Efficient prime-field arithmetic for elliptic curve cryptography on wireless sensor nodes

Public-Key Cryptography (PKC) is essential to ensure the authenticity and confidentiality of communication in open computer networks such as the Internet. While RSA is still the most widely used public-key cryptosystem today, it can be expected that Elliptic Curve Cryptography (ECC) will continue to gain importance and become the de-facto standard for PKC in the emerging “Internet of Things.” ECC is particularly attractive for use in resource-restricted devices (e.g. wireless sensor nodes, RFID tags) due to its high level of security per bit, which allows for shorter keys compared to RSA. The performance of elliptic curve cryptosystems is primarily determined by the efficiency of certain arithmetic operations (especially multiplication and squaring) in the underlying finite field. In the present paper, we introduce a high-speed implementation of arithmetic in Optimal Prime Fields (OPFs) for the ATmega128, an 8-bit processor used in a number of sensor nodes including the MICAz mote. An OPF is defined by a prime of the form p = u · 2^k +v, whereby u and v are small compared to 2^k; in our implementation u is a 16-bit integer and v = 1. A special property of these primes is their low Hamming weight since only a few bits near the MSB and LSB are one. We describe an optimized variant of Montgomery multiplication, based on Gura et al´s hybrid technique, that takes the low weight of such primes into account to minimize execution time. Our implementation for the ATmega128 is able to perform a multiplication in a 160-bit OPF in 3,532 clock cycles, which represents a new speed record for 160-bit modular multiplication on an 8-bit processor.