Side-Channel Resistant 2048-Bit RSA Implementation for Wireless Sensor Networks and Internet of Things

Abstract

We present a practical realization of Rivest-Shamir-Adleman (RSA) with a 2048-bit key on MSP430, a widely used microcontroller in wireless sensor network and Internet of things applications, and show that 2048-bit RSA is feasible on a constrained microcontroller. We exploit several methods for acceleration, e.g. Montgomery modular multiplication, subtractive Karatsuba-Ofman and Chinese remainder theorem (CRT) based modular exponentiation, and achieve RSA encryption and decryption with a 2048-bit key on MSP430 in just 0.14 s and 7.56 s, respectively. Our implementation on the low-end MSP430 microcontroller achieves 2048-bit RSA significantly faster (×2.9 and ×2.4 for encryption and decryption) with respect to the existing implementation in the literature on the comparable ATmega128 microcontroller. While our implementation is secure against the brute force attack due to its 2048-bit key, and thus 112-bit security level, it also includes the necessary side-channel countermeasures, e. g. message and key blinding, to help mitigate implementation attacks such as simple power analysis and differential power analysis.