Skip to main content
SpringerLink
Log in

Analysis of performance versus security in hardware realizations of small elliptic curves for lightweight applications

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

In this paper, we report the results of a comprehensive study of the security level versus the execution performance (and resource requirements) for hardware implementations of small elliptic curves, particularly targeted for lightweight applications, such as RFID tags and sensor nodes. The case study was performed for small elliptic curves (41–163 bits) over GF(\(2^m\)), where finite field elements are represented using polynomial and Gaussian normal bases. The idea behind using elliptic curves in this range is that we obtain small implementations suitable for the mentioned applications, however, this would be at the cost of less security since the Elliptic Curve Discrete Logarithm Problem (ECDLP) would be easier to break, i.e., would require fewer resources and less time for such small curves. Therefore, one must investigate both sides of the coin: first, hardware resources to implement such elliptic curves and the resulting total execution time for a single point multiplication; second, hardware resources to break such a curve and the resulting cost in terms of a defined metric, such as the total amount devices or dollars to solve the ECDLP in a given time duration. Following this reasoning, we studied the hardware (FPGA) implementations of small elliptic curves and determined the amount of resources (number of ALUTs, MEMs, REGs, the duration of clock, the total number of clock cycles and the total execution time) needed for a single point multiplication operation. We also studied the security level of each one of these curves, based on an attack model an associated cost metric. Under our proposed attack model, which we believe is very innovative; we considered three different platforms, namely PC, FPGA, and cloud computing. Due to the complexity of Cloud Computing configurations, we considered two different performance instances, namely, small (low budget) and high performance (relatively high budget). We then calculated the amount of resources and the total amount of dollars needed to solve each particular ECDLP, under different assumptions. We believe the results of our study will allow designers to select the appropriate curve for each application and the device, based on the perceived (or real) threat models that device is operating and the performance requirements of the elliptic curve protocol, such as ECDH, ECDH, or ECIES.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-cost elliptic curve cryptography for wireless sensor networks. In: Proceedings of Third European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, vol. 4357 of LNCS, pp. 6–17. Springer, Berlin (2006)

  2. Sakiyama, K.: Secure design methodology and implementation for embedded public-key cryptosystems. PhD Thesis, Katholieke Universiteit Leuven (2007)

  3. Liu, A., Ning, P.: Tiny ECC a configurable library for elliptic curve cryptography in wireless sensor networks. In: 2008 International Conference on Information Processing in Sensor Networks IPSN 2008, IEEE, pp. 245–256 (2008)

  4. Wolkerstorfer, J.: Scaling ECC hardware to a minimum. In: Austrochip 2005 Mikroelektronik Tagung, Nikolaus Kerö und Peter Rössler, pp. 207–214 (2005)

  5. Bla, E., Zitterbart, M.: Towards acceptable public-key encryption in sensor networks. In: The 2nd International Workshop on Ubiquitous Computing, ACM SIGMIS, pp. 88–93 (2005)

  6. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public-key cryptography for RFID-tags. In: Fifth Annual IEEE International Conference on Pervasive Computing and Communications—Workshops (PerCom Workshops 2007), 19–23 March 2007, pp. 217–222. White Plains, New York (2007)

  7. Roman, R., Alcaraz, C., Lopez, J.: A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. Mob. Netw. Appl. 12(4), 231–244 (2007)

    Article  Google Scholar 

  8. Gaubatz, G., Kaps, J., ztrk, E., Sunar, B.: State of the art in ultra-low power public key cryptography for wireless sensor networks. In: 2nd IEEE International Workshop on Pervasive Computing and Communication Security (PerSec 2005), pp. 146–150, Kauai Island (2005)

  9. Gaubatz, G., Kaps, J., Sunar, B.: Public key cryptography in sensor networks—revisited. In: 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), pp. 2–18 (2004)

  10. Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007)

    Google Scholar 

  11. Seroussi, G.: Table of low-weight binary irreducible polynomials. Tech. Report, Computer Systems Laboratory, August (1998)

  12. FIPS 186–2, Digital Signature Standard (DSS). http://csrc.nist.gov/publications/ps/ps186-2/ps186-2-change1.pdf

  13. Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(\(2^m\)) using normal bases. Inf. Comput. 78, pp. 171–177 (1988)

    Google Scholar 

  14. López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(\(2^m\)) without precomputation. In: Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems CHES ’99, pp. 316–327 (1999)

  15. Wiener, M.J., Zuccherato, R.J.: Faster attacks on elliptic curve cryptosystems. In: Proceedings of the Selected Areas in Cryptography SAC ’98, pp. 190–200 (1999)

  16. Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Software implementation of binary elliptic curves: impact of the carry-less multiplier on scalar multiplication. Cryptology ePrint Archive, Report 2011/170 (2011)

  17. Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.C., Cheng, C.M., van Damme, G., de Meulenaer, G., Dominguez Perez, L.J., Fan, J., Gneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege A., Yang, B.Y.: Breaking ECC2K-130. Cryptology ePrint Archive, Report 2009/541 (2009)

  18. Kleinjung, T., Lenstra, A.K., Page, D., Smart, N.P.: Using the cloud to determine key strengths. Cryptology ePrint Archive, Report 2011/254 (2011)

  19. http://aws.amazon.com/ec2/instance-types/. Accessed Nov 2011

Download references

Author information

Authors and Affiliations

  1. Bionanoelectronics Research Group, Universidad del Valle, Cali, Colombia

    Vladimir Trujillo-Olaya

  2. University of California, Santa Barbara, USA

    Timothy Sherwood & Çetin Kaya Koç

  3. Istanbul Şehir University, Istanbul, Turkey

    Çetin Kaya Koç

Authors
  1. Vladimir Trujillo-Olaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timothy Sherwood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Çetin Kaya Koç
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vladimir Trujillo-Olaya.

Additional information

The research described in this paper was conducted while the V. Trujillo-Olaya was visiting UCSB by a grant of Colciencias.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Trujillo-Olaya, V., Sherwood, T. & Koç, Ç.K. Analysis of performance versus security in hardware realizations of small elliptic curves for lightweight applications. J Cryptogr Eng 2, 179–188 (2012). https://doi.org/10.1007/s13389-012-0039-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-012-0039-x

Keywords

Search

Navigation