Energy-Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks

  • Christian Lederer
  • Roland Mader
  • Manuel Koschuch
  • Johann Großschädl
  • Alexander Szekely
  • Stefan Tillich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5746)


Wireless Sensor Networks (WSNs) are playing a vital role in an ever-growing number of applications ranging from environmental surveillance over medical monitoring to home automation. Since WSNs are often deployed in unattended or even hostile environments, they can be subject to various malicious attacks, including the manipulation and capture of nodes. The establishment of a shared secret key between two or more individual nodes is one of the most important security services needed to guarantee the proper functioning of a sensor network. Despite some recent advances in this field, the efficient implementation of cryptographic key establishment for WSNs remains a challenge due to the resource constraints of small sensor nodes such as the MICAz mote. In this paper we present a lightweight implementation of the elliptic curve Diffie-Hellman (ECDH) key exchange for ZigBee-compliant sensor nodes equipped with an ATmega128 processor running the TinyOS operating system. Our implementation uses a 192-bit prime field specified by the NIST as underlying algebraic structure and requires only 5.20 ·106 clock cycles to compute a scalar multiplication if the base point is fixed and known a priori. A scalar multiplication using a random base point takes about 12.33 ·106 cycles. Our results show that a full ECDH key exchange between two MICAz motes consumes an energy of 57.33 mJ (including radio communication), which is significantly better than most previously reported ECDH implementations on comparable platforms.


