research-article

Compact and Flexible FPGA Implementation of Ed25519 and X25519

Authors:
Furkan Turan

COSIC, KU Leuven, Leuven, Belgium

COSIC, KU Leuven, Leuven, Belgium

0000-0002-0045-7794
View Profile

,
Ingrid Verbauwhede

COSIC, KU Leuven, Leuven, Belgium

COSIC, KU Leuven, Leuven, Belgium
View Profile

Authors Info & Claims

ACM Transactions on Embedded Computing Systems Volume 18 Issue 3Article No.: 24pp 1–21https://doi.org/10.1145/3312742

Published:02 April 2019Publication History

ACM Transactions on Embedded Computing Systems

Abstract

This article describes a field-programmable gate array (FPGA) cryptographic architecture, which combines the elliptic curve--based Ed25519 digital signature algorithm and the X25519 key establishment scheme in a single module. Cryptographically, these are high-security elliptic curve cryptography algorithms with short key sizes and impressive execution times in software. Our goal is to provide a lightweight FPGA module that enables them on resource-constrained devices, specifically for Internet of Things (IoT) applications. In addition, we aim at extensibility with customisable countermeasures against timing and differential power analysis side-channel attacks and fault-injection attacks. For the former, we offer a choice between time-optimised versus constant-time execution, with or without Z-coordinate randomisation and base-point blinding; and for the latter, we offer enabling or disabling default-case statements in the Finite State Machine (FSM) descriptions. To obtain compactness and at the same time fast execution times, we make maximum use of the Digital Signal Processing (DSP) slices on the FPGA. We designed a single arithmetic unit that is flexible to support operations with two moduli and non-modulus arithmetic. In addition, our design benefits in-place memory management and the local storage of inputs into DSP slices’ pipeline registers and takes advantage of distributed memory. These eliminate a memory access bottleneck. The flexibility is offered by a micro-code supported instruction-set architecture. Our design targets 7-Series Xilinx FPGAs and is prototyped on a Zynq System-on-Chip (SoC). The base design combining Ed25519 and X25519 in a single module, and its implementation requires only around 11.1K Lookup Tables (LUTs), 2.6K registers, and 16 DSP slices. Also, it achieves performance of 1.6ms for a signature generation and 3.6ms for a signature verification for a 1024-bit message with an 82MHz clock. Moreover, the design can be optimised only for X25519, which gives the most compact FPGA implementation compared to previously published X25519 implementations.

