Full-Size High-Security ECC Implementation on MSP430 Microcontrollers

摘要

In the era of the Internet of Things, smart electronic devices facilitate processes in our everyday lives. Texas Instrument's MSP430 microcontrollers target low-power applications, among which are wireless sensor, metering and medical applications. Those domains have in common that sensitive data is processed, which calls for strong security primitives to be implemented on those devices. Curve25519, which builds on a 255-bit prime field, has been proposed as an efficient, highly-secure elliptic-curve. While its high performance on powerful processors has been shown, the question remains, whether it is suitable for use in embedded devices. In this paper we present an implementation of Curve25519 for MSP430 microcontrollers. To combat timing attacks, we completely avoid conditional jumps and loads, thus making our software constant time. We give a comprehensive evaluation of different implementations of the modular multiplication and show which ones are favorable for different conditions. We further present implementation results of Curve25519, where our best implementation requires 9.1 million or 6.5 million cycles on MSP430Xs having a 16 × 16-bit or a 32 × 32-bit hardware multiplier respectively.