Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs
Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication, we propose a new algorithm to reduce the number of memory accesses.
Implementation and analysis led to three observations: 1. Public-key cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160-bit ECC point multiplication and 0.43s for a RSA-1024 operation with exponent e=216+1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.
KeywordsElliptic Curve Cryptography RSA modular multiplication sensor networks
- 1.Atmel Corporation, http://www.atmel.com/
- 2.Bailey, D.V., Paar, C.: Optimal Extension Fields for Fast Arithmetic in Public- Key Algorithms. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 472–485. Springer, Heidelberg (1998)Google Scholar
- 3.Koç, Ç.K.: High-Speed RSA Implementation. Technical report, RSA Laboratories TR201 (November 1994) Google Scholar
- 4.Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography Version 1.0 (September 2000) Google Scholar
- 5.Chang Shantz, S.: From Euclid’s GCD to Montgomery Multiplication to the Great Divide. Technical report, Sun Microsystems Laboratories TR-2001-95 (June 2001) Google Scholar
- 6.Chipcon AS, http://www.chipcon.com/
- 8.Crossbow Technology, Inc., http://www.xbow.com/
- 12.Hitchcock, Y., Dawson, E., Clark, A., Montague, P.: Implementing an efficient elliptic curve cryptosystem over GF(p) on a smart card. ANZIAM Journal 44(E), C354–C377 (2003)Google Scholar
- 13.Karatsuba, A., Ofman, Y.: Multiplication of Many-Digital Numbers by Automatic Computers. Doklady Akad. Nauk (145), 293–294 (1963); Translation in Physics-Doklady 7, 595–596Google Scholar
- 15.National Institute of Standards and Technology. Recommended Elliptic Curves for Federal Government Use (August 1999) Google Scholar
- 16.Pietiläinen, H.: Elliptic curve cryptography on smart cards. Helsinki University of Technology, Faculty of Information Technology (October 2000) Master’s ThesisGoogle Scholar
- 17.Woodbury, A.D., Bailey, D.V., Paar, C.: Elliptic Curve Cryptography on Smart Cards without Coprocessors. In: The Fourth Smart Card Research and Advanced Applications (CARDIS2000) Conference, Bristol, UK (September 2000)Google Scholar