MoTE-ECC: Energy-Scalable Elliptic Curve Cryptography for Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are susceptible to a wide range of malicious attacks, which has stimulated a body of research on “light-weight” security protocols and cryptographic primitives that are suitable for resource-restricted sensor nodes. In this paper we introduce MoTE-ECC, a highly optimized yet scalable ECC library for Memsic’s MICAz motes and other sensor nodes equipped with an 8-bit AVR processor. MoTE-ECC supports scalar multiplication on Montgomery and twisted Edwards curves over Optimal Prime Fields (OPFs) of variable size, e.g. 160, 192, 224, and 256 bits, which allows for various trade-offs between security and execution time (resp. energy consumption). OPFs are a special family of “low-weight” prime fields that, in contrast to the NIST-specified fields, facilitate a parameterized implementation of the modular arithmetic so that one and the same software function can be used for operands of different length. To demonstrate the performance of MoTE-ECC, we take (ephemeral) ECDH key exchange between two nodes as example, which requires each node to execute two scalar multiplications. The first scalar multiplication is performed on a fixed base point (to generate a key pair), whereas the second scalar multiplication gets an arbitrary point as input. Our implementation uses a fixed-base comb method on a twisted Edwards curve for the former and a simple ladder approach on a birationally-equivalent Montgomery curve for the latter. Both scalar multiplications require about 9 ·106 clock cycles in total and occupy only 380 bytes in RAM when the underlying OPF has a length of 160 bits. We also describe our efforts to harden MoTE-ECC against side-channel attacks (e.g. simple power analysis) and introduce a highly regular implementation of the comb method.

[1]  Marc Joye,et al.  Exponent Recoding and Regular Exponentiation Algorithms , 2009, AFRICACRYPT.

[2]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[3]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[4]  Jianying Zhou,et al.  Wireless Sensor Network Security , 2008 .

[5]  Yang Zhang,et al.  Efficient prime-field arithmetic for elliptic curve cryptography on wireless sensor nodes , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[6]  Michael Hamburg,et al.  Fast and compact elliptic-curve cryptography , 2012, IACR Cryptol. ePrint Arch..

[7]  Ian F. Akyildiz,et al.  Wireless Sensor Networks: Akyildiz/Wireless Sensor Networks , 2010 .

[8]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[9]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[10]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[11]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[12]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[13]  Xi Zhang,et al.  Quality, Reliability, Security and Robustness in Heterogeneous Networks , 2010, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

[14]  10 emerging technologies that will change your world , 2004, IEEE Engineering Management Review.

[15]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[16]  Ricardo Dahab,et al.  Efficient implementation of elliptic curve cryptography in wireless sensors , 2010, Adv. Math. Commun..

[17]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[18]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[19]  ItohToshiya,et al.  A fast algorithm for computing multiplicative inverses in GF(2m) using normal bases , 1988 .

[20]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[21]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[22]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[23]  Aboul Ella Hassanien,et al.  Progress in Cryptology – AFRICACRYPT 2013 , 2013, Lecture Notes in Computer Science.

[24]  Mukesh Singhal,et al.  Design of an architecture for multiple security levels in wireless sensor networks , 2010, 2010 Seventh International Conference on Networked Sensing Systems (INSS).

[25]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[26]  Davide Brunelli,et al.  Wireless Sensor Networks , 2012, Lecture Notes in Computer Science.

[27]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[28]  Zhe Liu,et al.  Low-Weight Primes for Lightweight Elliptic Curve Cryptography on 8-bit AVR Processors , 2013, Inscrypt.

[29]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[30]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[31]  Manuel Koschuch,et al.  Energy-Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks , 2009, WISTP.

[32]  Qun Li,et al.  Efficient Implementation of Public Key Cryptosystems on Mote Sensors (Short Paper) , 2006, ICICS.

[33]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[34]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[35]  Kouichi Sakurai,et al.  Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.

[36]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[37]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[38]  François-Xavier Standaert,et al.  Stealthy Compromise of Wireless Sensor Nodes with Power Analysis Attacks , 2010, MOBILIGHT.

[39]  Miodrag Potkonjak,et al.  On communication security in wireless ad-hoc sensor networks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[40]  Dirk Westhoff,et al.  Optimized Implementation of Elliptic Curve Based Additive Homomorphic Encryption for Wireless Sensor Networks , 2007 .

[41]  Johann Großschädl,et al.  TinySA: a security architecture for wireless sensor networks , 2006, CoNEXT '06.

[42]  Jacques Stern,et al.  Projective Coordinates Leak , 2004, EUROCRYPT.

[43]  Manuel Koschuch,et al.  Smart Elliptic Curve Cryptography for Smart Dust , 2010, QSHINE.

[44]  Peter Schwabe,et al.  NaCl on 8-Bit AVR Microcontrollers , 2013, AFRICACRYPT.

[45]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.