## Crypto for Tiny Objects (2004)

Citations: | 20 - 2 self |

### BibTeX

@TECHREPORT{Malan04cryptofor,

author = {David Malan and David Malan},

title = {Crypto for Tiny Objects},

institution = {},

year = {2004}

}

### OpenURL

### Abstract

This work presents the first known implementation of elliptic curve cryptography for sensor networks, motivated by those networks' need for an e#cient, secure mechanism for shared cryptographic keys' distribution and redistribution among nodes. Through instrumentation of UC Berkeley's TinyOS, this work demonstrates that secret-key cryptography is already viable on the MICA2 mote. Through analyses of another's implementation of modular exponentiation and of its own implementation of elliptic curves, this work concludes that public-key infrastructure may also be tractable in 4 kilobytes of primary memory on this 8-bit, 7.3828-MHz device.

### Citations

2924 | New directions in cryptography
- Diffie, Hellman
- 1976
(Show Context)
Citation Context ...(b) TinyOS packet format with TinySec. 3 DLP and the MICA2 With the utility of SKIPJACK-based TinySec thus motivated and the mechanism’s costs exposed, this work turns to DLP, on which Diffie-Hellma=-=n [22] is ba-=-sed, as the foundation for one possible answer to the MICA2’s problems of shared keys’ distribution and redistribution. DLP typically involves recovery of a x ∈ Zp, given p, g, and g x (mod p), ... |

1564 | System architecture directions for network sensors
- Hill, Szewczyk, et al.
- 2000
(Show Context)
Citation Context ...se needs. Consider the MICA2 mote [3], designed by researchers at the University of California at Berkeley and fabricated by Crossbow Technology, Inc.: supported by Berkeley’s TinyOS operating syste=-=m [34]-=- and the NesC programming language [26], this device, whose size is dominated by its two AA batteries, offers an 8-bit, 7.3828-MHz ATmega 128L processor, 4 kilobytes (KB) of SRAM, 128 KB of program sp... |

815 | Spins: Security protocols for sensor networks
- Perrig, Szewczyk, et al.
- 2001
(Show Context)
Citation Context ...nally expensive or power-intensive operations. For this reason is public-key cryptography often ruled out for sensor networks as an infrastructure for authentication, integrity, privacy, and security =-=[56, 5]-=-. But too infrequently are such condemnations backed by actual data. In fact, save for a cursory analysis of an implementation of RSA on the MICA2 [64], little, if any, empirical research has been pub... |

773 | The nesC Language: A Holistic Approach to Networked Embedded Systems
- Gay, Levis, et al.
- 2000
(Show Context)
Citation Context ...designed by researchers at the University of California at Berkeley and fabricated by Crossbow Technology, Inc.: supported by Berkeley’s TinyOS operating system [34] and the NesC programming languag=-=e [26]-=-, this device, whose size is dominated by its two AA batteries, offers an 8-bit, 7.3828-MHz ATmega 128L processor, 4 kilobytes (KB) of SRAM, 128 KB of program space, 512 KB of EEPROM, and a 433-MHz ra... |

762 |
Elliptic curve cryptosystems
- Koblitz
(Show Context)
Citation Context ...ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets among eavesdroppers with perfect forward secrecy, as described in Figure 13. ECDLP, on which ECC =-=[48, 36] is-=- based, typically involves recovery over some Galois (i.e., finite) field, F, of k ∈ F, given (at least) k · G, G, and E, where G is a point on an elliptic curve, E, a smooth curve of the long Weie... |

575 |
Use of Elliptic Curve in Cryptography
- Miller
- 1985
(Show Context)
Citation Context ...ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets among eavesdroppers with perfect forward secrecy, as described in Figure 13. ECDLP, on which ECC =-=[48, 36] is-=- based, typically involves recovery over some Galois (i.e., finite) field, F, of k ∈ F, given (at least) k · G, G, and E, where G is a point on an elliptic curve, E, a smooth curve of the long Weie... |

449 |
Modular multiplication without trial division
- Montgomery
- 1985
(Show Context)
Citation Context ...e. But the operation can be avoided through use of projective (as opposed to affine) coordinates [29]. Although relatively efficient algorithms exist for modular reduction (e.g., those of Montogomery =-=[49]-=- or Barrett [10]), selection of a generalized Mersene number for p would also allow modular reduction to be executed as a more efficient sequence of three additions (mod p) [61]. Contingent on its opt... |

346 | Habitat monitoring: Application driver for wireless communications technology
- Cerpa, Elson, et al.
- 2001
(Show Context)
Citation Context ...ructure may also be tractable in 4 kilobytes of primary memory on this 8-bit, 7.3828-MHz device. 1 Introduction Wireless sensor networks have been proposed for such applications as habitat monitoring =-=[15]-=-, structural health monitoring [38], emergency medical care [6], and vehicular tracking [8], all of which demand some combination of authentication, integrity, privacy, and security. Unfortunately, th... |

310 |
Reducing elliptic curve logarithms to logarithms in a ¯nite ¯eld
- Menezes, Okamoto, et al.
- 1993
(Show Context)
Citation Context ....0. Inasmuch as 1.0 selects curves at random, it risks (albeit with exponentially small probability) selection of supersingular curves which are vulnerable to sub-exponential attack via MOV reduction =-=[46] w-=-ith index-calculus methods [60]. EccM 2.0 thus obeys NIST’s recommendation for ECC over F2p [51], selecting, for the results herein, for the reduction polynomial, f(x) = x 163 + x 7 + x 6 + x 3 + 1 ... |

302 |
Digitalized Signatures and Public Key Functions as Intractable as Factoring
- Rabin
- 1979
(Show Context)
Citation Context ... price than 1,024 bits: 163 bits. Indeed, elliptic curves are thought to offer computationally equivalent security with remarkably smaller key sizes insofar as subexponential algorithms exist for DLP =-=[9, 27, 57, 40]-=-, but no such algorithm is known or thought to exist for ECDLP over certain fields [25, 18]. 4 ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets am... |

277 | Authentication and authenticated key exchanges
- Diffie, Oorschot, et al.
- 1992
(Show Context)
Citation Context ...ement, upon a shared secret, even in the midst of eavesdroppers, with perfect forward secrecy, as depicted in Figure 7. Authenticated exchanges are possible with the station-to-station protocol (STS) =-=[23], a vari-=-ant of Diffie-Hellman. Transmission Time without TinySec with TinySec Difference Median 72,904 µs 74,367 µs 1,463 µs Mean 74,844 µs 76,088 µs 1,244 µs Standard Deviation 24,248 µs 24,645 µs n/... |

268 |
New directions in cryptography
- Di±e, Hellman
- 1976
(Show Context)
Citation Context ...; (b) TinyOS packet format with TinySec. 3 DLP and the MICA2 With the utility of SKIPJACK-based TinySec thus motivated and the mechanism's costs exposed, this work turns to DLP, on which Di#e-Hellman =-=[22]-=- is based, as the foundation for one possible answer to the MICA2's problems of shared keys' distribution and redistribution. DLP typically involves recovery of a x # Z p , given p, g, and g x (mod p)... |

214 |
A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields”, Algorithmic Number Theory
- Adleman, DeMarrais, et al.
- 1994
(Show Context)
Citation Context ... price than 1,024 bits: 163 bits. Indeed, elliptic curves are thought to offer computationally equivalent security with remarkably smaller key sizes insofar as subexponential algorithms exist for DLP =-=[9, 27, 57, 40]-=-, but no such algorithm is known or thought to exist for ECDLP over certain fields [25, 18]. 4 ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets am... |

173 |
Elliptic curves in cryptography
- Blake, Seroussi, et al.
- 1999
(Show Context)
Citation Context ...nd base point recommended by NIST the node’s public key, the running time of which is then transmitted to the node’s UART. In this version, multiplication of points is achieved with Algorithm IV.1=-= in [13]-=-. Multiplication of elements in F2p, meanwhile, is implemented as Algorithm 2 in [32], while inversion is implemented as Algorithm 8 in the same. Beyond rendering 163-bit keys feasible, EccM 2.0 also ... |

169 | A survey of fast exponentiation methods
- Gordon
- 1996
(Show Context)
Citation Context ...s defined as where where provided x1 �= 0. (x1, y1) + (x1, y1) = (x3, y3), (x3, y3) = (λ 2 + λ + a, x 2 1 + (λ + 1)x3), λ = x1 + y1x −1 1 , With these primitives is point multiplication also p=-=ossible [28]-=-. With an algebraic structure on the points of elliptic curves over F2p thus defined, implementation of a cryptosystem is now possible. 9s4.2 ECC over F2 p Implementation of ECC over F2p first require... |

