Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs

  • Nils Gura
  • Arun Patel
  • Arvinderpal Wander
  • Hans Eberle
  • Sheueling Chang Shantz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3156)


Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication, we propose a new algorithm to reduce the number of memory accesses.

Implementation and analysis led to three observations: 1. Public-key cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160-bit ECC point multiplication and 0.43s for a RSA-1024 operation with exponent e=216+1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.


Elliptic Curve Cryptography RSA modular multiplication sensor networks 


  1. 1.
    Atmel Corporation,
  2. 2.
    Bailey, D.V., Paar, C.: Optimal Extension Fields for Fast Arithmetic in Public- Key Algorithms. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 472–485. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Koç, Ç.K.: High-Speed RSA Implementation. Technical report, RSA Laboratories TR201 (November 1994) Google Scholar
  4. 4.
    Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography Version 1.0 (September 2000) Google Scholar
  5. 5.
    Chang Shantz, S.: From Euclid’s GCD to Montgomery Multiplication to the Great Divide. Technical report, Sun Microsystems Laboratories TR-2001-95 (June 2001) Google Scholar
  6. 6.
  7. 7.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Crossbow Technology, Inc.,
  9. 9.
    Großschädl, J.: Instruction Set Extension for Long Integer Modulo Arithmetic on RISC-Based Smart Cards. In: 14th Symposium on Computer Architecture and High Performance Computing, October 2002, pp. 13–19. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  10. 10.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  11. 11.
    Hasegawa, T., Nakajima, J., Matsui, M.: A practical implementation of elliptic curve cryptosystems over GF (p) on a 16-bit microcomputer. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 182–194. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Hitchcock, Y., Dawson, E., Clark, A., Montague, P.: Implementing an efficient elliptic curve cryptosystem over GF(p) on a smart card. ANZIAM Journal 44(E), C354–C377 (2003)Google Scholar
  13. 13.
    Karatsuba, A., Ofman, Y.: Multiplication of Many-Digital Numbers by Automatic Computers. Doklady Akad. Nauk (145), 293–294 (1963); Translation in Physics-Doklady 7, 595–596Google Scholar
  14. 14.
    Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Theoretical Informatics and Applications 24, 531–543 (1990)zbMATHMathSciNetGoogle Scholar
  15. 15.
    National Institute of Standards and Technology. Recommended Elliptic Curves for Federal Government Use (August 1999) Google Scholar
  16. 16.
    Pietiläinen, H.: Elliptic curve cryptography on smart cards. Helsinki University of Technology, Faculty of Information Technology (October 2000) Master’s ThesisGoogle Scholar
  17. 17.
    Woodbury, A.D., Bailey, D.V., Paar, C.: Elliptic Curve Cryptography on Smart Cards without Coprocessors. In: The Fourth Smart Card Research and Advanced Applications (CARDIS2000) Conference, Bristol, UK (September 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Nils Gura
    • 1
  • Arun Patel
    • 1
  • Arvinderpal Wander
    • 1
  • Hans Eberle
    • 1
  • Sheueling Chang Shantz
    • 1
  1. 1.Sun Microsystems Laboratories 

Personalised recommendations