Implementing Curve25519 for Side-Channel--Protected Elliptic Curve Cryptography

For security-critical embedded applications Elliptic Curve Cryptography (ECC) has become the predominant cryptographic system for efficient key agreement and digital signatures. However, ECC still involves complex modular arithmetic that is a particular burden for small processors. In this context, Bernstein proposed the highly efficient ECC instance Curve25519 that particularly enables efficient software implementations at a security level comparable to AES-128 with inherent resistance to simple power analysis (SPA) and timing attacks. In this work, we show that Curve25519 is likewise competitive on FPGAs even when countermeasures to thwart side-channel power analysis are included. Our basic multicore DSP-based architectures achieves a maximal performance of more than 32,000 point multiplications per second on a Xilinx Zynq 7020 FPGA. Including a mix of side-channel countermeasures to impede simple and differential power analysis, we still achieve more than 27,500 point multiplications per second with a moderate increase in logic resources.

[1]  M. McLoone,et al.  An FPGA elliptic curve cryptographic accelerator over GF(p) , 2004 .

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Ingrid Verbauwhede,et al.  Reconfigurable Modular Arithmetic Logic Unit for High-Performance Public-Key Cryptosystems , 2006, ARC.

[4]  Yuan Ma,et al.  A High-Speed Elliptic Curve Cryptographic Processor for Generic Curves over \mathrm p , 2013, Selected Areas in Cryptography.

[5]  Christof Paar,et al.  A Scalable GF(p) Elliptic Curve Processor Architecture for Programmable Hardware , 2001, CHES.

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[8]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[9]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[10]  Jean-Jacques Quisquater,et al.  High-speed hardware implementations of Elliptic Curve Cryptography: A survey , 2007, J. Syst. Archit..

[11]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[12]  Joos Vandewalle,et al.  Hardware implementation of an elliptic curve processor over GF(p) , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[13]  Tim Güneysu,et al.  Efficient Elliptic-Curve Cryptography Using Curve25519 on Reconfigurable Devices , 2014, ARC.

[14]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[15]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[16]  Ingrid Verbauwhede,et al.  Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems , 2007, Comput. Electr. Eng..

[17]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[18]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[19]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[20]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[21]  Tim Güneysu,et al.  Ultra High Performance ECC over NIST Primes on Commercial FPGAs , 2008, CHES.