Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things
GROSZSCHÄDL, Johann; FRANCK, Christian; Liu, Zhe
2021In Deng, Robert; Bao, Feng; Wang, Guilin et al. (Eds.) Information Security Practice and Experience, 16th International Conference, ISPEC 2021, Nanjing, China, December 17–19, 2021, Proceedings
Peer reviewed
 

Files


Full Text
ISPEC2021.pdf
Publisher postprint (379.16 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Lightweight Cryptography; EdDSA Signature Scheme; Double-Scalar Multiplication; MSP430 Architecture; Software Optimization
Abstract :
[en] EdDSA is a digital signature scheme based on elliptic curves in Edwards form that is supported in the latest incarnation of the TLS protocol (i.e. TLS version 1.3). The straightforward way of verifying an EdDSA signature involves a costly double-scalar multiplication of the form kP - lQ where P is a "fixed" point (namely the generator of the underlying elliptic-curve group) and Q is only known at run time. This computation makes a verification not only much slower than a signature generation, but also more memory demanding. In the present paper we compare two implementations of EdDSA verification using Ed25519 as case study; the first is speed-optimized, while the other aims to achieve low RAM footprint. The speed-optimized variant performs the double-scalar multiplication in a simultaneous fashion and uses a Joint-Sparse Form (JSF) representation for the two scalars. On the other hand, the memory-optimized variant splits the computation of kP - lQ into two separate parts, namely a fixed-base scalar multiplication that is carried out using a standard comb method with eight pre-computed points, and a variable-base scalar multiplication, which is executed by means of the conventional Montgomery ladder on the birationally-equivalent Montgomery curve. Our experiments with a 16-bit ultra-low-power MSP430 microcontroller show that the separated method is 24% slower than the simultaneous technique, but reduces the RAM footprint by 40%. This makes the separated method attractive for "lightweight" cryptographic libraries, in particular if both Ed25519 signature generation/verification and X25519 key exchange need to be supported.
Disciplines :
Computer science
Author, co-author :
GROSZSCHÄDL, Johann ;  University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
FRANCK, Christian ;  University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Liu, Zhe;  Nanjing University of Aeronautics and Astronautics > College of Computer Science and Technology
External co-authors :
yes
Language :
English
Title :
Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things
Publication date :
December 2021
Event name :
16th International Conference on Information Security Practice and Experience (ISPEC 2021)
Event place :
Nanjing, China
Event date :
17-12-2021 to 19-12-2021
Audience :
International
Main work title :
Information Security Practice and Experience, 16th International Conference, ISPEC 2021, Nanjing, China, December 17–19, 2021, Proceedings
Editor :
Deng, Robert
Bao, Feng
Wang, Guilin
Shen, Jian
Ryan, Mark
Meng, Weizhi
Wang, Ding
Publisher :
Springer Verlag
ISBN/EAN :
978-3-030-93205-3
Collection name :
Lecture Notes in Computer Science, volume 13107
Pages :
263-282
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 24 January 2022

Statistics


Number of views
116 (16 by Unilu)
Number of downloads
420 (12 by Unilu)

OpenCitations
 
0

Bibliography


Similar publications



Contact ORBilu