Implementing Curve25519 for Side-Channel-Protected Elliptic Curve Cryptography

Pascal Sasdrich, Tim Güneysu

ACM Transactions on Reconfigurable Technology and Systems (TRETS) - Special Section on the 2014 International Symposium on Applied Reconfigurable Computing, Volume 9, Issue 1, November 2015, Article No. 3, ACM New York, NY, USA


For security-critical embedded applications Elliptic Curve Cryptography (ECC) has become the predominant cryptographic system for efficient key agreement and digital signatures. However, ECC still involves complex modular arithmetic that is a particular burden for small processors. In this context, Bernstein proposed the highly efficient ECC instance Curve25519 that particularly enables efficient software implementations at a security level comparable to AES-128 with inherent resistance to simple power analysis (SPA) and timing attacks. In this work, we show that Curve25519 is likewise competitive on FPGAs even when countermeasures to thwart side-channel power analysis are included. Our basic multicore DSP-based architectures achieves a maximal performance of more than 32,000 point multiplications per second on a Xilinx Zynq 7020 FPGA. Including a mix of side-channel countermeasures to impede simple and differential power analysis, we still achieve more than 27,500 point multiplications per second with a moderate increase in logic resources.

[Bibtex] [DOI] [pdf]