Advertisement

Full-Size High-Security ECC Implementation on MSP430 Microcontrollers

  • Gesine HinterwälderEmail author
  • Amir Moradi
  • Michael Hutter
  • Peter Schwabe
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8895)

Abstract

In the era of the Internet of Things, smart electronic devices facilitate processes in our everyday lives. Texas Instrument’s MSP430 microcontrollers target low-power applications, among which are wireless sensor, metering and medical applications. Those domains have in common that sensitive data is processed, which calls for strong security primitives to be implemented on those devices. Curve25519, which builds on a 255-bit prime field, has been proposed as an efficient, highly-secure elliptic-curve. While its high performance on powerful processors has been shown, the question remains, whether it is suitable for use in embedded devices. In this paper we present an implementation of Curve25519 for MSP430 microcontrollers. To combat timing attacks, we completely avoid conditional jumps and loads, thus making our software constant time. We give a comprehensive evaluation of different implementations of the modular multiplication and show which ones are favorable for different conditions. We further present implementation results of Curve25519, where our best implementation requires 9.1 million or 6.5 million cycles on MSP430Xs having a \(16\times 16\)-bit or a \(32\times 32\)-bit hardware multiplier respectively.

Keywords

MSP430 Carry-save representation Karatsuba Operand-caching multiplication Curve25519 