160 | Software Implementation of Elliptic Curve Cryptography Over Binary Fields
- Hankerson, Hernandez, et al.
- 2000
(Show Context)
Citation Context ... then transmitted to the node’s UART. In this version, multiplication of points is achieved with Algorithm IV.1 in [13]. Multiplication of elements in F2p, meanwhile, is implemented as Algorithm 2 i=-=n [32]-=-, while inversion is implemented as Algorithm 8 in the same. Beyond rendering 163-bit keys feasible, EccM 2.0 also redresses another shortcoming in EccM 1.0. Inasmuch as 1.0 selects curves at random, ... |

143 | Constructive and destructive facets of Weil descent on elliptic curves
- Gaudry, Hess, et al.
- 2002
(Show Context)
Citation Context ...ivalent security with remarkably smaller key sizes insofar as subexponential algorithms exist for DLP [9, 27, 57, 40], but no such algorithm is known or thought to exist for ECDLP over certain fields =-=[25, 18]-=-. 4 ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets among eavesdroppers with perfect forward secrecy, as described in Figure 13. ECDLP, on which ... |

131 |
CM-curves with good cryptographic properties
- Koblitz
(Show Context)
Citation Context ...ted to the node’s UART. Based upon code by Michael Rosing [58], EccM 1.0 employs a number of optimizations. Addition of points is implemented in accordance with [59]; multiplication of points follow=-=s [37]-=-; conversion of integers to non-adjacent form is accomplished as in [62]. Generation of pseudorandom numbers, meanwhile, is achieved with [45]. On first glance, the results, offered in Figure 15, are ... |

115 | Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials
- Biham, Biryukov, et al.
- 2005
(Show Context)
Citation Context ...t the mechanism is not without value. After all, it does offer an 80-bit key space, known attacks on which can involve up to 2 79 operations on average (assuming SKIPJACK isn’t reduced from 32 round=-=s [12]).-=- And, as packets with TinySec include a 4-byte message authentication code (MAC), the probability of blind forgery is 2 −32 . This security comes at a cost of just five bytes (B): whereas transmissi... |

110 |
Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a
- Barrett
- 1986
(Show Context)
Citation Context ...tion can be avoided through use of projective (as opposed to affine) coordinates [29]. Although relatively efficient algorithms exist for modular reduction (e.g., those of Montogomery [49] or Barrett =-=[10]-=-), selection of a generalized Mersene number for p would also allow modular reduction to be executed as a more efficient sequence of three additions (mod p) [61]. Contingent on its optimization, EccM ... |

104 | Fast key exchange with elliptic curve systems
- Schroeppel, Orman, et al.
- 1995
(Show Context)
Citation Context ...me of these operations is then transmitted to the node’s UART. Based upon code by Michael Rosing [58], EccM 1.0 employs a number of optimizations. Addition of points is implemented in accordance wit=-=h [59]-=-; multiplication of points follows [37]; conversion of integers to non-adjacent form is accomplished as in [62]. Generation of pseudorandom numbers, meanwhile, is achieved with [45]. On first glance, ... |

92 |
An improved algorithm for arithmetic on a family of elliptic curves
- Solinas
- 1997
(Show Context)
Citation Context ... employs a number of optimizations. Addition of points is implemented in accordance with [59]; multiplication of points follows [37]; conversion of integers to non-adjacent form is accomplished as in =-=[62]-=-. Generation of pseudorandom numbers, meanwhile, is achieved with [45]. On first glance, the results, offered in Figure 15, are encouraging, with 33-bit keys requiring a running time of just 1.776 s. ... |

67 | Discrete logarithms in GF(p) using the number field sieve
- Gordon
- 1993
(Show Context)
Citation Context ... price than 1,024 bits: 163 bits. Indeed, elliptic curves are thought to offer computationally equivalent security with remarkably smaller key sizes insofar as subexponential algorithms exist for DLP =-=[9, 27, 57, 40]-=-, but no such algorithm is known or thought to exist for ECDLP over certain fields [25, 18]. 4 ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets am... |

67 |
Implementing Elliptic Curve Cryptography
- Rosing
- 1999
(Show Context)
Citation Context ...some k ∈ F2p, the node’s private key. Finally, it computes k · G, the node’s public key. The running time of these operations is then transmitted to the node’s UART. Based upon code by Michae=-=l Rosing [58]-=-, EccM 1.0 employs a number of optimizations. Addition of points is implemented in accordance with [59]; multiplication of points follows [37]; conversion of integers to non-adjacent form is accomplis... |

