Abstract
Twisted Edwards curves have been at the center of attention since their introduction by Bernstein et al. in 2007. The curve ED25519, used for Edwards-curve Digital Signature Algorithm (EdDSA), provides faster digital signatures than existing schemes without sacrificing security. The CURVE25519 is a Montgomery curve that is closely related to ED25519. It provides a simple, constant time, and fast point multiplication, which is used by the key exchange protocol X25519. Software implementations of EdDSA and X25519 are used in many web-based PC and Mobile applications. In this paper, we introduce a low-power, low-area FPGA implementation of the ED25519 and CURVE25519 scalar multiplication that is particularly relevant for Internet of Things (IoT) applications. The efficiency of the arithmetic modulo the prime number 2 255 − 19 , in particular the modular reduction and modular multiplication, are key to the efficiency of both EdDSA and X25519. To reduce the complexity of the hardware implementation, we propose a high-radix interleaved modular multiplication algorithm. One benefit of this architecture is to avoid the use of large-integer multipliers relying on FPGA DSP modules.
Highlights
Based on Euler and Gauss works, Edwards introduced a normal form of elliptic curves in 2007 [1].He generalized the curve as: y2 + x2 = a2 (1 + x2 y2 ) (1)over the field K, where a ∈ K, such that: a5 6= a.As Edwards stated in his paper, every curve of the form given in (1) is birationally equivalent to an elliptic curve in Weierstrass form
We introduce a low-power, low-area FPGA implementation of the ED25519 and CURVE25519 scalar multiplication that is relevant for Internet of Things (IoT)
We propose an area-efficient, low-power hardware implementation of the CURVE25519 and ED25519 on FPGA
Summary
Based on Euler and Gauss works, Edwards introduced a normal form of elliptic curves in 2007 [1]. For a fixed field K of odd characteristic and arbitrary integers c, d ∈ K such that cd(1 − dc4 ) 6= 0, they introduced the curves: y2 + x2 = c2 (1 + dx y2 ) This definition covers “more than 1/4 of all isomorphism classes of elliptic curves over a finite field”. As shown in [3], every twisted Edwards curve ET,a,d on the Field K with char(K) 6= 2, is birationally equivalent to a Montgomery curve E M,A,B : Bv2 = u3 + Au2 + u using the map:. A number of hardware implementations have been introduced [10,11,12,13] with a focus on IoT applications All these works use FPGA DSP slices to implement modular multipliers.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
