Amazing technological breakthrough possible @S-Logix pro@slogix.in

Office Address

  • #5, First Floor, 4th Street Dr. Subbarayan Nagar Kodambakkam, Chennai-600 024 Landmark : Samiyar Madam
  • pro@slogix.in
  • +91- 81240 01111

Social List

Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things - 2021

Lightweight EdDSA Signature Verification for the Ultra-Low-Power Internet of Things

Research Area:  Internet of Things

Abstract:

EdDSA is a digital signature scheme based on elliptic curves in Edwards form that is supported in the latest incarnation of the TLS protocol (i.e. TLS version 1.3). The straightforward way of verifying an EdDSA signature involves a costly double-scalar multiplication of the form ๐‘˜๐‘ƒโˆ’๐‘™๐‘„ where P is a โ€œfixedโ€ point (namely the generator of the underlying elliptic-curve group) and Q is only known at run time. This computation makes a verification not only much slower than a signature generation, but also more memory demanding. In the present paper we compare two implementations of EdDSA verification using Ed25519 as case study; the first is speed-optimized, while the other aims to achieve low RAM footprint. The speed-optimized variant performs the double-scalar multiplication in a simultaneous fashion and uses a Joint-Sparse Form (JSF) representation for the two scalars. On the other hand, the memory-optimized variant splits the computation of ๐‘˜๐‘ƒโˆ’๐‘™๐‘„ into two separate parts, namely a fixed-base scalar multiplication that is carried out using a standard comb method with eight pre-computed points, and a variable-base scalar multiplication, which is executed by means of the conventional Montgomery ladder on the birationally-equivalent Montgomery curve. Our experiments with a 16-bit ultra-low-power MSP430 microcontroller show that the separated method is 24% slower than the simultaneous technique, but reduces the RAM footprint by 40%. This makes the separated method attractive for โ€œlightweightโ€ cryptographic libraries, in particular if both Ed25519 signature generation/verification and X25519 key exchange need to be supported.

Keywords:  

Author(s) Name:  Johann GroรŸschรคdl, Christian FranckZhe Liu

Journal name:  

Conferrence name:  International Conference on Information Security Practice and Experience

Publisher name:  SPRINGER

DOI:  10.1007/978-3-030-93206-0_16

Volume Information: