Four $\mathbb {Q}$ Q on Embedded Devices with Strong Countermeasures Against Side-Channel Attacks

This work deals with the energy-efficient, high-speed and high-security implementation of elliptic curve scalar multiplication, elliptic curve Diffie-Hellman (ECDH) key exchange and elliptic curve digital signatures on embedded devices using Four $\mathbb {Q}$Q and incorporating strong countermeasures to thwart a wide variety of side-channel attacks. First, we set new speed records for constant-time curve-based scalar multiplication, DH key exchange and digital signatures at the 128-bit security level with implementations targeting 8, 16 and 32-bit microcontrollers. For example, our software computes a static ECDH shared secret in $\sim$∼ 6.9 million cycles (or 0.86 seconds @8 MHz) on a low-power 8-bit AVR microcontroller which, compared to the fastest Curve25519 and genus-2 Kummer implementations on the same platform, offers 2x and 1.4x speedups, respectively. Similarly, it computes the same operation in $\sim$∼ 495 thousand cycles on a 32-bit ARM Cortex-M4 microcontroller, achieving a factor-1.9 speedup when compared to the fastest Curve25519 implementation targeting another Cortex-M4 platform. A similar speed performance is observed in the case of digital signatures. Second, we engineer a set of side-channel countermeasures taking advantage of Four $\mathbb {Q}$Q 's rich arithmetic and propose a secure implementation that offers protection against a wide range of sophisticated side-channel attacks, including differential power analysis (DPA). Despite the use of strong countermeasures, the experimental results show that our Four $\mathbb {Q}$Q software is still efficient enough to outperform implementations of Curve25519 that only protect against timing attacks. Finally, we perform a differential power analysis evaluation of our software running on an ARM Cortex-M4, and report that no leakage was detected with up to 10 million traces. These results demonstrate the potential of deploying Four $\mathbb {Q}$Q on low-power applications such as protocols for the Internet of Things.