Full-Size High-Security ECC Implementation on MSP430 Microcontrollers

In the era of the Internet of Things, smart electronic devices facilitate processes in our everyday lives. Texas Instrument’s MSP430 microcontrollers target low-power applications, among which are wireless sensor, metering and medical applications. Those domains have in common that sensitive data is processed, which calls for strong security primitives to be implemented on those devices. Curve25519, which builds on a 255-bit prime field, has been proposed as an efficient, highly-secure elliptic-curve. While its high performance on powerful processors has been shown, the question remains, whether it is suitable for use in embedded devices. In this paper we present an implementation of Curve25519 for MSP430 microcontrollers. To combat timing attacks, we completely avoid conditional jumps and loads, thus making our software constant time. We give a comprehensive evaluation of different implementations of the modular multiplication and show which ones are favorable for different conditions. We further present implementation results of Curve25519, where our best implementation requires 9.1 million or 6.5 million cycles on MSP430Xs having a \(16\times 16\)-bit or a \(32\times 32\)-bit hardware multiplier respectively.

[1]  Peter Schwabe,et al.  Multiprecision multiplication on AVR revisited , 2015, Journal of Cryptographic Engineering.

[2]  Julio César López-Hernández,et al.  Software Implementation of Pairing-Based Cryptography on Sensor Networks Using the MSP430 Microcontroller , 2009, INDOCRYPT.

[3]  Erich Wenger,et al.  Evaluating 16-Bit Processors for Elliptic Curve Cryptography , 2011, CARDIS.

[4]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[5]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[6]  Tim Güneysu,et al.  Efficient Elliptic-Curve Cryptography Using Curve25519 on Reconfigurable Devices , 2014, ARC.

[7]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[8]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[9]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[10]  Tanja Lange,et al.  TweetNaCl: A Crypto Library in 100 Tweets , 2014, LATINCRYPT.

[11]  Leonardo B. Oliveira,et al.  Efficient software implementation of public-key cryptography on sensor networks using the MSP430X microcontroller , 2012, Journal of Cryptographic Engineering.

[12]  Peter Schwabe,et al.  NaCl on 8-Bit AVR Microcontrollers , 2013, AFRICACRYPT.

[13]  Christof Paar,et al.  Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP 430x33x Family of Microcontrollers , 2001, Public Key Cryptography.

[14]  Michael Scott,et al.  Optimizing Multiprecision Multiplication for Public Key Cryptography , 2007, IACR Cryptol. ePrint Arch..

[15]  Michael Scott,et al.  On the application of pairing based cryptography to wireless sensor networks , 2009, WiSec '09.

[16]  Daniel J. Bernstein,et al.  Batch Binary Edwards , 2009, CRYPTO.

[17]  Thomas Unterluggauer,et al.  8/16/32 Shades of Elliptic Curve Cryptography on Embedded Processors , 2013, INDOCRYPT.

[18]  Peter Schwabe,et al.  NEON Crypto , 2012, CHES.

[19]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[20]  Peter Schwabe,et al.  Fast Elliptic-Curve Cryptography on the Cell Broadband Engine , 2009, AFRICACRYPT.

[21]  Michael Hutter,et al.  Elliptic Curve Cryptography on the WISP UHF RFID Tag , 2011, RFIDSec.

[22]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[23]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.