Abstract
For traditional public key cryptography and post-quantum cryptography, such as elliptic curve cryptography and supersingular isogeny key encapsulation, modular multiplication is the most performance-critical operation among basic arithmetic of these cryptographic schemes. For this reason, the execution timing of such cryptographic schemes, which may highly determine that the service availability for low-end microprocessors (e.g., 8-bit AVR, 16-bit MSP430X, and 32-bit ARM Cortex-M), mainly relies on the efficiency of modular multiplication on target embedded processors.
In this article, we present new optimal modular multiplication techniques based on the interleaved Montgomery multiplication on 16-bit MSP430X microprocessors, where the multiplication part is performed in a hardware multiplier and the reduction part is performed in a basic arithmetic logic unit (ALU) with the optimal modular multiplication routine, respectively. This two-step approach is effective for the special modulus of NIST curves, SM2 curves, and supersingular isogeny key encapsulation. We further optimized the Montgomery reduction by using techniques for “Montgomery-friendly” prime. This technique significantly reduces the number of partial products. To demonstrate the superiority of the proposed implementation of Montgomery multiplication, we applied the proposed method to the NIST P-256 curve, of which the implementation improves the previous modular multiplication operation by 23.6% on 16-bit MSP430X microprocessors and to the SM2 curve as well (first implementation on 16-bit MSP430X microcontrollers).
Moreover, secure countermeasures against timing attack and simple power analysis are also applied to the scalar multiplication of NIST P-256 and SM2 curves, which achieve the 8,582,338 clock cycles (0.53 [email protected] MHz) and 10,027,086 clock cycles (0.62 [email protected] MHz), respectively. The proposed Montgomery multiplication is a generic method that can be applied to other cryptographic schemes and microprocessors with minor modifications.
- Mehmet Adalier. 2015. Efficient and secure elliptic curve cryptography implementation of Curve P-256. In Proceedings of the Workshop on Elliptic Curve Cryptography StaGoogle Scholar
- Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, David Jao, et al. 2017. Supersingular Isogeny Key Encapsulation—Submission to the NIST’s Post-Quantum Cryptography Standardization Process. Retrieved April 19, 2020 from https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/SIKE.zip.Google Scholar
- Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, David Jao, et al. 2019. Supersingular Isogeny Key Encapsulation—Submission to the NIST’s Post-Quantum Cryptography Standardization Process, Round 2. Retrieved April 19, 2020 from https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-2/submissions/SIKE-Round2.zip.Google Scholar
- Craig Costello, Patrick Longa, and Michael Naehrig. 2016. Efficient algorithms for supersingular isogeny Diffie-Hellman. In Advances in Cryptology—CRYPTO 2016. Lecture Notes in Computer Science, Vol. 9814. Springer, 572--601.Google Scholar
Digital Library
- Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe. 2015. High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Designs, Codes and Cryptography 77, 2--3 (2015), 493--514.Google Scholar
Digital Library
- FIPS 186-2. 2000. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186-2. National Institute of Standards and Technology.Google Scholar
- Armando Faz-Hernández, Julio López, Eduardo Ochoa-Jiménez, and Francisco Rodríguez-Henríquez. 2018. A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. IEEE Transactions on Computers 67, 11 (2018), 1622--1636.Google Scholar
Digital Library
- Conrado P. L. Gouvêa, Leonardo B. Oliveira, and Julio López. 2012. Efficient software implementation of public-key cryptography on sensor networks using the MSP430X microcontroller. Journal of Cryptographic Engineering 2, 1 (2012), 19--29.Google Scholar
Cross Ref
- Shay Gueron and Vlad Krasnov. 2015. Fast prime field elliptic-curve cryptography with 256-bit primes. Journal of Cryptographic Engineering 5, 2 (2015), 141--151.Google Scholar
Cross Ref
- Gesine Hinterwälder, Amir Moradi, Michael Hutter, Peter Schwabe, and Christof Paar. 2014. Full-size high-security ECC implementation on MSP430 microcontrollers. In Proceedings of the International Conference on Cryptology and Information Security in Latin America. 31--47.Google Scholar
- Amir Jalali, Reza Azarderakhsh, Mehran Mozaffari Kermani, and David Jao. 2019. Supersingular isogeny Diffie-Hellman key exchange on 64-bit ARM. IEEE Transactions on Dependable and Secure Computing 15, 5 (2019), 902--912.Google Scholar
