International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 03 August 2021

Lejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, Peter Schwabe
ePrint Report ePrint Report
This paper describes an ECC implementation computing the X25519 key-exchange protocol on the ARM-Cortex M4 microcontroller. This software comes with extensive mitigations against various side-channel and fault attacks and is, to our best knowledge, the first to claim affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We also present the results of a comprehensive side-channel evaluation. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to protect the two is about 36% and 239% respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is more efficient than widely deployed ECC cryptographic libraries, which offer much fewer protections.
Expand

Additional news items may be found on the IACR news page.