Precomputation Methods for Hash-Based Signatures on Energy-Harvesting Platforms

Energy-harvesting techniques can be combined with wireless embedded sensors to obtain battery-free platforms with an extended lifetime. Although energy-harvesting offers a continuous supply of energy, the delivery rate is typically limited to a few Joules per day. This is a severe constraint to the achievable computing throughput on the embedded sensor node, and to the achievable latency obtained from applications running on those nodes. In this paper, we address these constraints with precomputation. The idea is to reduce the amount of computations required in response to application inputs, by partitioning the algorithm in an offline part, computed before the inputs are available, and an online part, computed in response to the actual input. We show that this technique works well on hash-based cryptographic signatures, which have a complex key generation for each new message that requires a signature. By precomputing the key-material, and by storing it as run-time coupons in non-volatile memory, there is a drastic reduction of the run-time energy needs for a signature, and a drastic reduction of the run-time latency to generate it. For a Winternitz hash-based scheme at 84-bit quantum security level on a MSP430 microcontroller, we measured a run-time energy reduction of 11.9<inline-formula><tex-math notation="LaTeX">$\times$</tex-math><alternatives> <inline-graphic xlink:type="simple" xlink:href="aysu-ieq1-2500570.gif"/></alternatives></inline-formula> and a run-time latency reduction of 23.5<inline-formula><tex-math notation="LaTeX">$\times$</tex-math><alternatives> <inline-graphic xlink:type="simple" xlink:href="aysu-ieq2-2500570.gif"/></alternatives></inline-formula>.

[1]  T. O'Donnell,et al.  Energy scavenging for long-term deployable wireless sensor networks. , 2008, Talanta.

[2]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  Thomas Eisenbarth,et al.  Faster Hash-Based Signatures with Bounded Leakage , 2013, Selected Areas in Cryptography.

[5]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .

[6]  Chiara Petrioli,et al.  Low-cost Standard Signatures in Wireless Sensor Networks: A Case for Reviving Pre-computation Techniques? , 2013, NDSS.

[7]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[8]  Patrick Schaumont,et al.  Energy Budget Analysis for Signature Protocols on a Self-powered Wireless Sensor Node , 2014, RFIDSec.

[9]  Qing Wu,et al.  Energy Aware Dynamic Voltage and Frequency Selection for Real-Time Systems with Energy Harvesting , 2008, 2008 Design, Automation and Test in Europe.

[10]  Peter de Rooij,et al.  Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[11]  Gilles Brassard,et al.  Quantum Cryptanalysis of Hash and Claw-Free Functions , 1998, LATIN.

[12]  Christoph Krauß,et al.  Short Hash-Based Signatures for Wireless Sensor Networks , 2009, CANS.

[13]  Bilgiday Yuce,et al.  The Future of Real-Time Security , 2015, ACM Trans. Embed. Comput. Syst..

[14]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[15]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[16]  Kevin Fu,et al.  Mementos: system support for long-running computation on RFID-scale devices , 2011, ASPLOS XVI.

[17]  David Wetherall,et al.  Dewdrop: An Energy-Aware Runtime for Computational RFID , 2011, NSDI.

[18]  Johannes A. Buchmann,et al.  On the Security of the Winternitz One-Time Signature Scheme , 2011, AFRICACRYPT.

[19]  Chiara Petrioli,et al.  AGREE: exploiting energy harvesting to support data-centric access control in WSNs , 2013, Ad Hoc Networks.

[20]  Eli Harari The Non-Volatile Memory Industry - A Personal Journey , 2011, 2011 3rd IEEE International Memory Workshop (IMW).

[21]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[22]  Donald F. Towsley,et al.  DEOS: Dynamic energy-oriented scheduling for sustainable wireless sensor networks , 2012, 2012 Proceedings IEEE INFOCOM.

[23]  Ernest F. Brickell,et al.  Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[24]  Jens Gräf,et al.  XBX Benchmarking Results January 2012 , 2012 .

[25]  Ignas G. Niemegeers,et al.  Providing security in energy harvesting sensor networks , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[26]  Ramarathnam Venkatesan,et al.  Speeding up Discrete Log and Factoring Based Schemes via Precomputations , 1998, EUROCRYPT.

[27]  Christof Zalka,et al.  Shor's discrete logarithm quantum algorithm for elliptic curves , 2003, Quantum Inf. Comput..