Abstract
This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 108000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software side-channel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.
Chapter PDF
Similar content being viewed by others
References
— (no editor), Technical guideline TR-03111, elliptic curve cryptography (2009), Citations in this document:
Antipa, A., Brown, D.R.L., Gallant, R.P., Lambert, R., Struik, R., Vanstone, S.A.: Accelerated verification of ECDSA signatures. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 307–318. Springer, Heidelberg (2006), Citations in this document:
Barwood, G.: Digital signatures using elliptic curves, message 32f519ad.19609226@news.dial.pipex.com posted to sci.crypt (1997), http://groups.google.com/group/sci.crypt/msg/b28aba37180dd6c6 , Citations in this document:
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) Eurocrypt ’98. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998), Citations in this document:
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: CCS 2006, pp. 390–399 (2006), Citations in this document:
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006), Citations in this document:
Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) Africacrypt 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008), Citations in this document:
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2011), http://bench.cr.yp.to/ebats.html (accessed July 4, 2011), Citations in this document:
Bos, J.W.: High-performance modular multiplication on the Cell processor. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 7–24. Springer, Heidelberg (2010), Citations in this document:
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation (extended abstract). In: Rueppel, R.A. (ed.) Eurocrypt ’92. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993), Citations in this document:
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields (2000); see also newer version [13], http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps , Citations in this document:
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001); see also older version [12]. MR 1907102
Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) Asiacrypt 2009. LNCS, vol. 5912, pp. 667–684. Springer, Heidelberg (2009), Citations in this document:
“Bushing”, “marcan” Cantero, H.M., Boessenkool, S., Peter, S.: PS3 epic fail (2010), http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_console_hacking_2010.pdf , Citations in this document:
Carlsson, S.: Average-case results on heapsort. BIT 27, 2–17 (1987), Citations in this document:
Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the Cell Broadband Engine. In: Preneel, B. (ed.) Africacrypt 2009. LNCS, vol. 5580, pp. 368–385. Springer, Heidelberg (2009), Citations in this document:
de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) Eurocrypt ’94. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995), Citations in this document:
Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) Crypto 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007), Citations in this document:
Duif, N.: Smart card implementation of a digital signature scheme for Twisted Edwards curves, M.A. thesis, Technische Universiteit Eindhoven (2011), Citations in this document:
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985), Citations in this document:
Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) Eurocrypt 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009), Citations in this document:
Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: SPEED 2007, pp. 49–64 (2007), Citations in this document:
Gligoroski, D., Odegøard, R.S., Jensen, R.E., Perret, L., Faugère, J.-C., Knapskog, S.J., Markovski, S.: The digital signature scheme MQQ-SIG (2010), Citations in this document:
Goh, E.-J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. Journal of Cryptology 20, 493–514 (2007), See [31]
Granger, R.: On the static Diffie-Hellman problem on elliptic curves over extension fields. In: Abe, M. (ed.) Asiacrypt 2010. LNCS, vol. 6477, pp. 283–302. Springer, Heidelberg (2010), Citations in this document:
Hisil, H.: Elliptic curves, group law, and efficient computation, Ph.D. thesis, Queensland University of Technology (2010), Citations in this document:
Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards curves revisited. In: Pieprzyk, J. (ed.) Asiacrypt 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008), Citations in this document:
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie-Hellman problem on E(F\(_{q^5}\)) (2010), Citations in this document:
Käsper, E.: Fast elliptic curve cryptography in OpenSSL. In: RLCPS 2011 (to appear, 2011), Citations in this document:
Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: CCS 2003, pp. 155–164 (2003); portions incorporated into [25], Citations in this document:
Knuth, D.E.: The art of computer programming, volume 3: sorting and searching, 2nd edn. Addison-Wesley, Reading (1998), Citations in this document:
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994), Citations in this document:
Longa, P., Gebotys, C.: Efficient techniques for high-speed elliptic curve cryptography. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 80–94. Springer, Heidelberg (2010), Citations in this document:
M’Raïhi, D., Naccache, D., Pointcheval, D., Vaudenay, S.: Computational alternatives to random number generators. In: Tavares, S., Meijer, H. (eds.) SAC ’98. LNCS, vol. 1556, pp. 72–80. Springer, Heidelberg (1999), Citations in this document:
Naccache, D., M’Raïhi, D., Levy-dit-Vehel, F.: Patent application WO/1998/051038: pseudo-random generator based on a hash coding function for cryptographic systems requiring random drawing (1997), Citations in this document:
Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved? Complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) Eurocrypt ’94. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995), Citations in this document:
Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) Latincrypt 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010), Citations in this document:
Neven, G., Smart, N.P., Warinschi, B.: Hash function requirements for Schnorr signatures. Journal of Mathematical Cryptology 3, 69–87 (2009), Citations in this document:
Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Designs, Codes and Cryptography 30, 201–217 (2003), Citations in this document:
Pippenger, N.: On the evaluation of powers and related problems (preliminary version). In: FOCS ’76, pp. 258–263 (1976), Citations in this document:
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13, 361–396 (2000), Citations in this document:
Rangasamy, J., Stebila, D., Boyd, C., González Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: ASIACCS 2011 (2011), Citations in this document:
Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) Crypto ’89. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990), Citations in this document:
Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.P.: Flaws in applying proof methodologies to signature schemes. In: Yung, M. (ed.) Crypto 2002. LNCS, vol. 2442, pp. 93–110. Springer, Heidelberg (2002), Citations in this document:
Wegener, I.: Bottom-up-heapsort, a new variant of heapsort, beating, on average, quicksort (if n is not very small). Theoretical Computer Science 118, 81–98 (1993), Citations in this document:
Wigley, J.: Removing need for rng in signatures, message 5gov5d$pad@wapping.ecs.soton.ac.uk posted to sci.crypt (1997), http://groups.google.com/group/sci.crypt/msg/a6da45bcc8939a89 , Citations in this document:
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 International Association for Cryptologic Research
About this paper
Cite this paper
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, BY. (2011). High-Speed High-Security Signatures. In: Preneel, B., Takagi, T. (eds) Cryptographic Hardware and Embedded Systems – CHES 2011. CHES 2011. Lecture Notes in Computer Science, vol 6917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23951-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-23951-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23950-2
Online ISBN: 978-3-642-23951-9
eBook Packages: Computer ScienceComputer Science (R0)