Highly Optimized Curve448 and Ed448 Design in wolfSSL and Side-Channel Evaluation on Cortex-M4

Abstract: The compact key sizes and the low computational latency of the Elliptic Curve Cryptography (ECC) family of curves sparked high interest in their integration into network protocols. The recently suggested Curve448, assuring 224-bit security, is an ideal curve choice for integrating into cryptographic libraries according to a late study on backdoors on other ECC instances compromising their security, which results in the integration of Curve448 into the TLS1.3 protocol. Curve448 and its birationally equivalent untwisted Edwards curve Ed448, used for key exchange and authentication, respectively, present a perfect fit for low-end embedded cryptographic libraries due to their minimal memory requirements. In this work, we present the first adoption of highly optimized ECDH and EdDSA based on Curve448 and Ed448 into the widely employed IoT-focused cryptographic library wolfSSL. We evaluate the performance of the newly integrated architectures against the NIST recommended Cortex-M4 STM32F407-DK ARM-based platform. Additionally, we perform thorough security evaluation of the side-channel robustness of the implementation via powerful TVLA analysis revealing DPA data leakage. We integrate countermeasures to protect the design, evaluate their effectiveness and analyze the latency overhead. We achieve SCA robust Curve448 and Ed448 at the performance cost of ∼ 1,200KCC and ∼ 1.36× the execution time, however, observe faster results when benchmarking wolfSSL, based on the WiFi quipped STM32F413-DK microcontroller, due to the handcrafted assembly implementation.

Publication: M. Anastasova, R. El Khatib, A. Laclaustra, R. Azarderakhsh, M. Mozaffari Kermani, “Highly optimized Curve448 and Ed448 design in wolfSSL and side-channel evaluation on Cortex-M4,” In Proc. DSC 2023, pp. 1-8, 2023.