More Like this

1. Time-Efficient Finite Field Microarchitecture Design for Curve448 and Ed448 on Cortex-M4

   Anastasova, Mila; Azarderakhsh, Reza; Mozaffari Kermani, Mehran; Beshaj, Lubjana (January 2022, Information Security and Cryptology – ICISC 2022)

   The elliptic curve family of schemes has the lowest computational latency, memory use, energy consumption, and bandwidth requirements, making it the most preferred public key method for adoption into network protocols. Being suitable for embedded devices and applicable for key exchange and authentication, ECC is assuming a prominent position in the field of IoT cryptography. The attractive properties of the relatively new curve Curve448 contribute to its inclusion in the TLS1.3 protocol and pique the interest of academics and engineers aiming at studying and optimizing the schemes. When addressing low-end IoT devices, however, the literature indicates little work on these curves. In this paper, we present an efficient design for both protocols based on Montgomery curve Curve448 and its birationally equivalent Edwards curve Ed448 used for key agreement and digital signature algorithm, specifically the X448 function and the Ed448 DSA, relying on efficient low-level arithmetic operations targeting the ARM-based Cortex-M4 platform. Our design performs point multiplication, the base of the Elliptic Curve Diffie-Hellman (ECDH), in 3,2KCCs, resulting in more than 48% improvement compared to the best previous work based on Curve448, and performs sign and verify, the main operations of the Edwards-curves Digital Signature Algorithm (EdDSA), in 6,038KCCs and 7,404KCCs, showing a speedup of around 11% compared to the counterparts. We present novel modular multiplication and squaring architectures reaching ∼25% and ∼35% faster runtime than the previous best-reported results, respectively, based on Curve448 key exchange counterparts, and ∼13% and ∼25% better latency results than the Ed448-based digital signature counterparts targeting Cortex-M4 platform. 

   more » « less
2. Efficient and Side-Channel Resistant Design of High-Security Ed448 on ARM Cortex-M4

   Anastasova, Mila; Bisheh-Niasar, Mojtaba; Seo, Hwajeong; Mozaffari Kermani, Mehran (July 2023, HOST: Hardware Oriented Security and Trust)

   The demand for classical cryptography schemes continues to increase due to the exhaustive studies on their security. Thus, constant improvement of timing, power consumption, and memory requirements are needed for the most widely used classical Elliptic Curve Cryptography (ECC) primitives, suiting high- as well as low-end devices. In this work, we present the first implementation of the Edwards Curve Digital Signature Algorithm (EdDSA) based on the Ed448 targeting the ARM Cortex-M4-based STM32F407VG microcontroller, which forms a large part of the Internet of Things (IoT) world. We report timing and memory consumption results based on portable C and targetspecific hand-crafted assembly code implementations of the lowlevel finite filed arithmetics. We optimize the high-level group operations by implementing the efficient scalar multiplication over the Ed448 isogenous map to reduce the computation complexity. Furthermore, we provide a side-channel analysis (SCA) and fault attack protected design by developing point randomization, scalar blinding techniques, and repeated signature, and evaluate the performance. Our optimized architecture performs a signature and verification in 39.88ms and 51.54ms, respectively, where SCA protection can be achieved at less than 6.4% cost of performance overhead. 

   more » « less
3. Highly optimized Curve448 and Ed448 design in wolfSSL and side-channel evaluation on Cortex-M4

   https://doi.org/10.1109/DSC61021.2023.10354154  

   Anastasova, Mila; El Khatib, Rabih; Laclaustra, Aimee; Azarderakhsh, Reza; Mozaffari Kermani, Mehran (November 2023, IEEE Conference on Dependable and Secure Computing (DSC))

   The compact key sizes and the low computational latency of the Elliptic Curve Cryptography (ECC) family of curves sparked high interest in their integration into network protocols. The recently suggested Curve448, assuring 224-bit security, is an ideal curve choice for integrating into cryptographic libraries according to a late study on backdoors on other ECC instances compromising their security, which results in the integration of Curve448 into the TLS1.3 protocol. Curve448 and its birationally equivalent untwisted Edwards curve Ed448, used for key exchange and authentication, respectively, present a perfect fit for low-end embedded cryptographic libraries due to their minimal memory requirements. In this work, we deploy optimized Montgomery Ladder point multiplication into the widely employed IoT-focused cryptographic library wolfSSL and present side-channel robust and efficient ECDH and EdDSA based on Curve448 and Ed448. We evaluate the performance of the newly integrated architectures against the NIST recommended CortexM4 STM32F407-DK ARM-based platform. We perform thorough side-channel evaluation of the proposed Montgomery Ladder implementation via powerful TVLA analysis revealing DPA data leakage. We integrate countermeasures to protect our design, evaluate their effectiveness and analyze the latency overhead. We achieve SCA robust Curve448 and Ed448 at the cost of around 1.2MCC(1.36× the execution time). Finally, we report the performance of our fully SCA protected Curve448 and Ed448 as part of TLS1.3 wolfSSL, reporting 1.04× performance compared to the original wolfSSL code. 

   more » « less
4. Efficient and side-channel resistant Ed25519 on ARM Cortex-M4

   https://doi.org/10.1109/TCSI.2024.3384414  

   Owens, Daniel; El Khatib, Rabih; Bisheh-Niasar, Mojtaba; Azarderakhsh, Reza; Mozaffari Kermani, Mehran (November 2023, DAC-SSH-SoC: Safety and Security in Heterogeneous Open System-on-Chip Platforms)

   As the cryptographic community turns its focus toward post-quantum cryptography, the demand for classical cryptographic schemes such as Elliptic Curve Cryptography (ECC) remains high. In this work, we present an optimized implementation of the Edwards Curve Digital Signature Algorithm (EdDSA) operations Keygen, Sign, and Verify using the Ed25519 parameter on the ARM Cortex-M4 using optimized assembly code. We discuss the optimization of field and group arithmetic to produce high-throughput cryptographic primitives. Then, we present the first SCA-resistant implementation of the Signed Comb method, and Test Vector Leakage Assessment (TVLA) measurements. Our fastest implementation performs Ed25519 Keygen in 200,000 cycles, Sign in 240,000 cycles, and Verify in 720,000 cycles on the ARM Cortex-M4. 

   more » « less
5. Efficient and Side-Channel Resistant Ed25519 on ARM Cortex-M4

   Owens, D; ElKhatib, R; Bisheh-Niasar, M; Azarderakhsh, R; Mozaffari-Kermani, M (April 2024, IEEE transactions on circuits and systems I Regular papers)

   An estimated 14.7 billion Internet of Things (IoT) devices will be connected to the Internet by 2023. The ubiquity of these devices creates exciting new opportunities, while at the same time introducing new concerns about privacy and security. To address these concerns, efficient cryptographic algorithms are needed to secure communication between IoT devices. In this work, we present an optimized implementation of one such algorithm, the Edwards Curve Digital Signature Algorithm (EdDSA) with operations Keygen, Sign, and Verify using the Ed25519 parameter on the ARM Cortex-M4 implemented in assembly code. The ARM Cortex-M4 is used in millions of devices world-wide, and is a popular choice for a wide range of IoT applications. We discuss the optimization of field and group arithmetic on this platform to produce high-throughput cryptographic primitives. Then, we present the first SCA-resistant implementation of the Signed Comb method, and Test Vector Leakage Assessment (TVLA) measurements. Our fastest implementation performs Ed25519 Keygen in 200,000 cycles, Sign in 240,000 cycles, and Verify in 720,000 cycles on the ARM Cortex-M4. 

   more » « less