ECDSA and ECDH cryptographic algorithms for 8-bit AVR microcontrollers

Contents:

General information

CRS-AVR010X-ECC cryptographic software implements ECDSA digital signature and ECDH algorithm. It supports 8-bit AVR microcontrollers manufactured by Atmel. Since complex calculations are required, we strongly recommend to use the software only for ATmega microcontrollers.

Moreover, the software offers the implementation of CRS-AVR020X-RBG random bit generator based on the properties of Analog-to-Digital Converter. Hence the functionality of the software is full only when used along with microcontrollers with built-in converter.

Depending on the configuration, the CRS-AVR010X-ECC implementation requires from 5 to 8 kB of Flash memory of microcontroller and from 750 to 900 B of SRAM memory.

Level of cryptographic protection

The software is available in four versions, each one offering different level of cryptographic protection. The table below presents the relation between the implemented domain of elliptic curve and the level of protection provided. Every row of the table corresponds to an equal level of protection. For instance: the cryptographic power of the secp160r1 domain is equal to the power of an 80-bit key symmetric cipher and the power of a 1024-bit RSA key.

Domain ECDSA/ECDH key bits Symmetric cipher key bits RSA key bits
secp160r1160801024
secp192r1192961536
secp224r12241122048
secp256r12561283072

The cryptographic domains employed are commonly known and had been published in the SEC 2 standard.

However, choosing the most suitable domain for a particular application is not an easy task. First of all, one should decide whether to give priority to the speed or to the security level. The secp160r1 domain is the fastest one but provides a lower level of protection comparing with secp192r1, secp224r1 and secp256r1. The table below presents predictions made by the National Institute for Standards and Technology (NIST) regarding the time period until which particular domains are expected to assure security.

DomainSecurity life time
secp160r1to 2010
secp192r1to 2020
secp224r1to 2030
secp256r1beyond 2030

The times of completing particular operations are available in the section entitled operating times.

Action times

The table below presents operating times for particular domains

OperationDomain 8MHz12MHz
ECDSA / ECDHsecp160r12.4 [s] 1.6 [s]
ECDSA / ECDHsecp192r13.3 [s] 2.2 [s]
ECDSA / ECDHsecp224r14.7 [s] 3.2 [s]
ECDSA / ECDHsecp256r19.6 [s] 6.4 [s]

The operation of the ECDSA signature may be accelerated by employing additional memory. The table below presents the indispensable memory and operating time for completing a signature for particular domains.

OperacjaDomain 8MHz12MHzAdditional memory
ECDSAsecp160r11.1 [s]0.8 [s] 6400 [B]
ECDSAsecp192r11.4 [s]1.0 [s] 9216 [B]
ECDSAsecp224r11.9 [s]1.3 [s] 12544 [B]
ECDSAsecp256r13.4 [s]2.3 [s] 16384 [B]