Low-cost, low-power FPGA implementation of ED25519 and CURVE25519 point multiplication

Twisted Edwards curves have been at the center of attention since their introduction by Bernstein et al. in 2007. The curve ED25519, used for Edwards-curve Digital Signature Algorithm (EdDSA), provides faster digital signatures than existing schemes without sacrificing security. The CURVE25519 is a Montgomery curve that is closely related to ED25519. It provides a simple, constant time, and fast point multiplication, which is used by the key exchange protocol X25519. Software implementations of EdDSA and X25519 are used in many web-based PC and Mobile applications. In this paper, we introduce a low-power, low-area FPGA implementation of the ED25519 and CURVE25519 scalar multiplication that is particularly relevant for Internet of Things (IoT) applications. The efficiency of the arithmetic modulo the prime number 2 255 − 19, in particular the modular reduction and modular multiplication, are key to the efficiency of both EdDSA and X25519. To reduce the complexity of the hardware implementation, we propose a high-radix interleaved modular multiplication algorithm. One benefit of this architecture is to avoid the use of large-integer multipliers relying on FPGA DSP modules

ANALISIS PERBANDINGAN PERFORMA ALGORITMA EDDSA DAN ECDSA PADA JSON WEB TOKEN DALAM MEKANISME AUTENTIKASI RESTFUL WEB SERVICE

Autentikasi sangat penting dalam menjaga keamanan sistem dari akses yang tidak berwenang. Autentikasi berbasis token adalah salah satu konsep yang digunakan, dan salah satu implementasi yang dapat diterapkan adalah JSON Web Token (JWT). JWT dalam mekanismenya mencakup proses kriptografi dengan algoritma-algoritma terntentu, seperti algoritma tanda tangan maupun hash. Namun, algoritma-algoritma kriptografi tanda tangan yang umum digunakan dalam JWT, seperti HMAC (Hash Message-based Authentication Code), RSA (Rivest Shamir Adleman), dan ECDSA (Elliptic Curve Digital Signature Algorithm) memiliki kekurangan dalam aspek keamanan dan performa komputasi. Penelitian ini menganalisis performa algoritma tanda tangan Edwards-Curve Digital Signature Algorithm (EdDSA) sebagai algoritma alternatif JWT dengan melakukan perbandingan terhadap algoritma ECDSA. Pengujian dilakukan pada aplikasi RESTful web service E-Commerce dengan nama WAFO. Pengujian dilakukan dalam dua tahap, yaitu generasi token dan verifikasi token, serta membandingkan EdDSA dan ECDSA pada tiga tingkatan beban pengguna: 50, 150, dan 250 pengguna. Parameter atau metrik yang digunakan berupa waktu respons, throughput dan utilization (CPU dan memori). Dari hasil pengujian, EdDSA menunjukkan beberapa keunggulan pada parameter waktu respons, penggunaan CPU, dan penggunaan memori, terutama pada beban 50 pengguna pada masing-masing tahap uji. Selisih waktu respons masing-masing sebesar 6,34% dan 0,16%, perbedaan penggunaan CPU masing-masing adalah 5,67% dan 1,84%, sementara perbedaan penggunaan memori adalah 0,11% dan 0,21%. Sementara itu, pada throughput, EdDSA hanya unggul pada beban 150 pengguna pada kedua tahap, dengan selisih sebesar 0,49% dan 0,10%. Dari hasil pengujian ini, EdDSA menunjukkan performa yang kompetitif dan memiliki beberapa keunggulan dibandingkan dengan ECDSA. -------- Authentication is crucial in safeguarding systems from unauthorized access. Token-based authentication is one of the utilized concepts, with JSON Web Token (JWT) being a viable implementation. In its mechanism, JWT encompasses cryptographic processes involving specific algorithms, such as signature and hash algorithms. However, the commonly used cryptographic signature algorithms within JWTs, like HMAC (Hash Message-based Authentication Code), RSA (Rivest Shamir Adleman), and ECDSA (Elliptic Curve Digital Signature Algorithm), have limitations in terms of security and computational performance. This research analyzes the performance of the Edwards-Curve Digital Signature Algorithm (EdDSA) as an alternative JWT signature algorithm by conducting a comparison against the ECDSA algorithm. Testing was performed on the E-Commerce RESTful web service application named WAFO. The testing took place in two phases, namely token generation and token verification, and compared EdDSA and ECDSA across three user load levels: 50, 150, and 250 users. The parameters or metrics utilized consisted of response time, throughput, and utilization (CPU and memory). From the test results, EdDSA exhibited several advantages in the parameters of response time, CPU usage, and memory usage, particularly at a user load of 50 for each test phase. The respective response time differences were 6.34% and 0.16%, with CPU usage differences of 5.67% and 1.84%, while memory usage differences were 0.11% and 0.21%. Meanwhile, in terms of throughput, EdDSA only excelled at a user load of 150 in both phases, with differences of 0.49% and 0.10%. Based on these test results, EdDSA demonstrated competitive performance and various advantages over ECDS

Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations

EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This paper describes an attack against some of the most popular EdDSA implementations, which results in an adversary recovering the private key used during signing. With this recovered secret key, an adversary can sign arbitrary messages that would be seen as valid by the EdDSA verification function. A list of libraries with vulnerable APIs at the time of publication is provided. Furthermore, this paper provides two suggestions for securing EdDSA signing APIs against this vulnerability while it additionally discusses failed attempts to solve the issue

Manifesting Unobtainable Secrets: Threshold Elliptic Curve Key Generation using Nested Shamir Secret Sharing

We present a mechanism to manifest unobtainable secrets using a nested Shamir secret sharing scheme to create public/private key pairs for elliptic curves. A threshold secret sharing scheme can be used as a decentralised trust mechanism with applications in identity validation, message decryption, and agreement empowerment. Decentralising trust means that there is no single point vulnerability which could enable compromise of a system. Our primary interest is in twisted Edwards curves as used in EdDSA, and the related Diffie-Hellman key-exchange algorithms. The key generation is also decentralised, so can be used as a decentralised secret RNG suitable for use in other algorithms. The algorithms presented could be used to fill a ``[TBS]'' in the draft IETF specification ``Threshold modes in elliptic curves'' published in 2020 and updated in 2022

Scalable Multi-domain Trust Infrastructures for Segmented Networks

Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Internet connection within an isolated or autonomously acting collection of devices? For this, a trusted entity can be elected to generate a key pair and then split the private key amongst trusted devices. Each node can then sign part of the transaction using their split of the shared secret. The aggregated signature can then define agreement on a consensus within the infrastructure. Unfortunately, this process has two significant problems. The first is when no trusted node can act as a dealer of the shares. The second is the difficulty of scaling the digital signature scheme. This paper outlines a method of creating a leaderless approach to defining trust domains to overcome weaknesses in the scaling of the elliptic curve digital signature algorithm. Instead, it proposes the usage of the Edwards curve digital signature algorithm for the definition of multiple trust zones. The paper shows that the computational overhead of the distributed key generation phase increases with the number of nodes in the trust domain but that the distributed signing has a relatively constant computational overhead

I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context

The Internet of Things (IoT), in spite of its innumerable advantages, brings many challenges namely issues about users' privacy preservation and constraints about lightweight cryptography. Lightweight cryptography is of capital importance since IoT devices are qualified to be resource-constrained. To address these challenges, several Attribute-Based Credentials (ABC) schemes have been designed including I2PA, U-prove, and Idemix. Even though these schemes have very strong cryptographic bases, their performance in resource-constrained devices is a question that deserves special attention. This paper aims to conduct a performance evaluation of these schemes on issuance and verification protocols regarding memory usage and computing time. Recorded results show that both I2PA and U-prove present very interesting results regarding memory usage and computing time while Idemix presents very low performance with regard to computing time

Batch Verification of Elliptic Curve Digital Signatures

This thesis investigates the efficiency of batching the verification of elliptic curve signatures. The first signature scheme considered is a modification of ECDSA proposed by Antipa et al.\ along with a batch verification algorithm by Cheon and Yi. Next, Bernstein's EdDSA signature scheme and the Bos-Coster multi-exponentiation algorithm are presented and the asymptotic runtime is examined. Following background on bilinear pairings, the Camenisch-Hohenberger-Pedersen (CHP) pairing-based signature scheme is presented in the Type 3 setting, along with the derivative BN-IBV due to Zhang, Lu, Lin, Ho and Shen. We proceed to count field operations for each signature scheme and an exact analysis of the results is given. When considered in the context of batch verification, we find that the Cheon-Yi and Bos-Coster methods have similar costs in practice (assuming the same curve model). We also find that when batch verifying signatures, CHP is only 11\% slower than EdDSA with Bos-Coster, a significant improvement over the gap in single verification cost between the two schemes

Analytical Study of Modified RSA Algorithms for Digital Signature

Digital signature has been providing security services to secure electronic transaction. Rivest Shamir Adleman (RSA) algorithm was most widely used to provide security technique for many applications, such as e-mails, electronic funds transfer, electronic data interchange, software distribution, data storage, electronic commerce and secure internet access. In order to include RSA cryptosystem proficiently in many protocols, it is desired to formulate faster encryption and decryption operations. This paper describes a systematic analysis of RSA and its variation schemes for Digital Signature. DOI: 10.17762/ijritcc2321-8169.15031