References

  1. 1.
    Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010). http://www.iacr.org/archive/ches2010/ 62250105/62250105.pdf. 32 CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). http://cr.yp.to/papers.html#curve25519. 32, 33, 35, 36, 37 CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J.: Batch binary edwards. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009). http://cr.yp.to/papers. html#bbe. 38 CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J.: Cryptography in NaCl (2009). http://cr.yp.to/highspeed/naclcrypto-20090310.pdf. 35
  5. 5.
    Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 320–339. Springer, Heidelberg (2012). http://cryptosith.org/papers/neoncrypto-20120320.pdf. 33 CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., van Gastel, B., Janssen, W., Lange, T., Schwabe, P., Smetsers, S.: TweetNaCl: A crypto library in 100 tweets (to appear). Document ID: c74b5bbf605ba02ad8d9e49f04aca9a2. http://cryptojedi.org/papers/#tweetnacl. 33
  7. 7.
    Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the cell broadband engine. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 368–385. Springer, Heidelberg (2009). 33, 36 CrossRefGoogle Scholar
  8. 8.
    Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient LIbrary for Cryptography (2014). http://code.google.com/p/relic-toolkit/. Accessed 06 September 2014. 34
  9. 9.
    Gouvêa, C.P.L., López, J.: Software implementation of pairing-based cryptography on sensor networks using the MSP430 microcontroller. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 248–262. Springer, Heidelberg (2009). http://conradoplg.cryptoland.net/files/2010/12/indocrypt09.pdf. 33, 43 CrossRefGoogle Scholar
  10. 10.
    Gouvêa, C.P.L., Oliveira, L.B., López, J.: Efficient software implementation of public-key cryptography on sensor networks using the MSP430X microcontroller. J. Crypt. Eng. 2(1), 19–29 (2012). http://conradoplg.cryptoland.net/files/ 2010/12/jcen12.pdf. 42 CrossRefGoogle Scholar
  11. 11.
    Guajardo, J., Blümel, R., Krieger, U., Paar, C.: Efficient implementation of elliptic curve cryptosystems on the TI MSP430x33x family of microcontrollers. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 365–382. Springer, Heidelberg (2001). 33 CrossRefGoogle Scholar
  12. 12.
    Halperin, D., Heydt-Benjamin, T.S., Ransford, B., Clark, S.S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W.H.: Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In: IEEE Symposium on Security and Privacy - IEEE S&P 2008d, pp. 129–142. IEEE Computer Society (2008). http://www.secure-medicine.org/public/publications/icd-study.pdf. 32
  13. 13.
    Hutter, M., Schwabe, P.: NaCl on 8-Bit AVR microcontrollers. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 156–172. Springer, Heidelberg (2013). http://cryptojedi.org/papers/ avrnacl-20130220.pdf. 33 CrossRefGoogle Scholar
  14. 14.
    Hutter, M., Schwabe, P.: Multiprecision multiplication on AVR revisited (2014). http://cryptojedi.org/papers/#avrmul. 37, 39, 45
  15. 15.
    Hutter, M., Wenger, E.: Fast multi-precision multiplication for public-key cryptography on embedded microprocessors. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 459–474. Springer, Heidelberg (2011). https://online. tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=58138. 37, 38 CrossRefGoogle Scholar
  16. 16.
    T.I. Incorporated: Enabling secure portable medical devices with TI’s MSP430 MCU and wireless technologies (2012). http://www.ti.com/lit/wp/slay027/slay027.pdf. 32
  17. 17.
    T.I. Incorporated: MSP430FR58xx, MSP430FR59xx, MSP430FR68xx, and MSP430FR69xx family user’s guide (2012). 40 Google Scholar
  18. 18.
    T.I. Incorporated: MSP430x2xx family - user’s guide, July 2013. http://www.ti.com/lit/ug/slau144j/slau144j.pdf. 34
  19. 19.
    T.I. Incorporated: MSP430F261x datasheet (rev. K) (2014). http://www.ti.com/lit/ds/symlink/msp430f2618.pdf. 34
  20. 20.
    Janssen, W.: Curve25519 in 18 tweets. Bachelor’s thesis, Radboud University Nijmegen (2014). http://www.cs.ru.nl/bachelorscripties/2014/Wesley_Janssen___4037332___Curve25519_in_18_tweets.pdf. 33
  21. 21.
    Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady, 7, 595–596 (1963). Translated from Doklady Akademii Nauk SSSR, Vol. 145, No. 2, pp. 293–294, July 1962. 37, 39 Google Scholar
  22. 22.
    Liu, A., Ning, P.: TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: International Conference on Information Processing in Sensor Networks - IPSN 2008, pp. 245–256. IEEE (2008). discovery.csc.ncsu.edu/pubs/ipsn08-TinyECC-IEEE.pdf. 34
  23. 23.
    C.U. Ltd.: MIRACL cryptographic SDK (2011). http://www.certivox.com/miracl/ (Accessed 06 September 2014). 34
  24. 24.
    Montgomery, P.L.: Speeding the pollard and Elliptic Curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). 32, 35 CrossRefzbMATHGoogle Scholar
  25. 25.
    Pendl, C., Pelnar, M., Hutter, M.: Elliptic curve cryptography on the WISP UHF RFID tag. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 32–47. Springer, Heidelberg (2012). 33 Google Scholar
  26. 26.
    Sasdrich, P., Güneysu, T.: Efficient elliptic-curve cryptography using curve25519 on reconfigurable devices. In: Goehringer, D., Santambrogio, M.D., Cardoso, J.M.P., Bertels, K. (eds.) ARC 2014. LNCS, vol. 8405, pp. 25–36. Springer, Heidelberg (2014). https://www.hgi.rub.de/media/sh/ veroeffentlichungen/2014/03/25/paper_arc14_curve25519.pdf. 33 Google Scholar
  27. 27.
    Scott, M., Szczechowiak, P.: Optimizing multiprecision multiplication for public key cryptography. Cryptology ePrint Archive, Report 2007/299 (2007). http://eprint.iacr.org/2007/299/. 33
  28. 28.
    I. Systems: IAR C/C++ Compiler reference guide for texas instruments’ msp430 microcontroller family (2011). 32, 34 Google Scholar
  29. 29.
    Szczechowiak, P., Kargl, A., Scott, M., Collier, M.: On the application of pairing based cryptography to wireless sensor networks. In: Basin, D.A., Capkun, S., Lee, W. (eds.) Proceedings of the Second ACM Conference on Wireless Network Security - WiSec 2009, pp. 1–12. ACM (2009). 33 Google Scholar
  30. 30.
    Szczechowiak, P., Oliveira, L.B., Scott, M., Collier, M., Dahab, R.: NanoECC: testing the limits of elliptic curve cryptography in sensor networks. In: Verdone, R. (ed.) EWSN 2008. LNCS, vol. 4913, pp. 305–320. Springer, Heidelberg (2008). http://www.ic.unicamp.br/ leob/publications/ewsn/NanoECC.pdf. 34 CrossRefGoogle Scholar
  31. 31.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010). http://www.tau.ac.il/tromer/papers/ cache-joc-20090619.pdf. 32 CrossRefzbMATHMathSciNetGoogle Scholar
  32. 32.
    Wenger, E., Unterluggauer, T., Werner, M.: 8/16/32 shades of elliptic curve cryptography on embedded processors. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 244–261. Springer, Heidelberg (2013). 33, 43 CrossRefGoogle Scholar
  33. 33.
    Wenger, E., Werner, M.: Evaluating 16-bit processors for elliptic curve cryptography. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 166–181. Springer, Heidelberg (2011). 33, 43 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Gesine Hinterwälder
    • 1
    • 2
    Email author
  • Amir Moradi
    • 1
  • Michael Hutter
    • 3
  • Peter Schwabe
    • 4
  • Christof Paar
    • 1
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany
  2. 2.Department of Electrical and Computer EngineeringUniversity of Massachusetts AmherstAmherstUSA
  3. 3.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  4. 4.Digital Security GroupRadboud University NijmegenNijmegenThe Netherlands

Personalised recommendations