\(\mu \)Kummer: Efficient Hyperelliptic Signatures and Key Exchange on Microcontrollers

  • Joost Renes
  • Peter Schwabe
  • Benjamin Smith
  • Lejla Batina
Conference paper

DOI: 10.1007/978-3-662-53140-2_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9813)
Cite this paper as:
Renes J., Schwabe P., Smith B., Batina L. (2016) \(\mu \)Kummer: Efficient Hyperelliptic Signatures and Key Exchange on Microcontrollers. In: Gierlichs B., Poschmann A. (eds) Cryptographic Hardware and Embedded Systems – CHES 2016. CHES 2016. Lecture Notes in Computer Science, vol 9813. Springer, Berlin, Heidelberg

Abstract

We describe the design and implementation of efficient signature and key-exchange schemes for the AVR ATmega and ARM Cortex M0 microcontrollers, targeting the 128-bit security level. Our algorithms are based on an efficient Montgomery ladder scalar multiplication on the Kummer surface of Gaudry and Schost’s genus-2 hyperelliptic curve, combined with the Jacobian point recovery technique of Chung, Costello, and Smith. Our results are the first to show the feasibility of software-only hyperelliptic cryptography on constrained platforms, and represent a significant improvement on the elliptic-curve state-of-the-art for both key exchange and signatures on these architectures. Notably, our key-exchange scalar-multiplication software runs in under 9520k cycles on the ATmega and under 2640k cycles on the Cortex M0, improving on the current speed records by 32 % and 75 % respectively.

Keywords

Hyperelliptic curve cryptography Kummer surface AVR ATmega ARM Cortex M0 

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Joost Renes
    • 1
  • Peter Schwabe
    • 1
  • Benjamin Smith
    • 2
  • Lejla Batina
    • 1
  1. 1.Digital Security GroupRadboud UniversityNijmegenThe Netherlands
  2. 2.INRIA and Laboratoire d’Informatique de l’École polytechnique (LIX)PalaiseauFrance

Personalised recommendations