Abstract
This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 108000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software side-channel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.
Chapter PDF
References
— (no editor), Technical guideline TR-03111, elliptic curve cryptography (2009), Citations in this document:
Antipa, A., Brown, D.R.L., Gallant, R.P., Lambert, R., Struik, R., Vanstone, S.A.: Accelerated verification of ECDSA signatures. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 307–318. Springer, Heidelberg (2006), Citations in this document:
Barwood, G.: Digital signatures using elliptic curves, message 32f519ad.19609226@news.dial.pipex.com posted to sci.crypt (1997), http://groups.google.com/group/sci.crypt/msg/b28aba37180dd6c6 , Citations in this document:
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) Eurocrypt ’98. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998), Citations in this document:
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: CCS 2006, pp. 390–399 (2006), Citations in this document:
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006), Citations in this document:
Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) Africacrypt 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008), Citations in this document:
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2011), http://bench.cr.yp.to/ebats.html (accessed July 4, 2011), Citations in this document:
Bos, J.W.: High-performance modular multiplication on the Cell processor. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 7–24. Springer, Heidelberg (2010), Citations in this document:
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation (extended abstract). In: Rueppel, R.A. (ed.) Eurocrypt ’92. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993), Citations in this document:
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields (2000); see also newer version [13], http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-56.ps , Citations in this document:
Brown, M., Hankerson, D., López, J., Menezes, A.: Software implementation of the NIST elliptic curves over prime fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001); see also older version [12]. MR 1907102
Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) Asiacrypt 2009. LNCS, vol. 5912, pp. 667–684. Springer, Heidelberg (2009), Citations in this document:
“Bushing”, “marcan” Cantero, H.M., Boessenkool, S., Peter, S.: PS3 epic fail (2010), http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_console_hacking_2010.pdf , Citations in this document:
Carlsson, S.: Average-case results on heapsort. BIT 27, 2–17 (1987), Citations in this document:
Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the Cell Broadband Engine. In: Preneel, B. (ed.) Africacrypt 2009. LNCS, vol. 5580, pp. 368–385. Springer, Heidelberg (2009), Citations in this document:
de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) Eurocrypt ’94. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995), Citations in this document:
Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) Crypto 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007), Citations in this document:
Duif, N.: Smart card implementation of a digital signature scheme for Twisted Edwards curves, M.A. thesis, Technische Universiteit Eindhoven (2011), Citations in this document:
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985), Citations in this document:
Galbraith, S.D., Lin, X., Scott, M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Joux, A. (ed.) Eurocrypt 2009. LNCS, vol. 5479, pp. 518–535. Springer, Heidelberg (2009), Citations in this document:
Gaudry, P., Thomé, E.: The mpFq library and implementing curve-based key exchanges. In: SPEED 2007, pp. 49–64 (2007), Citations in this document:
Gligoroski, D., Odegøard, R.S., Jensen, R.E., Perret, L., Faugère, J.-C., Knapskog, S.J., Markovski, S.: The digital signature scheme MQQ-SIG (2010), Citations in this document:
Goh, E.-J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. Journal of Cryptology 20, 493–514 (2007), See [31]
Granger, R.: On the static Diffie-Hellman problem on elliptic curves over extension fields. In: Abe, M. (ed.) Asiacrypt 2010. LNCS, vol. 6477, pp. 283–302. Springer, Heidelberg (2010), Citations in this document:
Hisil, H.: Elliptic curves, group law, and efficient computation, Ph.D. thesis, Queensland University of Technology (2010), Citations in this document:
Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards curves revisited. In: Pieprzyk, J. (ed.) Asiacrypt 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008), Citations in this document:
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie-Hellman problem on E(F\(_{q^5}\)) (2010), Citations in this document:
Käsper, E.: Fast elliptic curve cryptography in OpenSSL. In: RLCPS 2011 (to appear, 2011), Citations in this document:
Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: CCS 2003, pp. 155–164 (2003); portions incorporated into [25], Citations in this document:
Knuth, D.E.: The art of computer programming, volume 3: sorting and searching, 2nd edn. Addison-Wesley, Reading (1998), Citations in this document:
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994), Citations in this document:
Longa, P., Gebotys, C.: Efficient techniques for high-speed elliptic curve cryptography. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 80–94. Springer, Heidelberg (2010), Citations in this document:
M’Raïhi, D., Naccache, D., Pointcheval, D., Vaudenay, S.: Computational alternatives to random number generators. In: Tavares, S., Meijer, H. (eds.) SAC ’98. LNCS, vol. 1556, pp. 72–80. Springer, Heidelberg (1999), Citations in this document:
Naccache, D., M’Raïhi, D., Levy-dit-Vehel, F.: Patent application WO/1998/051038: pseudo-random generator based on a hash coding function for cryptographic systems requiring random drawing (1997), Citations in this document:
Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved? Complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) Eurocrypt ’94. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995), Citations in this document:
Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) Latincrypt 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010), Citations in this document:
Neven, G., Smart, N.P., Warinschi, B.: Hash function requirements for Schnorr signatures. Journal of Mathematical Cryptology 3, 69–87 (2009), Citations in this document:
Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Designs, Codes and Cryptography 30, 201–217 (2003), Citations in this document:
Pippenger, N.: On the evaluation of powers and related problems (preliminary version). In: FOCS ’76, pp. 258–263 (1976), Citations in this document:
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13, 361–396 (2000), Citations in this document:
Rangasamy, J., Stebila, D., Boyd, C., González Nieto, J.: An integrated approach to cryptographic mitigation of denial-of-service attacks. In: ASIACCS 2011 (2011), Citations in this document:
Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) Crypto ’89. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990), Citations in this document:
Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.P.: Flaws in applying proof methodologies to signature schemes. In: Yung, M. (ed.) Crypto 2002. LNCS, vol. 2442, pp. 93–110. Springer, Heidelberg (2002), Citations in this document:
Wegener, I.: Bottom-up-heapsort, a new variant of heapsort, beating, on average, quicksort (if n is not very small). Theoretical Computer Science 118, 81–98 (1993), Citations in this document:
Wigley, J.: Removing need for rng in signatures, message 5gov5d$pad@wapping.ecs.soton.ac.uk posted to sci.crypt (1997), http://groups.google.com/group/sci.crypt/msg/a6da45bcc8939a89 , Citations in this document:
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 International Association for Cryptologic Research
About this paper
Cite this paper
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, BY. (2011). High-Speed High-Security Signatures. In: Preneel, B., Takagi, T. (eds) Cryptographic Hardware and Embedded Systems – CHES 2011. CHES 2011. Lecture Notes in Computer Science, vol 6917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23951-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-23951-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23950-2
Online ISBN: 978-3-642-23951-9
eBook Packages: Computer ScienceComputer Science (R0)