Sensor Node Wireless Sensor Network Elliptic Curve Elliptic Curve Cryptography Elliptic Curve Discrete Logarithm Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Atmel Corporation. 8-bit ARV® Instruction Set. User Guide (July 2008),
  2. 2.
    Atmel Corporation. 8-bit ARV® Microcontroller with 128K Bytes In-System Programmable Flash: ATmega128, ATmega128L. Datasheet (June 2008),
  3. 3.
    Becher, A., Benenson, Z., Dornseif, M.: Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 104–118. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Blaß, E.-O., Zitterbart, M.: Efficient implementation of elliptic curve cryptography for wireless sensor networks. Technical Report TM-2005-1, Institute of Telematics, University of Karlsruhe, Karlsruhe, Germany (March 2005),
  5. 5.
    Blundo, C., De Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., Yung, M.: Perfectly-Secure Key Distribution for Dynamic Conferences. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 471–486. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  6. 6.
    Brody, H.: 10 emerging technologies that will change the world. Technology Review 106(1), 33–49 (2003)Google Scholar
  7. 7.
    Chan, H., Perrig, A.: Security and privacy in sensor networks. Computer 36(10), 103–105 (2003)CrossRefGoogle Scholar
  8. 8.
    Chan, H., Perrig, A.: PIKE: Peer intermediaries for key establishment in sensor networks. In: Proceedings of the 24th IEEE International Conference on Computer Communications (INFOCOM 2005), vol. 1, pp. 524–535. IEEE, Los Alamitos (2005)Google Scholar
  9. 9.
    Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Proceedings of the 24th IEEE Symposium on Security and Privacy (S&P 2003), pp. 197–213. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  10. 10.
    Conti, J.P.: The Internet of things. IET Communications Engineer 4(6), 20–25 (2007)CrossRefGoogle Scholar
  11. 11.
    Crossbow Technology, Inc. MICAz Wireless Measurement System. Data sheet (January 2006),
  12. 12.
    Das, S.K., Agah, A., Basu, K.: Security in wireless mobile and sensor networks. In: Guizani, M. (ed.) Wireless Communications Systems and Networks, ch. 18, pp. 531–557. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    de Meulenaer, G., Gosset, F., Standaert, F.-X., Pereira, O.: On the energy cost of communication and cryptography in wireless sensor networks. In: Proceedings of the 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WIMOB 2008), pp. 580–585. IEEE Computer Society Press, Los Alamitos (2008)CrossRefGoogle Scholar
  14. 14.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Du, W., Deng, J., Han, Y.S., Varshney, P.K.: A pairwise key pre-distribution scheme for wireless sensor networks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 62–72. ACM Press, New York (2003)Google Scholar
  16. 16.
    Eschenauer, L., Gligor, V.D.: A key-management scheme for distributed sensor networks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 41–47. ACM Press, New York (2002)Google Scholar
  17. 17.
    Fürbass, F., Wolkerstorfer, J.: ECC processor with low die size for RFID applications. In: Proceedings of the 40th IEEE International Symposium on Circuits and Systems (ISCAS 2007), pp. 1835–1838. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  18. 18.
    Großschädl, J., Avanzi, R.M., Savaş, E., Tillich, S.: Energy-Efficient Software Implementation of Long Integer Modular Arithmetic. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 75–90. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Großschädl, J., Savaş, E.: Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Großschädl, J., Szekely, A., Tillich, S.: The energy cost of cryptographic key establishment in wireless sensor networks. In: Deng, R.H., Samarati, P. (eds.) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), pp. 380–382. ACM Press, New York (2007)Google Scholar
  21. 21.
    Gura, N., Patel, A., Wander, A.S., Eberle, H., Chang Shantz, S.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  23. 23.
    Kargl, A., Pyka, S., Seuschek, H.: Fast arithmetic on ATmega128 for elliptic curve cryptography. Cryptology ePrint Archive, Report 2008/442 (2008),
  24. 24.
    Kohl, J.T., Neuman, B.C.: The Kerberos Network Authentication Service (Version 5). Internet Engineering Task Force, Network Working Group, RFC 1510 (September 1993)Google Scholar
  25. 25.
    Liu, A., Ning, P.: TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing in Sensor Networks (IPSN 2008), pp. 245–256. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  26. 26.
    Liu, D., Ning, P.: Establishing pairwise keys in distributed sensor networks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 52–61. ACM Press, New York (2003)CrossRefGoogle Scholar
  27. 27.
    Liu, D., Ning, P.: Security for Wireless Sensor Networks. Advances in Information Security, vol. 28. Springer, Heidelberg (2006)Google Scholar
  28. 28.
    Lopez, J., Zhou, J.: Wireless Sensor Network Security. Cryptology and Information Security Series, vol. 1. IOS Press, Amsterdam (2008)Google Scholar
  29. 29.
    Malan, D.J., Welsh, M., Smith, M.D.: A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. In: Proceedings of the 1st IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks (SECON 2004), pp. 71–80. IEEE, Los Alamitos (2004)Google Scholar
  30. 30.
    National Institute of Standards and Technology (NIST). Recommended Elliptic Curves for Federal Government Use (July 1999),
  31. 31.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)CrossRefzbMATHGoogle Scholar
  32. 32.
    ON World, Inc. WSN for smart homes. Market Dynamics Report (February 2008)Google Scholar
  33. 33.
    Perrig, A., Szewczyk, R., Wen, V., Culler, D.E., Tygar, J.D.: SPINS: Security protocols for sensor networks. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBICOM 2001), pp. 189–199. ACM Press, New York (2001)Google Scholar
  34. 34.
    Piotrowski, K., Langendörfer, P., Peter, S.: How public key cryptography influences wireless sensor node lifetime. In: Zhu, S., Liu, D. (eds.) Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2006), pp. 169–176. ACM Press, New York (2006)CrossRefGoogle Scholar
  35. 35.
    Scott, M., Szczechowiak, P.: Optimizing multiprecision multiplication for public key cryptography. Cryptology ePrint Archive, Report 2007/299 (2007),
  36. 36.
    Seo, S.C., Han, D.-G., Kim, H.C., Hong, S.: TinyECCK: Efficient elliptic curve cryptography implementation over GF(2m) on 8-bit Micaz mote. IEICE Transactions on Information and Systems E91-D(5), 1338–1347 (2008)Google Scholar
  37. 37.
    Swami, A., Zhao, Q., Hong, Y.-W., Tong, L.: Wireless Sensor Networks: Signal Processing and Communications Perspectives. John Wiley and Sons Ltd., Chichester (2007)CrossRefzbMATHGoogle Scholar
  38. 38.
    Szczechowiak, P., Oliveira, L.B., Scott, M., Collier, M., Dahab, R.: NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks. In: Verdone, R. (ed.) EWSN 2008. LNCS, vol. 4913, pp. 305–320. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Ugus, O., Westhoff, D., Laue, R., Shoufan, A., Huss, S.A.: Optimized implementation of elliptic curve based additive homomorphic encryption for wireless sensor networks. In: Wolf, T., Parameswaran, S. (eds.) Proceedings of the 2nd Workshop on Embedded Systems Security (WESS 2007), pp. 11–16 (2007),
  40. 40.
    Uhsadel, L., Poschmann, A., Paar, C.: Enabling Full-Size Public-Key Algorithms on 8-Bit Sensor Nodes. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 73–86. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  41. 41.
    Wang, H., Li, Q.: Efficient Implementation of Public Key Cryptosystems on Mote Sensors. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 519–528. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  42. 42.
    Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in wireless sensor networks. Computer Communications 30(11/12), 2314–2341 (2007)CrossRefGoogle Scholar
  43. 43.
    Yan, H., Shi, Z.J.: Studying software implementations of elliptic curve cryptography. In: Proceedings of the 3rd International Conference on Information Technology: New Generations (ITNG 2006), pp. 78–83. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  44. 44.
    Zhu, S., Xu, S., Setia, S., Jajodia, S.: Establishing pairwise keys for secure communication in ad hoc networks: A probabilistic approach. In: Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP 2003), pp. 326–335. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Christian Lederer
    • 1
  • Roland Mader
    • 2
    • 3
  • Manuel Koschuch
    • 4
  • Johann Großschädl
    • 5
  • Alexander Szekely
    • 6
  • Stefan Tillich
    • 6
  1. 1.University of KlagenfurtAustria
  2. 2.ITIGraz University of TechnologyAustria
  3. 3.AVL List GmbHAustria
  4. 4.FH Campus Wien – University of Applied SciencesAustria
  5. 5.University of BristolUnited Kingdom
  6. 6.IAIKGraz University of TechnologyAustria

Personalised recommendations