References

2017. Estimated Value of the North American Smart Home Market From 2012 to 2021 (in Billion U.S. Dollars). Retrieved from https://www.statista.com/statistics/296113/north-america-smart-home-market-revenue/.Google Scholar
Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman speed records. In International Workshop on Public Key Cryptography. Springer, 207--228. Google ScholarDigital Library
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. J. Cryptographic Eng. 2, 2 (2012), 77--89.Google ScholarCross Ref
Daniel J. Bernstein, Bernard Van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, and Sjaak Smetsers. 2014. TweetNaCl: A crypto library in 100 tweets. In International Conference on Cryptology and Information Security in Latin America. Springer, 64--83.Google Scholar
Billy Bob Brumley and Nicola Tuveri. 2011. Remote timing attacks are still practical. In Computer Security—ESORICS 2011, Vijay Atluri and Claudia Diaz (Eds.). Springer, Berlin, Germany, 355--371. Google ScholarDigital Library
Jean-Sébastien Coron. 1999. Resistance against differential power analysis for elliptic curve cryptosystems. In Cryptographic Hardware and Embedded Systems. Springer, 725--725. Google ScholarDigital Library
Darrel Hankerson, Alfred J. Menezes, and Scott Vanstone. 2005. Guide to elliptic curve cryptography. Computing Reviews 46, 1 (2005), 13.Google ScholarDigital Library
Hüseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Edward Dawson. 2008. Twisted Edwards curves revisited. In Asiacrypt, Vol. 5350. Springer, 326--343. Google ScholarDigital Library
Mei-Chen Hsueh, Timothy K. Tsai, and Ravishankar K. Iyer. 1997. Fault injection techniques and tools. Comput. 30, 4 (1997), 75--82. Google ScholarDigital Library
Simon Josefsson and Ilari Liusvaara. 2017. Edwards-curve Digital Signature Algorithm (eddsa). Technical Report RFC 8032.Google Scholar
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1998. Introduction to differential power analysis and related attacks.Google Scholar
Philipp Koppermann, Fabrizio De Santis, Johann Heyszl, and Georg Sigl. 2016. X25519 hardware implementation for low-latency applications. In 2016 Euromicro Conference on Digital System Design (DSD), 2016 Euromicro Conference on. IEEE, 99--106.Google ScholarCross Ref
Philipp Koppermann, Fabrizio De Santis, Johann Heyszl, and Georg Sigl. 2017. Low-latency X25519 hardware implementation: Breaking the 100 microseconds barrier. Microprocess. Microsyst. 52 (2017), 491--497. Google ScholarDigital Library
Peter L. Montgomery. 1987. Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 177 (1987), 243--264.Google ScholarCross Ref
Joost Renes and Benjamin Smith. 2017. qDSA: Small and secure digital signatures with curve-based Diffie-Hellman key pairs. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 273--302.Google ScholarCross Ref
Yolan Romailler and Sylvain Pelissier. 2017. Practical fault attack against the Ed25519 and EdDSA signature schemes. In 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). IEEE, 17--24.Google ScholarCross Ref
Vladimir Rozic, Bohan Yang, Wim Dehaene, and Ingrid Verbauwhede. 2015. Highly efficient entropy extraction for true random number generators on FPGAs. In 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 1--6. Google ScholarDigital Library
Pascal Sasdrich and Tim Güneysu. 2014. Efficient elliptic-curve cryptography using curve25519 on reconfigurable devices. ARC 8405 (2014), 25--36.Google Scholar
Pascal Sasdrich and Tim Güneysu. 2015. Implementing curve25519 for side-channel--protected elliptic curve cryptography. ACM Trans. Reconfigurable Technol. Syst. (TRETS) 9, 1 (2015), 3. Google ScholarDigital Library
Furkan Turan, Ruan De Clercq, Pieter Maene, Oscar Reparaz, and Ingrid Verbauwhede. 2016. Hardware acceleration of a software-based VPN. In 26th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 1--9.Google ScholarCross Ref
Xilinx. 2012. Vivado Design Suite User Guide: Synthesis. Xilinx. v2012.2.Google Scholar
Xilinx. 2014. 7 Series DSP48E1 Slice. Xilinx. v1.8.Google Scholar
Xilinx. 2015. Zynq-7000 All Programmable SoC Technical Reference Manual. Xilinx v1.10.Google Scholar

Index Terms

Compact and Flexible FPGA Implementation of Ed25519 and X25519
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security
    2. Hardware security implementation

Recommendations

Implementing Curve25519 for Side-Channel--Protected Elliptic Curve Cryptography
Special Section on the 2014 International Symposium on Applied Reconfigurable Computing

For security-critical embedded applications Elliptic Curve Cryptography (ECC) has become the predominant cryptographic system for efficient key agreement and digital signatures. However, ECC still involves complex modular arithmetic that is a particular ...
Read More
Low-latency X25519 hardware implementation

In the past few years, there has been a growing interest in Curve25519 due to its elegant design aimed at both high-security and high-performance, making it one of the most promising candidates to secure IoT applications. Until now Curve25519 hardware ...
Read More
RFC 8410: Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Embedded Computing Systems Volume 18, Issue 3
Special Issue on Cryptographic Engineering for IoT: Security Foundations, Lightweight Solutions, and Attacks and Regular Papers
May 2019
214 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/3323876
Editor:
Sandeep K. Shukla
Indian Institute of Technology, India
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 2 April 2019
- Accepted: 1 January 2019
- Revised: 1 October 2018
- Received: 1 February 2018
Published in tecs Volume 18, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Curve25519
ECC
ECDH
Ed25519
EdDSA
FPGA
X25519
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 606
  Total Downloads
- Downloads (Last 12 months)65
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Compact and Flexible FPGA Implementation of Ed25519 and X25519

ACM Transactions on Embedded Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

Implementing Curve25519 for Side-Channel--Protected Elliptic Curve Cryptography

Low-latency X25519 hardware implementation

RFC 8410: Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure