X2065: Lightweight Key Exchange for the Internet of Things
Pages 43 - 52
Abstract
The Internet is rapidly transitioning from a network of personal computers, laptops and mobile phones to a network that will soon connect 32 billion smart devices (or "things"), many of which are extremely constrained in terms of computational resources and energy supply (e.g., battery-powered wireless sensor nodes). This evolution has created a demand for lightweight implementations of cryptographic primitives to meet the specific requirements and resource-constraints of the so-called Internet of Things (IoT). In the present paper we introduce Curve2065, a new elliptic curve in Montgomery form for x-coordinate-only ECDH key exchange between devices equipped with an 8/16/32-bit microcontroller. As its name indicates, Curve2065 is based on the 206-bit prime field Fp given by p = 2206 - 5, a pseudo-Mersenne prime that enables fast modular arithmetic. Concretely, Curve2065 is defined by the equation EA: (A + 2)y2 = x3 + Ax2 + x where A = -(4/91681 + 2) and offers a security level of 102 bits. The curve parameter A was chosen so that EA is birationally-equivalent to an Edwards curve with a small parameter d to enable fast key-pair generation. Even though A is not small, the Montgomery ladder on Curve2065 is exactly as efficient as on Bernstein's Curve25519. We describe an implementation of Curve2065 for ECDH key exchange based on a "lightweight" (i.e., size-optimized) Fp -arithmetic library for the TI MSP430(X) family of 16-bit microcontrollers. Our simulation results show that a variable-base scalar multiplication using the Montgomery ladder on Curve2065 takes 7.22 · 106 clock cycles on an MSP430F1611 target, while a fixed-base scalar multiplication with eight precomputed points on an isogenous twisted Edwards curve can be executed in only 2.96 · 106 cycles.
References
[1]
D. F. Aranha, P. S. Barreto, G. C. Pereira, and J. E. Ricardini. A note on high-security general-purpose elliptic curves. Cryptology ePrint Archive, Report 2013/647, 2013. Available for download at http://eprint.iacr.org.
[2]
D. J. Bernstein. Curve25519: New Diffie-Hellman speed records. In M. Yung, Y. Dodis, A. Kiayias, and T. Malkin, editors, Public Key Cryptography --- PKC 2006, volume 3958 of Lecture Notes in Computer Science, pages 207--228. Springer Verlag, 2006.
[3]
D. J. Bernstein, P. Birkner, M. Joye, T. Lange, and C. Peters. Twisted Edwards curves. In S. Vaudenay, editor, Progress in Cryptology --- AFRICACRYPT 2008, volume 5023 of Lecture Notes in Computer Science, pages 389--405. Springer Verlag, 2008.
[4]
D. J. Bernstein, C. Chuengsatiansup, and T. Lange. Curve41417: Karatsuba revisited. In L. Batina and M. Robshaw, editors, Cryptographic Hardware and Embedded Systems --- CHES 2014, volume 8731 of Lecture Notes in Computer Science, pages 316--334. Springer Verlag, 2014.
[5]
D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang. High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2):77--89, Sept. 2012.
[6]
D. J. Bernstein, S. Engels, T. Lange, R. Niederhagen, C. Paar, P. Schwabe, and R. Zimmermann. Faster discrete logarithms on FPGAs. Cryptology ePrint Archive, Report 2016/382, 2016. Available for download at http://eprint.iacr.org.
[7]
D. J. Bernstein and T. Lange. SafeCurves: Choosing safe curves for elliptic-curve cryptography. Avialable online at http://safecurves.cr.yp.to, 2013.
[8]
J. W. Bos, C. Costello, P. Longa, and M. Naehrig. Selecting elliptic curves for cryptography: An efficiency and security analysis. Journal of Cryptographic Engineering, 6(4):259--286, Nov. 2016.
[9]
F. Canale, T. Güneysu, G. Leander, J. P. Thoma, Y. Todo, and R. Ueno. SCARF - A low-latency block cipher for secure cache-randomization. In J. A. Calandrino and C. Troncoso, editors, Proceedings of the 32nd USENIX Security Symposium (USS 2023). USENIX Association, 2023.
[10]
D. dos Santos, S. Dashevskyi, J. Wetzels, and A. Amri. AMNESIA:33 - How TCP/IP stacks breed critical vulnerabilities in IoT, OT and IT devices. Research report, available for download at http://www.forescout.com/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/, 2020.
[11]
M. Düll, B. Haase, G. Hinterwälder, M. Hutter, C. Paar, A. H. Sánchez, and P. Schwabe. High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Designs, Codes and Cryptography, 77(2-3):493--514, Dec. 2015.
[12]
Ericsson. Ericsson Mobility Report November 2021. Available for download at http://www.ericsson.com/en/reports-and-papers/mobility-report/reports, 2021.
[13]
S. D. Galbraith. CRYPTREC review of EdDSA. External Evaluation Report EX 3003-2020, Cryptography Research and Evaluation Committees (CRYPTREC), 2020. Available for download at http://www.cryptrec.go.jp/exreport/cryptrec-ex-3003-2020.pdf.
[14]
S. Ghatpande, J. Großschädl, and Z. Liu. A family of lightweight twisted Edwards curves for the Internet of things. In O. Blazy and C. Y. Yeun, editors, Information Security Theory and Practice --- WISTP 2018, volume 11469 of Lecture Notes in Computer Science, pages 193--206. Springer Verlag, 2019.
[15]
V. D. Gligor. Light-weight cryptography - How light is light? Keynote presentation at the Information Security Summer School, Florida State University. Slide deck available online at http://www.sait.fsu.edu/conferences/2005/is3/resources/slides/gligorv-cryptolite.ppt, May 2005.
[16]
U. Gülen and S. Baktir. Elliptic curve cryptography for wireless sensor networks using the number theoretic transform. Sensors, 20(5):1507, May 2020.
[17]
B. Haase and B. Labrique. Making password authenticated key exchange suitable for resource-constrained industrial control devices. In W. Fischer and N. Homma, editors, Cryptographic Hardware and Embedded Systems --- CHES 2017, volume 10529 of Lecture Notes in Computer Science, pages 346--364. Springer Verlag, 2017.
[18]
M. Hamburg. Twisting Edwards curves with isogenies. Cryptology ePrint Archive, Report 2014/027, 2014. Available for download at http://eprint.iacr.org.
[19]
D. R. Hankerson, A. J. Menezes, and S. A. Vanstone. Guide to Elliptic Curve Cryptography. Springer Verlag, 2004.
[20]
H. Hişil, K. K.-H. Wong, G. Carter, and E. Dawson. Twisted Edwards curves revisited. In J. Pieprzyk, editor, Advances in Cryptology --- ASIACRYPT 2008, volume 5350 of Lecture Notes in Computer Science, pages 326--343. Springer Verlag, 2008.
[21]
A. Höller, N. Druml, C. Kreiner, C. Steger, and T. Felicijan. Hardware/software co-design of elliptic-curve cryptography for resource-constrained applications. In Proceedings of the 51st Annual Design Automation Conference (DAC 2014), pages 207:1--207:6. ACM, 2014.
[22]
International Organization for Standardization (ISO). ISO/IEC 29192:2012 Information technology --- Security techniques --- Lightweight cryptography. Available for download at http://www.iso.org/standard/56425.html, 2012.
[23]
L. E. Kane, J. J. Chen, R. Thomas, V. Liu, and M. McKague. Security and performance in IoT: A balancing act. IEEE Access, 8:121969--121986, 2020.
[24]
M. Kol and S. Oberman. Ripple20: CVE-2020-11896 RCE, CVE-2020-11898 Info Leak. Technical white paper, available for download at http://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf, June 2020.
[25]
A. Langley, M. Hamburg, and S. Turner. Elliptic curves for security. Internet Engineering Task Force, Internet Research Task Force, RFC 7748, Jan. 2016.
[26]
Z. Liu, J. Großschädl, L. Li, and Q. Xu. Energy-efficient elliptic curve cryptography for MSP430-based wireless sensor nodes. In J. K. Liu and R. Steinfeld, editors, Information Security and Privacy --- ACISP 2016, volume 9722 of Lecture Notes in Computer Science, pages 94--112. Springer Verlag, 2016.
[27]
Z. Liu, H. Seo, J. Großschädl, and H. Kim. Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes. IEEE Transactions on Information Forensics and Security, 11(7):1385--1397, July 2016.
[28]
Z. Liu, H. Seo, Z. Hu, X. Huang, and J. Großschädl. Efficient implementation of ECDH key exchange for MSP430-based wireless sensor networks. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015), pages 145--153. ACM Press, 2015.
[29]
Z. Liu, E. Wenger, and J. Großschädl. MoTE-ECC: Energy-scalable elliptic curve cryptography for wireless sensor networks. In I. Boureanu, P. Owezarski, and S. Vaudenay, editors, Applied Cryptography and Network Security --- ACNS 2014, volume 8479 of Lecture Notes in Computer Science, pages 361--379. Springer Verlag, 2014.
[30]
L. Marín, M. P. Pawlowski, and A. J. Jara. Optimized ECC implementation for secure communication between heterogeneous IoT devices. Sensors, 15(9):21478--21499, Sept. 2015.
[31]
Memsic, Inc. TelosB Mote Platform. Data sheet, available for download at http://www.memsic.com/userfiles/files/Datasheets/WSN/6020-0094-02_B_TELOSB.pdf, Mar. 2007.
[32]
P. L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation, 48(177):243--264, Jan. 1987.
[33]
National Institute of Standards and Technology(NIST). Digital Signature Standard (DSS). FIPS Publication 186-4, available for download at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf, July 2013.
[34]
National Institute of Standards and Technology (NIST). Report on Post-Quantum Cryptography. Internal Report 8105, available for download at http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf, Apr. 2016.
[35]
National Institute of Standards and Technology (NIST). Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process. Available for download at http://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/final-lwc-submission-requirements-august2018.pdf, 2018.
[36]
K. Nohl, D. Evans, Starbug, and H. Plötz. Reverse-engineering a cryptographic RFID tag. In P. C. van Oorschot, editor, Proceedings of the 17th USENIX Security Symposium(SEC 2008), pages 185--194. USENIX Association, 2008.
[37]
Palo Alto Networks. 2020 Unit 42 IoT Threat Report. Available for download at http://unit42.paloaltonetworks.com/iot-threat-report-2020/, Mar. 2020.
[38]
C. S. Raghavendra, K. M. Sivalingam, and T. F. Znati. Wireless Sensor Networks. Kluwer Academic Publishers, 2004.
[39]
V. Rozic, O. Reparaz, and I. Verbauwhede. A 5.1μJ per point-multiplication elliptic curve cryptographic processor. International Journal of Circuit Theory and Applications, 45(2):170--187, Feb. 2017.
[40]
B. Schneier. The Internet of things is wildly insecure - and often unpatchable. Wired Magazine, available online at http://www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/, Jan. 2014.
[41]
Secure Communications Alliance (SCA). IoT Secure Element Protection Profile (IoT-SE-PP). Available for download at http://www.commoncriteriaportal.org/files/ppfiles/pp0109b_pdf.pdf, 2019.
[42]
B. Seri, G. Vishnepolsky, and D. Zusman. URGENT/11: Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS. Technical White Paper, available for download at http://info.armis.com/rs/645-PDC-047/images/Urgent11%20Technical%20White%20Paper.pdf, 2019.
[43]
J. R. Smith, editor. Wirelessly Powered Sensor Networks and Computational RFID. Springer Verlag, 2013.
[44]
M. Sönmez Turan, K. A. McKay, D. Chang, L. E. Bassham, J. Kang, N. D. Waller, J. M. Kelsey, and D. Hong. Status report on the final round of the NIST lightweight cryptography standardization process. Internal Report IR 8454, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, 2023. Available for download at http://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8454.pdf.
[45]
C. Tezcan. Key lengths revisited: GPU-based brute force cryptanalysis of DES, 3DES, and PRESENT. Journal of Systems Architure, 124:102402, Mar. 2022.
[46]
J. Valente, M. Wynn, and A. A. Cárdenas. Stealing, spying, and abusing: Consequences of attacks on internet of things devices. IEEE Security & Privacy, 17(5):10--21, Sept. 2019.
[47]
I. Yavuz and S. B. Örs Yalçin. End-to-end secure IoT node provisioning. Journal of Communications, 16(8):341--346, Aug. 2021.
[48]
L. Yeh, P. Chen, C. Pai, and T. Liu. An energy-efficient dual-field elliptic curve cryptography processor for Internet of things applications. IEEE Transactions on Circuits and Systems II: Express Briefs, 67-II(9):1614--1618, Sept. 2020.
Index Terms
- X2065: Lightweight Key Exchange for the Internet of Things
Recommendations
Elliptic Curve Cryptography on Constrained Microcontrollers Using Frequency Domain Arithmetic
Proceedings of the 14th International Conference on Computational Science and Its Applications ICCSA 2014 - Volume 8584We implemented elliptic curve cryptography in the frequency domain on the MSP430 constrained microcontroller. Our implementation of 169-bit elliptic curve cryptography (ECC) on MSP430, one of the most popular microcontrollers for wireless sensor network ...
Families of Fast Elliptic Curves from ℚ-curves
Part I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 8269We construct new families of elliptic curves over $\mathbb{F}_{p^2}$ with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant---Lambert---Vanstone GLV and Galbraith---Lin---Scott GLS ...
The $$\mathbb {Q}$$Q-curve Construction for Endomorphism-Accelerated Elliptic Curves
We give a detailed account of the use of $$\mathbb {Q}$$Q-curve reductions to construct elliptic curves over $$\mathbb {F}_{p^2}$$Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
116 pages
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: ACM Asia Conference on Computer and Communications Security
July 2, 2024
Singapore, Singapore
Acceptance Rates
CPSS '24 Paper Acceptance Rate 10 of 22 submissions, 45%;
Overall Acceptance Rate 43 of 135 submissions, 32%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 159Total Downloads
- Downloads (Last 12 months)159
- Downloads (Last 6 weeks)36
Reflects downloads up to 25 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in