Cross Ref
- Brian Koziel, Amir Jalali, Reza Azarderakhsh, David Jao, and Mehran Mozaffari-Kermani. 2016. NEON-SIDH: Efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In Proceedings of the International Conference on Cryptology and Network Security. 88--103.Google Scholar
Cross Ref
- Zhe Liu, Hwajeong Seo, Aniello Castiglione, Kim-Kwang Raymond Choo, and Howon Kim. 2019. Memory-efficient implementation of elliptic curve cryptography for the Internet-of-Things. IEEE Transactions on Dependable and Secure Computing 16, 3 (2019), 521--529.Google Scholar
Cross Ref
- Zhe Liu, Hwajeong Seo, Johann Großschädl, and Howon Kim. 2016. Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes. IEEE Transactions on Information Forensics and Security 11, 7 (2016), 1385--1397.Google Scholar
Digital Library
- Daniel Peters, Dejan Raskovic, and Denise Thorsen. 2009. An energy efficient parallel embedded system for small satellite applications. ISAST Transactions on Computers and Intelligent Systems 1, 2 (2009), 8--16.Google Scholar
- Matthieu Rivain. 2011. Fast and regular algorithms for scalar multiplication over elliptic curves. IACR Cryptology ePrint Archive 338.Google Scholar
- Hwajeong Seo. 2018. Compact software implementation of public-key cryptography on MSP430X. ACM Transactions on Embedded Computing Systems 17, 3 (2018), 66.Google Scholar
Digital Library
- Hwajeong Seo. 2019. Compact implementations of curve Ed448 on low-end IoT platforms. ETRI Journal 41, 6 (2019), 863--872.Google Scholar
Cross Ref
- Hwajeong Seo. 2020. Memory efficient implementation of modular multiplication for 32-bit ARM Cortex-M4. Applied Sciences 10, 4 (2020), 1539.Google Scholar
Cross Ref
- Hwajeong Seo, Amir Jalali, and Reza Azarderakhsh. 2019a. Optimized SIKE Round 2 on 64-Bit ARM. Technical Report. IACR Cryptology ePrint Archive. 721.Google Scholar
- Hwajeong Seo, Amir Jalali, and Reza Azarderakhsh. 2019b. SIKE round 2 speed record on ARM Cortex-M4. In Proceedings of the International Conference on Cryptology and Network Security. 39--60.Google Scholar
Cross Ref
- Hwajeong Seo and Howon Kim. 2014. Multi-precision squaring on MSP and ARM processors. In Proceedings of the 2014 International Conference on Information and Communication Technology Convergence (ICTC’14). IEEE, Los Alamitos, CA, 356--361.Google Scholar
Cross Ref
- Hwajeong Seo, Yeoncheol Lee, Hyunjin Kim, Taehwan Park, and Howon Kim. 2014. Binary and prime field multiplication for public key cryptography on embedded microprocessors. Security and Communication Networks 7, 4 (2014), 774--787.Google Scholar
Digital Library
- Hwajeong Seo, Kyung-Ah Shim, and Howon Kim. 2013. Performance enhancement of TinyECC based on multiplication optimizations. Security and Communication Networks 6, 2 (2013), 151--160.Google Scholar
Cross Ref
- Sean Shen and Xiaodong Lee. 2014. SM2 Digital Signature Algorithm. Retrieved on April 30, 2020 from https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02.Google Scholar
- Colin D. Walter and Susan Thompson. 2001. Distinguishing exponent digits by observing modular subtractions. In Proceedings of the Cryptographers’ Track at the RSA Conference. 192--207.Google Scholar
- Lu Zhou, Chunhua Su, Zhi Hu, Sokjoon Lee, and Hwajeong Seo. 2019. Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device. ACM Transactions on Embedded Computing Systems 18, 3 (2019), Article 23.Google Scholar
Digital Library
Index Terms
Montgomery Multiplication for Public Key Cryptography on MSP430X
Recommendations
Compact Software Implementation of Public-Key Cryptography on MSP430X
On the low-end embedded processors, the implementations of Elliptic Curve Cryptography (ECC) are considered to be a challenging task due to the limited computation power and storage of the low-end embedded processors. Particularly, the multi-precision ...
No Silver Bullet: Optimized Montgomery Multiplication on Various 64-Bit ARM Platforms
Information Security ApplicationsAbstractIn this paper, we firstly presented optimized implementations of Montgomery multiplication on 64-bit ARM processors by taking advantages of Karatsuba algorithm and efficient multiplication instruction sets for ARM64 architectures. The ...
An efficient signed digit montgomery multiplication for RSA
In this paper we present an efficient Montgomery multiplier using the signed digit number representation suitable for modular exponentiation, which is the main operation of RSA. The multiplier consists of one level of signed digit adder plus multiplexer ...






Comments