Paper 2025/523

Assembly optimised Curve25519 and Curve448 implementations for ARM Cortex-M4 and Cortex-M33

Emil Lenngren
Abstract

Since the introduction of TLS 1.3, which includes X25519 and X448 as key exchange algorithms, one could expect that high efficient implementations for these two algorithms become important as the need for power efficient and secure IoT devices increases. Assembly optimised X25519 implementations for low end processors such as Cortex-M4 have existed for some time but there has only been scarce progress on optimised X448 implementations for low end ARM processors such as Cortex-M4 and Cortex-M33. This work attempts to fill this gap by demonstrating how to design a constant time X448 implementation that runs in 2 273 479 cycles on Cortex-M4 and 2 170 710 cycles on Cortex-M33 with DSP. An X25519 implementation is also presented that runs in 441 116 cycles on Cortex-M4 and 411 061 cycles on Cortex-M33 with DSP.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Curve25519Curve448X25519X448Cortex-M4Cortex-M33assemblyimplementations
Contact author(s)
emil lenngren @ gmail com
History
2025-03-21: approved
2025-03-19: received
See all versions
Short URL
https://ia.cr/2025/523
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/523,
      author = {Emil Lenngren},
      title = {Assembly optimised Curve25519 and Curve448 implementations for {ARM} Cortex-M4 and Cortex-M33},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/523},
      year = {2025},
      url = {https://eprint.iacr.org/2025/523}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.