54 | Generalized mersenne numbers
- Solinas
- 1999
(Show Context)
Citation Context ..., those of Montogomery [49] or Barrett [10]), selection of a generalized Mersene number for p would also allow modular reduction to be executed as a more efficient sequence of three additions (mod p) =-=[61]-=-. Contingent on its optimization, EccM 3.0 might incorporate support for larger keys, particularly those sizes in Figure 19 recommended by NIST, as well as pseudorandom generation of curves and base p... |

53 |
Two-Tiered Wireless Sensor Network Architecture for Structural Health Monitoring
- Kottapalli, Kiremidjian, et al.
- 2003
(Show Context)
Citation Context ...kilobytes of primary memory on this 8-bit, 7.3828-MHz device. 1 Introduction Wireless sensor networks have been proposed for such applications as habitat monitoring [15], structural health monitoring =-=[38]-=-, emergency medical care [6], and vehicular tracking [8], all of which demand some combination of authentication, integrity, privacy, and security. Unfortunately, the state of the art offers weak, if ... |

52 |
Authentication and authenticated key exchanges
- Die, Oorschot, et al.
- 1992
(Show Context)
Citation Context ...ement, upon a shared secret, even in the midst of eavesdroppers, with perfect forward secrecy, as depicted in Figure 7. Authenticated exchanges are possible with the station-to-station protocol (STS) =-=[23]-=-, a variant of Di#e-Hellman. Transmission Time without TinySec with TinySec Di#erence Median 72,904 s 74,367 s 1,463 s Mean 74,844 s 76,088 s 1,244 s Standard Deviation 24,248 s 24,645 s n/a Standard ... |

40 | Computation of discrete logarithms in prime fields
- LaMacchia, Odlyzko
- 1991
(Show Context)
Citation Context |

37 | Elliptic curve cryptography on Smart Cards without coprocessors, Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications
- Woodbury, Bailey, et al.
- 2001
(Show Context)
Citation Context ...lementing operations over binary fields [35]. Handschuh and Paillier propose cryptographic coprocessors for smart cards [31], whereas Woodbury et al. describe ECC for smart cards without coprocessors =-=[67]. Al-=-beit for a different target, Hasegawa et al. provide a “small and fast” implementation of ECC in software over Fp for a 16-bit microcomputer [33]. Guajardo et al. describe an implementation of ECC... |

34 | An Overview of Elliptic Curve Cryptography
- López, Dahab
- 2000
(Show Context)
Citation Context ...at with smallest k; if no such trinomial exists, then f(x) is chosen to b a pentanomial, xp + xk3 k2 k1 + x + x + 1, such that k1 is minimal, k2 is minimal given k1, and k3 is minimal given k1 and k2 =-=[43]. I-=-n polynomial basis, addition of two elements, a and b is defined as a + b = c, where ci ≡ ai + bi (mod 2) (i.e., a sequence of XORs). Multiplication of a and b, meanwhile, is defined as a · b = c, ... |

33 | Pgp in constrained wireless devices
- Brown, Cheung, et al.
- 2000
(Show Context)
Citation Context ...-bit TI MSP430x33x family of microcontrollers [30]. Weimerskirch et al., meanwhile, offer an implementation of ECC for Palm OS [65], and Brown et al. offer the same for Research In Motion’s RIM page=-=r [14]. Zi-=-gBee, on the other hand, shares this work’s aim of wireless security for sensor networks albeit not with ECC but with AES-128 [7]. Meanwhile, recommendations for ECC’s parameters abound, among aca... |

28 | Smart Card Crypto-Coprocessors for Public-Key Cryptography
- Handschuh, Paillier
- 2000
(Show Context)
Citation Context ...d, 8-bit processors [66]. Jung et al. propose supplementary hardware for AVR implementing operations over binary fields [35]. Handschuh and Paillier propose cryptographic coprocessors for smart cards =-=[31], wh-=-ereas Woodbury et al. describe ECC for smart cards without coprocessors [67]. Albeit for a different target, Hasegawa et al. provide a “small and fast” implementation of ECC in software over Fp fo... |

28 |
Lenstra and Eric R. Verheul. Selecting cryptographic key sizes
- Arjen
- 2000
(Show Context)
Citation Context ...e, on the other hand, shares this work’s aim of wireless security for sensor networks albeit not with ECC but with AES-128 [7]. Meanwhile, recommendations for ECC’s parameters abound, among academ=-=ics [41]-=-, among corporations [20], and within government [51, 47]. A number of implementations of ECC in software are freely available, though none are particularly well-suited for the MICA2, in no small part... |

