Closing the Gap in RFC 7748: Implementing Curve448 in Hardware

With the evidence on comprised cryptographic standards in the context of elliptic curves, the IETF TLS working group has issued a request to the IETF Crypto Forum Research Group (CFRG) to recommend new elliptic curves that do not leave a doubt regarding their rigidity or any backdoors. This initiative has recently published RFC 7748 proposing two elliptic curves, known as Curve25519 and Curve448, for use with the next generation of TLS. This choice of elliptic curves was already picked up by the IETF working group curdle for adoption in further security protocols, such as DNSSEC. Hence it can be expected that these two curves will become predominant in the Internet and will form one basis for future secure communication. Unfortunately, both curves were solely designed and optimized for pure software implementation; their implementation in hardware or their physical protection against side-channel attacks were not considered at any time. However, for Curve25519 it has been shown recently that efficient implementations in hardware along with side-channel protection are possible. In this work we aim to close this gap and demonstrate that fortunately the second curve can be efficiently implemented in hardware as well. More precisely, we demonstrate that the high-security Curve448 can be implemented on a Xilinx XC7Z7020 at moderate costs of just 963 logic and 30 DSP slices and performs a scalar multiplication in 2.5ms.

[1]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[2]  Joos Vandewalle,et al.  Hardware implementation of an elliptic curve processor over GF(p) , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[3]  Elisabeth Oswald,et al.  Randomised representations , 2008, IET Inf. Secur..

[4]  Tim Güneysu,et al.  Ultra High Performance ECC over NIST Primes on Commercial FPGAs , 2008, CHES.

[5]  Michael Hamburg,et al.  Ed448-Goldilocks, a new elliptic curve , 2015, IACR Cryptol. ePrint Arch..

[6]  THE HAGUE-THE NETHERLANDS , 2022 .

[7]  Kendall Ananyi,et al.  Flexible Hardware Processor for Elliptic Curve Cryptography Over NIST Prime Fields , 2009, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[8]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[9]  Jean-Jacques Quisquater,et al.  High-speed hardware implementations of Elliptic Curve Cryptography: A survey , 2007, J. Syst. Archit..

[10]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[11]  Tim Güneysu,et al.  Efficient Elliptic-Curve Cryptography Using Curve25519 on Reconfigurable Devices , 2014, ARC.

[12]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[13]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[14]  Daisuke Suzuki,et al.  How to Maximize the Potential of FPGA Resources for Modular Exponentiation , 2007, CHES.

[15]  Tim Güneysu,et al.  Implementing Curve25519 for Side-Channel--Protected Elliptic Curve Cryptography , 2015, ACM Trans. Reconfigurable Technol. Syst..

[16]  Christof Paar,et al.  A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware , 2001, CHES.

[17]  H. Edwards A normal form for elliptic curves , 2007 .

[18]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .

[19]  Marco D. Santambrogio,et al.  Reconfigurable computing : architectures, tools, and applications : 10th International Symposium, ARC 2014, Vilamoura, Portugal, April 14-16, 2014, proceedings , 2014 .

[20]  Debdeep Mukhopadhyay,et al.  Tile before multiplication: An efficient strategy to optimize DSP multiplier for accelerating prime field ECC for NIST curves , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[21]  Ingrid Verbauwhede,et al.  Reconfigurable Modular Arithmetic Logic Unit for High-Performance Public-Key Cryptosystems , 2006, ARC.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Hamad Alrimeih,et al.  Fast and Flexible Hardware Support for ECC Over Multiple Standard Prime Fields , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[24]  Adam Langley,et al.  Elliptic Curves for Security , 2016, RFC.

[25]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[26]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).