Reference : Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49970
Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things
English
Groszschädl, Johann mailto [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
Franck, Christian mailto [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
Liu, Zhe [Nanjing University of Aeronautics and Astronautics > College of Computer Science and Technology]
Dec-2021
Information Security Practice and Experience, 16th International Conference, ISPEC 2021, Nanjing, China, December 17–19, 2021, Proceedings
Deng, Robert
Bao, Feng
Wang, Guilin
Shen, Jian
Ryan, Mark
Meng, Weizhi
Wang, Ding
Springer Verlag
Lecture Notes in Computer Science, volume 13107
263-282
Yes
International
978-3-030-93205-3
16th International Conference on Information Security Practice and Experience (ISPEC 2021)
17-12-2021 to 19-12-2021
Nanjing
China
[en] Lightweight Cryptography ; EdDSA Signature Scheme ; Double-Scalar Multiplication ; MSP430 Architecture ; Software Optimization
[en] EdDSA is a digital signature scheme based on elliptic curves in Edwards form that is supported in the latest incarnation of the TLS protocol (i.e. TLS version 1.3). The straightforward way of verifying an EdDSA signature involves a costly double-scalar multiplication of the form kP - lQ where P is a "fixed" point (namely the generator of the underlying elliptic-curve group) and Q is only known at run time. This computation makes a verification not only much slower than a signature generation, but also more memory demanding. In the present paper we compare two implementations of EdDSA verification using Ed25519 as case study; the first is speed-optimized, while the other aims to achieve low RAM footprint. The speed-optimized variant performs the double-scalar multiplication in a simultaneous fashion and uses a Joint-Sparse Form (JSF) representation for the two scalars. On the other hand, the memory-optimized variant splits the computation of kP - lQ into two separate parts, namely a fixed-base scalar multiplication that is carried out using a standard comb method with eight pre-computed points, and a variable-base scalar multiplication, which is executed by means of the conventional Montgomery ladder on the birationally-equivalent Montgomery curve. Our experiments with a 16-bit ultra-low-power MSP430 microcontroller show that the separated method is 24% slower than the simultaneous technique, but reduces the RAM footprint by 40%. This makes the separated method attractive for "lightweight" cryptographic libraries, in particular if both Ed25519 signature generation/verification and X25519 key exchange need to be supported.
Researchers ; Professionals
http://hdl.handle.net/10993/49970
10.1007/978-3-030-93206-0_16
http://link.springer.com/chapter/10.1007/978-3-030-93206-0_16

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
ISPEC2021.pdfPublisher postprint370.27 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.