Abstract
ECDSA is a frequently used signature scheme that has attracted a great deal of software and hardware optimization efforts. In particular, the NIST P-256 curve is currently used for most of the TLS communication worldwide. This paper proposes some observations that lead to additional optimizations. The ECDSA verification includes two main bottlenecks: (a) modular inversion (modulo the group order); (b) two scalar-point multiplications on the underlying elliptic curve (the points are the group's generator and the signer's public key). One observation is that when one point is multiplied by more than one scalar, the multiplications can be accelerated by precomputing some intermediate values. For example, OpenSSL stores a hard-coded multiplication table for the generator of the NIST P-256 curve. Another observation leveraged here is the fact that ECDSA verification uses only public information, and therefore side channel mitigation techniques are not necessary. We show how these observations lead to a speedup of 3.4× over the NIST P-256 ECDSA verification of OpenSSL [1], using ~150 Kb of additional memory space. Some of the optimizations that are offered here, have been recently integrated into BoringSSL [2], [3] achieving a 1.15× speedup over its previous implementation.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
