Efficient software implementation of public-key cryptography on sensor networks using the MSP430X microcontroller

In this work, we describe a software implementation of elliptic curve cryptography and pairing-based cryptography for the MSP430 microcontroller family, which is used in wireless sensors. Digital signature, short signature and key distribution protocols were implemented at the 80- and 128-bit levels of security, over both binary and prime fields. The timing results of our software implementation show an improvement of about 25–30% in the pairing computation over previous implementations. We also provide results for the MSP430X extension of the original family, which has new instructions. In particular, using the new 32-bit hardware multiplier available in some MSP430X models, we have achieved a further improvement of about 45% in the prime field multiplication and 20–30% in protocol timings. The combination of fast algorithms and improved hardware allows us to show that even the 128-bit level of security can be considered feasible for this platform.

[1]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[2]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[3]  Johann Großschädl,et al.  TinySA: a security architecture for wireless sensor networks , 2006, CoNEXT '06.

[4]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[5]  Ricardo Dahab,et al.  Efficient implementation of elliptic curve cryptography in wireless sensors , 2010, Adv. Math. Commun..

[6]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[7]  Michael Scott,et al.  On the application of pairing based cryptography to wireless sensor networks , 2009, WiSec '09.

[8]  Ricardo Dahab,et al.  High-Speed Software Multiplication in F2m , 2000, INDOCRYPT.

[9]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[10]  K. Dudacek,et al.  Experimental Evaluation of the MSP430 Microcontroller Power Requirements , 2007, EUROCON 2007 - The International Conference on "Computer as a Tool".

[11]  Frederik Vercauteren,et al.  Faster Interleaved Modular Multiplication Based on Barrett and Montgomery Reduction Methods , 2010, IEEE Transactions on Computers.

[12]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[13]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[14]  Christof Paar,et al.  Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP 430x33x Family of Microcontrollers , 2001, Public Key Cryptography.

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[17]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[18]  Michael Scott,et al.  Optimizing Multiprecision Multiplication for Public Key Cryptography , 2007, IACR Cryptol. ePrint Arch..

[19]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[20]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[21]  Francisco Rodríguez-Henríquez,et al.  Faster Hashing to ${\mathbb G}_2$ , 2011, Selected Areas in Cryptography.

[22]  Tanja Lange,et al.  Faster Computation of the Tate Pairing , 2009, IACR Cryptol. ePrint Arch..

[23]  Michael Scott,et al.  Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions , 2009, IACR Cryptol. ePrint Arch..

[24]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[25]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[26]  Andreas Enge,et al.  Provably secure non-interactive key distribution based on pairings , 2006, Discret. Appl. Math..

[27]  Ricardo Dahab,et al.  TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks , 2008, 2008 5th International Conference on Networked Sensing Systems.

[28]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[29]  Ramlan Mahmod,et al.  A New Addition Formula for Elliptic Curves over GF(2n) , 2002, IEEE Trans. Computers.

[30]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[31]  Patrick Longa,et al.  Faster Explicit Formulas for Computing Pairings over Ordinary Curves , 2011, EUROCRYPT.

[32]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[33]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[34]  Yasuyuki Nogami,et al.  Integer Variable chi-Based Ate Pairing , 2008, Pairing.

[35]  Rodrigo Roman,et al.  A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks , 2008, CANS.

[36]  Feng Zhao,et al.  Secure-TWS: Authenticating Node to Multi-user Communication in Shared Sensor Networks , 2012, Comput. J..

[37]  Koray Karabina Squaring in cyclotomic subgroups , 2013, Math. Comput..

[38]  Alfred Menezes,et al.  Field inversion and point halving revisited , 2004, IEEE Transactions on Computers.

[39]  Julio César López-Hernández,et al.  Software Implementation of Pairing-Based Cryptography on Sensor Networks Using the MSP430 Microcontroller , 2009, INDOCRYPT.

[40]  Feng Zhao,et al.  Secure-TWS: Authenticating node to multi-user communication in shared sensor networks , 2009, 2009 International Conference on Information Processing in Sensor Networks.

[41]  Paul G. Comba,et al.  Exponentiation Cryptosystems on the IBM PC , 1990, IBM Syst. J..

[42]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[43]  Damian Weber,et al.  The Solution of McCurley's Discrete Log Challenge , 1998, CRYPTO.

[44]  Reihaneh Safavi-Naini,et al.  An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.