Standardized Signature Algorithms on Ultra-constrained 4-Bit MCU

  • Chien-Ning Chen
  • Nisha Jacob
  • Sebastian Kutzner
  • San Ling
  • Axel Poschmann
  • Sirote Saetang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7631)


In this work, we implement all three digital signature schemes specified in Digital Signature Standard (FIPS 186-3), including DSA and RSA (based on modular exponentiation) as well as ECDSA (based on elliptic curve point multiplication), on an ultra-constrained 4-bit MCU of the EPSON S1C63 family. Myriads of 4-bit MCUs are widely deployed in legacy devices, and some in security applications due to their ultra low-power consumption. However, public-key cryptography, especially digital signature, on 4-bit MCU is usually neglected and even regarded as infeasible. Our highly energy-efficient implementation can give rise to a variety of security functionalities for these ultra-constrained devices.


4-bit MCU DSA ECDSA Elliptic Curve Cryptography Lightweight Cryptography RSA SHA-1 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: A Lightweight Hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010), CrossRefGoogle Scholar
  2. 2.
    Barrett, P.: Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 311–323. Springer, Heidelberg (1987)Google Scholar
  3. 3.
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: A Lightweight Hash Function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  5. 5.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Certicom Research. Standards for efficient cryptography, SEC 2: Recommended elliptic curve domain parameters (2000)Google Scholar
  7. 7.
    Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Ultra-lightweight cryptography for low-cost RFID tags: Hummingbird algorithm and protocol. Technical report, Centre for Applied Cryptographic Research, CACR (2009),
  9. 9.
    Fan, X., Hu, H., Gong, G., Smith, E.M., Engels, D.: Lightweight implementation of Hummingbird cryptographic algorithm on 4-bit microcontrollers. In: International Conference for Internet Technology and Secured Transactions, pp. 1–5 (2009)Google Scholar
  10. 10.
    Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)zbMATHCrossRefGoogle Scholar
  11. 11.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A New Family of Lightweight Block Ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON Family of Lightweight Hash Functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)Google Scholar
  13. 13.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Hachez, G., Quisquater, J.-J.: Montgomery Exponentiation with no Final Subtractions: Improved Results. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 293–301. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    ISO/IEC. 29192-2: Information technology – security techniques – lightweight cryptography – part 2: Block ciphers,
  17. 17.
    Jacob, N., Saetang, S., Chen, C.-N., Kutzner, S., Ling, S., Poschmann, A.: Feasibility and practicability of standardized cryptography on 4-bit micro controllers. To appear in SAC (2012)Google Scholar
  18. 18.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security 1(1), 36–63 (2001)Google Scholar
  19. 19.
    Joye, M., Yen, S.-M.: Optimal left-to-right binary signed-digit recoding. IEEE Trans. Computers 49(7), 740–748 (2000)CrossRefGoogle Scholar
  20. 20.
    Kaufmann, T., Poschmann, A.: Enabling standardized cryptography on ultra-constrained 4-bit microcontrollers. In: IEEE International Conference on RFID, Orlando, USA, pp. 32–39 (April 2012)Google Scholar
  21. 21.
    Knuth, D.E.: The Art of Computer Programming, vol. II: Seminumerical Algorithms, 3rd edn. Addison-Wesley (1997)Google Scholar
  22. 22.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Longa, P., Miri, A.: Fast and flexible elliptic curve point arithmetic over prime fields. IEEE Trans. Computers 57(3), 289–302 (2008)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 343–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  26. 26.
    Möller, B.: Algorithms for Multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 165–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)MathSciNetzbMATHCrossRefGoogle Scholar
  28. 28.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    National Institute of Standards and Technology. FIPS 197: Announcing the advanced encryption standard (AES) (November 2001),
  30. 30.
    National Institute of Standards and Technology. FIPS 186-3: Digital signature standard (DSS) (June 2009),
  31. 31.
    National Institute of Standards and Technology. FIPS 180-4: Secure hash standard (SHS) (March 2012),
  32. 32.
    Rabin, M.O.: Digitalized signatures and public key functions as intractable as factorization (1979),
  33. 33.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  34. 34.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  35. 35.
    Schroeppel, R., Orman, H., O’Malley, S., Spatscheck, O.: Fast Key Exchange with Elliptic Curve Systems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 43–56. Springer, Heidelberg (1995)Google Scholar
  36. 36.
    Seiko Epson Corporation. CMOS 4-bit single chip microcomputer S1C63000 core CPU manual (2011),
  37. 37.
    Seiko Epson Corporation. CMOS 4-bit single chip microcontroller S1C63003/004/008/016 technical manual (2011),
  38. 38.
    Seiko Epson Corporation. Microcontrollers 2011 (2011),
  39. 39.
    Seiko Epson Corporation. Program development process (2011),
  40. 40.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An Ultra-Lightweight Blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  41. 41.
    Vogt, M., Poschmann, A., Paar, C.: Cryptography is feasible on 4-bit microcontrollers - a proof of concept. In: IEEE International Conference on RFID, Orlando, USA, pp. 267–274 (2009)Google Scholar
  42. 42.
    Walter, C.D.: Montgomery’s Multiplication Technique: How to Make It Smaller and Faster. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 80–93. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Chien-Ning Chen
    • 1
  • Nisha Jacob
    • 2
  • Sebastian Kutzner
    • 1
  • San Ling
    • 2
  • Axel Poschmann
    • 1
    • 2
  • Sirote Saetang
    • 2
  1. 1.Physical Analysis & Cryptographic Engineering (PACE)Nanyang Technological UniversitySingapore
  2. 2.School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore

Personalised recommendations