Curve Cryptography (ECC), one of the practically most resource-critical public-key cryptography systems. If ECC is not implemented with greatest care, its implementation can lead to excruciating runtimes or enable practical side-channel attacks. Considering those important requirements, we present a constant runtime, side-channel protected, and resource saving scalar multiplication algorithm. To tap the full potential of all three microprocessors, we perform assembly optimizations and add carefully crafted instruction-set extensions. To the best of our knowledge, this is the first thorough software and hardware comparison of these three embedded microprocessors.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
ARM. Cortex-M0+ Processor (2013), http://www.arm.com/products/processors/cortex-m/cortex-m0plus.php
Atmel Corporation. megaAVR Microcontroller (2013), http://www.atmel.com/products/microcontrollers/avr/megaavr.aspx
Aydos, M., Yanik, T., Koç, Ç.K.: A High-Speed ECC-based Wireless Authentication Protocol on an ARM Microprocessor. In: ACSAC, IEEE (2000)
Bernstein, D., Schwabe, P.: Neon crypto. In: CHES (2012)
Biehl, I., Meyer, B., Müller, V.: Differential Fault Attacks on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)
Certicom Research. Standards for Efficient Cryptography, SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0 (2000)
Ciet, M., Joye, M.: Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. In: Designs, Codes and Cryptography (2005)
Comba, P.: Exponentiation cryptosystems on the IBM PC. In: IBM Systems Journal (1990)
Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Ebeid, N., Lambert, R.: Securing the Elliptic Curve Montgomery Ladder Against Fault Attacks. In: FDTC, pp. 46–50. IEEE Computer Society (2009)
Fan, J., Guo, X., Mulder, E.D., Schaumont, P., Preneel, B., Verbauwhede, I.: State-of-the-Art of Secure ECC Implementations: A Survey on known Side-Channel Attacks and Countermeasures. In: HOST. IEEE (2010)
Fan, J., Verbauwhede, I.: An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost. In: Naccache, D. (ed.) Quisquater Festschrift. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012)
Fouque, P.-A., Lercier, R., Réal, D., Valette, F.: Fault Attack on Elliptic Curve Montgomery Ladder Implementation. In: FDTC. IEEE Computer Society (2008)
Freescale Semiconductor. Kinetis L Series MCUs (2013), http://www.freescale.com/webapp/sps/site/taxonomy.jsp?code=KINETIS_L_SERIES
Fujitsu Semiconductors. Fujitsu Semiconductor Widely Expands Lineup of 32-bit General Purpose Microcontrollers with the Release of Products Adopting 2 New ARM Cores (November 2012); Press Release
Fürbass, F., Wolkerstorfer, J.: ECC Processor with Low Die Size for RFID Applications. In: IEEE International Symposium on Circuits and Systems (2007)
Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)
Gouvêa, C.P.L., López, J.: Software Implementation of Pairing-Based Cryptography on Sensor Networks Using the MSP430 Microcontroller. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 248–262. Springer, Heidelberg (2009)
Gouvêa, C.P.L., Oliveira, L., López, J.: Efficient Software Implementation of Public-Key Cryptography on Sensor Networks Using the MSP430X Microcontroller. Journal of Cryptographic Engineering (2012)
Großschädl, J., Savaş, E.: Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)
Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-Bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)
Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized Electromagnetic Analysis of Cryptographic Implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012)
Hutter, M., Feldhofer, M., Plos, T.: An ECDSA Processor for RFID Authentication. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 189–202. Springer, Heidelberg (2010)
Hutter, M., Joye, M., Sierra, Y.: Memory-Constrained Implementations of Elliptic Curve Cryptography in Co-Z Coordinate Representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 170–187. Springer, Heidelberg (2011)
Hutter, M., Wenger, E.: Fast Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 459–474. Springer, Heidelberg (2011)
Itoh, T., Tsujii, S.: Effective recursive algorithm for computing multiplicative inverses in GF(2m). In: Electronic Letters (1988)
Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Kern, T., Feldhofer, M.: Low-Resource ECDSA Implementation for Passive RFID Tags. In: ICECS, pp. 1236–1239. IEEE (2010)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lenstra, A.K., Lenstra, H., Lovász, L.: Factoring Polynomials with Rational Coefficients. In: Mathematische Annalen (1982)
Liu, A., Ning, P.: TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks. In: International Conference on Information Processing in Sensor Networks (2008)
Montgomery, P.L.: Speeding the Pollard and Elliptic Curve Methods of Factorization. In: Mathematics of Computation (1987)
National Institute of Standards and Technology (NIST). FIPS-186-3: Digital Signature Standard, DSS (2009)
NXP Semiconductors. NXP Licenses ARM Cortex-M0+ Processor (March 2012); Press Release
Olivier Girard. openMSP430 (2013), http://opencores.org/project,openmsp430
Öztürk, E., Sunar, B., Savaş, E.: Low-Power Elliptic Curve Cryptography Using Scaled Modular Arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 92–106. Springer, Heidelberg (2004)
Satoh, A., Takano, K.: A Scalable Dual-Field Elliptic Curve Cryptographic Processor. In: IEEE Transactions on Computers (2003)
Schmidt, J.-M., Herbst, C.: A Practical Fault Attack on Square and Multiply. In: FDTC. IEEE Computer Society (2008)
Schmidt, J.-M., Medwed, M.: A Fault Attack on ECDSA. In: FDTC. IEEE (2009)
Szczechowiak, P., Oliveira, L.B., Scott, M., Collier, M., Dahab, R.: NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks. In: Verdone, R. (ed.) EWSN 2008. LNCS, vol. 4913, pp. 305–320. Springer, Heidelberg (2008)
Texas Instruments. MSP430 Ultra-Low Power 16-Bit Microcontrollers (2013), http://www.ti.com/msp430
Unterluggauer, T.: Xetroc-M0+. An implementation of ARMs Cortex-M0+. Master project, Graz University of Technology (2013)
Wang, H., Sheng, B., Li, Q.: Elliptic Curve Cryptography-based Access Control in Sensor Networks. International Journal of Security and Networks (2006)
Wenger, E.: A Lightweight ATmega-based Application-Specific Instruction-Set Processor for Elliptic Curve Cryptography. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 1–15. Springer, Heidelberg (2013)
Wenger, E., Baier, T., Feichtner, J.: JAAVR: Introducing the Next Generation of Security-Enabled RFID Tags. In: DSD, pp. 640–647. IEEE (2012)
Wenger, E., Feldhofer, M., Felber, N.: Low-Resource Hardware Design of an Elliptic Curve Processor for Contactless Devices. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 92–106. Springer, Heidelberg (2011)
Wenger, E., Werner, M.: Evaluating 16-Bit Processors for Elliptic Curve Cryptography. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 166–181. Springer, Heidelberg (2011)
Werner, M.: IDLE430 - an ImproveD msp LikE processor. Master project, Graz University of Technology (2013)
Yen, S.-M., Joye, M.: Checking Before Output Not Be Enough Against Fault-Based Cryptanalysis. IEEE Transactions on Computers. IEEE (May 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Wenger, E., Unterluggauer, T., Werner, M. (2013). 8/16/32 Shades of Elliptic Curve Cryptography on Embedded Processors. In: Paul, G., Vaudenay, S. (eds) Progress in Cryptology – INDOCRYPT 2013. INDOCRYPT 2013. Lecture Notes in Computer Science, vol 8250. Springer, Cham. https://doi.org/10.1007/978-3-319-03515-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-03515-4_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03514-7
Online ISBN: 978-3-319-03515-4
eBook Packages: Computer ScienceComputer Science (R0)