This paper introduces constant-time ARM Cortex-A8 ECDH software that (1) is faster than the fastest ECDH option in the latest version of OpenSSL but (2) achieves a security level above 2^200 using a prime above 2^400. For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80. The new speeds are achieved in a quite different way from typical prime-field ECC software: they rely on a synergy between Karatsuba’s method and choices of radix smaller than the CPU word size.
Keywords: performance; Karatsuba; refined Karatsuba; reduced refined Karatsuba; radix choices; vectorization; Edwards curves; Curve41417
|Name||Lecture Notes in Computer Science|
|Conference||conference; 16th Workshop on Cryptographic Hardware and Embedded System; 2014-09-23; 2014-09-26|
|Period||23/09/14 → 26/09/14|
|Other||16th Workshop on Cryptographic Hardware and Embedded System|