A Cryptographic Processor for Low-Resource Devices: Canning ECDSA and AES Like Sardines

  • Michael Hutter
  • Martin Feldhofer
  • Johannes Wolkerstorfer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6633)


The Elliptic Curve Digital Signature Algorithm (ECDSA) and the Advanced Encryption Standard (AES) are two of the most popular cryptographic algorithms used worldwide. In this paper, we present a hardware implementation of a low-resource cryptographic processor that provides both digital signature generation using ECDSA and encryption/decryption services using AES. The implementation of ECDSA is based on the recommended \(\mathbb{F}_{p192}\) NIST elliptic curve and AES uses 128-bit keys. In order to meet the low-area requirements, we based our design on a sophisticated hardware architecture where a 16-bit datapath gets heavily reused by all algorithms and the memory is implemented as a dedicated RAM macro. The proposed processor has a total chip area of 21 502 GEs where AES needs only 2 387 GEs and SHA-1 requires 889 GEs.


Cryptographic Processor ECDSA ECC AES SHA-1 ASIC Implementation Low-Resource Constraints 


  1. 1.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 6–17. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Ebeid, N., Lambert, R.: Securing the Elliptic Curve Montgomery Ladder Against Fault Attacks. In: Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2009, Lausanne, Switzerland, pp. 46–50 (September 2009)Google Scholar
  4. 4.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004),, doi:10.1007/b99451CrossRefGoogle Scholar
  5. 5.
    Fürbass, F., Wolkerstorfer, J.: ECC Processor with Low Die Size for RFID Applications. In: Proceedings of 2007 IEEE International Symposium on Circuits and Systems. IEEE, Los Alamitos (2007)Google Scholar
  6. 6.
    Hachez, G., Quisquater, J.-J.: Montgomery Exponentiation with no Final Subtractions: Improved Results. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 91–100. Springer, Heidelberg (2000), Google Scholar
  7. 7.
    Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: Proceedings of the 9th EUROMICRO Conference on Digital System Design: Architectures, Methods and Tools (DSD 2006), Dubrovnik, Croatia, August 30-September 1, pp. 577–583. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  8. 8.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography, p. 332. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  9. 9.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC Is Ready for RFID – A Proof in Silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Hutter, M., Feldhofer, M., Plos, T.: An ECDSA Processor for RFID Authentication. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 189–202. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Izu, T., Möller, B., Takagi, T.: Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 296–313. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003), CrossRefGoogle Scholar
  13. 13.
    Kaliski, B.: The Montgomery Inverse and its Applications. IEEE Transactions on Computers 44(8), 1064–1065 (1995)zbMATHCrossRefGoogle Scholar
  14. 14.
    Kaps, J.-P.: Cryptography for Ultra-Low Power Devices. PhD thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA (May 2006)Google Scholar
  15. 15.
    Kim, M., Ryou, J., Choi, Y., Jun, S.: Low Power AES Hardware Architecture for Radio Frequency Identification. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 353–363. Springer, Heidelberg (2006),, doi:10.1007/11908739CrossRefGoogle Scholar
  16. 16.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Kumar, S.S., Paar, C.: Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? In: Workshop on RFID Security 2006 (RFID Sec 2006), Graz, Austria, July 12-14 (2006)Google Scholar
  18. 18.
    Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-Curve-Based Security Processor for RFID. IEEE Transactions on Computers 57(11), 1514–1527 (2008), doi:10.1109/TC.2008.148MathSciNetCrossRefGoogle Scholar
  19. 19.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007) ISBN 978-0-387-30857-9zbMATHGoogle Scholar
  20. 20.
    Meloni, N.: Fast and Secure Elliptic Curve Scalar Multiplication Over Prime Fields Using Special Addition Chains. Cryptology ePrint Archive, Report 2006/216 (2006)Google Scholar
  21. 21.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001),
  22. 22.
    National Institute of Standards and Technology (NIST). FIPS-180-3: Secure Hash Standard (October 2008),
  23. 23.
    National Institute of Standards and Technology (NIST). FIPS-186-3: Digital Signature Standard, DSS (2009),
  24. 24.
    Satoh, A., Takano, K.: A Scalable Dual-Field Elliptic Curve Cryptographic Processor. IEEE Transactions on Computers 52(4), 449–460 (2003), doi:10.1109/TC.2003.1190586CrossRefGoogle Scholar
  25. 25.
    Solinas, J.A.: Generalized mersenne numbers. Technical Report CORR 99-39, Centre for Applied Cryptographic Research, University of Waterloo (1999)Google Scholar
  26. 26.
    Wenger, E., Feldhofer, M., Felber, N.: Low-Resource Hardware Design of an Elliptic Curve Processor for Contactless Devices. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 92–106. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  27. 27.
    Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable for Small Devices? In: Workshop on RFID and Lightweight Crypto, Graz, Austria, July 13-15, pp. 78–91 (2005)Google Scholar
  28. 28.
    Yen, S.-M., Joye, M.: Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis. IEEE Transactions on Computers 49, 967–970 (2000)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Michael Hutter
    • 1
  • Martin Feldhofer
    • 1
  • Johannes Wolkerstorfer
    • 2
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  2. 2.xFaceGrazAustria

Personalised recommendations