Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A High-Performance Curve25519 and Curve448 Unified Elliptic Curve Cryptography Accelerator

Aniket Banerjee, Utsav Banerjee

TL;DR

The paper addresses the need for low-latency, secure elliptic-curve cryptography in latency-critical infrastructure by proposing a unified ASIC accelerator for Curve25519 and Curve448. It combines a Finite Field Arithmetic Unit with four 256-bit Karatsuba multipliers, a reorganized Montgomery Ladder, and fast modular reduction for the two primes $2^{255}-19$ and $2^{448}-2^{224}-1$, while integrating randomized projective coordinates via a Trivium PRNG for DPA protection. Key contributions include a unified controller and LUT-based instruction mapping that enable concurrent four $255$-bit field operations on Curve25519 and full reuse of the circuitry for Curve448, along with constant-time design and side-channel mitigations. The result is record-like performance and energy efficiency, achieving $10.38$ μs / $0.72$ μJ for Curve25519 and $54.01$ μs / $3.73$ μJ for Curve448 at $100$ MHz in 28 nm, making it attractive for interoperable, security-versus-efficiency deployments in power grids and other critical systems where latency is critical.

Abstract

In modern critical infrastructure such as power grids, it is crucial to ensure security of data communications between network-connected devices while following strict latency criteria. This necessitates the use of cryptographic hardware accelerators. We propose a high-performance unified elliptic curve cryptography accelerator supporting NIST standard Montgomery curves Curve25519 and Curve448 at 128-bit and 224-bit security levels respectively. Our accelerator implements extensive parallel processing of Karatsuba-style large-integer multiplications, restructures arithmetic operations in the Montgomery Ladder and exploits special mathematical properties of the underlying pseudo-Mersenne and Solinas prime fields for optimized performance. Our design ensures efficient resource sharing across both curve computations and also incorporates several standard side-channel countermeasures. Our ASIC implementation achieves record performance and energy of 10.38 $μ$s / 54.01 $μ$s and 0.72 $μ$J / 3.73 $μ$J respectively for Curve25519 / Curve448, which is significantly better than state-of-the-art.

A High-Performance Curve25519 and Curve448 Unified Elliptic Curve Cryptography Accelerator

TL;DR

The paper addresses the need for low-latency, secure elliptic-curve cryptography in latency-critical infrastructure by proposing a unified ASIC accelerator for Curve25519 and Curve448. It combines a Finite Field Arithmetic Unit with four 256-bit Karatsuba multipliers, a reorganized Montgomery Ladder, and fast modular reduction for the two primes and , while integrating randomized projective coordinates via a Trivium PRNG for DPA protection. Key contributions include a unified controller and LUT-based instruction mapping that enable concurrent four -bit field operations on Curve25519 and full reuse of the circuitry for Curve448, along with constant-time design and side-channel mitigations. The result is record-like performance and energy efficiency, achieving μs / μJ for Curve25519 and μs / μJ for Curve448 at MHz in 28 nm, making it attractive for interoperable, security-versus-efficiency deployments in power grids and other critical systems where latency is critical.

Abstract

In modern critical infrastructure such as power grids, it is crucial to ensure security of data communications between network-connected devices while following strict latency criteria. This necessitates the use of cryptographic hardware accelerators. We propose a high-performance unified elliptic curve cryptography accelerator supporting NIST standard Montgomery curves Curve25519 and Curve448 at 128-bit and 224-bit security levels respectively. Our accelerator implements extensive parallel processing of Karatsuba-style large-integer multiplications, restructures arithmetic operations in the Montgomery Ladder and exploits special mathematical properties of the underlying pseudo-Mersenne and Solinas prime fields for optimized performance. Our design ensures efficient resource sharing across both curve computations and also incorporates several standard side-channel countermeasures. Our ASIC implementation achieves record performance and energy of 10.38 s / 54.01 s and 0.72 J / 3.73 J respectively for Curve25519 / Curve448, which is significantly better than state-of-the-art.

Paper Structure

This paper contains 17 sections, 4 equations, 6 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Elliptic Curve Cryptography (ECC)
  4. Curve25519
  5. Curve448
  6. Hardware Acceleration of Curve25519 and Curve448
  7. Accelerator Architecture
  8. ECSM Computation using Montgomery Ladder
  9. Accelerator Building Blocks
  10. Unified Controller
  11. Finite Field Arithmetic Unit (FFAU)
  12. 256-bit Multiplier
  13. Unified Reduction Block
  14. Modular Inversion
  15. Side-Channel Countermeasures
  16. ...and 2 more sections

Figures (6)

  • Figure 1: Modular arithmetic operations in the Montgomery Ladder.
  • Figure 2: Top-level block diagram of the proposed unified Curve25519 and Curve448 elliptic curve cryptography accelerator.
  • Figure 3: Restructuring of arithmetic operations in the LADDER computation.
  • Figure 4: Detailed architecture of the finite field arithmetic unit (FFAU) module.
  • Figure 5: Block diagram of $2b$-bit $\times$$2b$-bit Karatsuba multiplier ($b = 128$ and $b = 64$ for Mul256 and Mul128 respectively).
  • ...and 1 more figures