24 | Elliptic curve discrete logarithms and the index calculus
- Silverman, Suzuki
- 1999
(Show Context)
Citation Context ...s at random, it risks (albeit with exponentially small probability) selection of supersingular curves which are vulnerable to sub-exponential attack via MOV reduction [46] with index-calculus methods =-=[60]. Ec-=-cM 2.0 thus obeys NIST’s recommendation for ECC over F2p [51], selecting, for the results herein, for the reduction polynomial, f(x) = x 163 + x 7 + x 6 + x 3 + 1 y 2 + xy ≡ x 3 + x 2 + 2982236234... |

20 | Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP 430x33x Family of Microcontrollers
- Guajardo, Blümel, et al.
(Show Context)
Citation Context ...a “small and fast” implementation of ECC in software over Fp for a 16-bit microcomputer [33]. Guajardo et al. describe an implementation of ECC for the 16-bit TI MSP430x33x family of microcontroll=-=ers [30]. We-=-imerskirch et al., meanwhile, offer an implementation of ECC for Palm OS [65], and Brown et al. offer the same for Research In Motion’s RIM pager [14]. ZigBee, on the other hand, shares this work’... |

19 | A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over
- Ernst, Jung, et al.
(Show Context)
Citation Context ...dbury’s recommendation of an optimal extension field, F (2 8 −17) 17, for low-end, 8-bit processors [66]. Jung et al. propose supplementary hardware for AVR implementing operations over binary fie=-=lds [35]-=-. Handschuh and Paillier propose cryptographic coprocessors for smart cards [31], whereas Woodbury et al. describe ECC for smart cards without coprocessors [67]. Albeit for a different target, Hasegaw... |

11 | Implementation Options for Finite Field Arithmetic for Elliptic Curve Cryptosystems,” Invited presentation at
- Paar
- 1999
(Show Context)
Citation Context ... allows for particularly space- and time-efficient algorithms. In light of its applications in coding, the field has also received more attention in the literature than those of other characteristics =-=[54]-=-. It is with this history in mind that I proceeded with my first, and, later, second, implementation of ECC over F2p toward an end of smaller public keys for the MICA2. Background for these implementa... |

8 |
Multiprecision integer and rational arithmetic c/c++ library. http: //indigo.ie/∼mscott/#Elliptic
- Ltd
(Show Context)
Citation Context ...58] offers his C-based implementation of ECC over F2p with both polynomial and normal bases. ECC-LIB [68] and pegwit [4] offer their own C-based implementations over F2p with polynomial bases. MIRACL =-=[44]-=- provides the same, with an additional option for curves over Fp. LibTomCrypt [21], also in C, focuses on Fp. Dragongate Technologies Limited, meanwhile, offers borZoi and jBorZoi [42], implementation... |

7 | Efficient Algorithms for Elliptic Curve Cryptosystems on Embedded Systems,” http://www.wpi.edu/Pubs/ETD/Available
- Woodbury
- 2001
(Show Context)
Citation Context ...ECC received much attention since its discovery in 1985. Of particular relevance to this work is Woodbury’s recommendation of an optimal extension field, F (2 8 −17) 17, for low-end, 8-bit process=-=ors [66]-=-. Jung et al. propose supplementary hardware for AVR implementing operations over binary fields [35]. Handschuh and Paillier propose cryptographic coprocessors for smart cards [31], whereas Woodbury e... |

6 |
How to disguise an elliptic curve (weil descent
- Frey, Gangl
- 1998
(Show Context)
Citation Context ...and F2p, where p is prime, as neither appears vulnerable to subexponential attack [25]. Though once popular, extension fields of composite degree over F2 are vulnerable by reduction with Weil descent =-=[24]-=- of ECDLP to DLP over hyperelliptic curves [25]. But F2p, a binary extension field, remains popular among implementations of ECC, especially those in hardware, inasmuch as it allows for particularly s... |

6 | A Small and Fast Software Implementation of Elliptic Curve Cryptosystems over GF(p) on a 16Bit Microcomputer
- Hasegawa, Nakajima, et al.
- 1999
(Show Context)
Citation Context ... describe ECC for smart cards without coprocessors [67]. Albeit for a different target, Hasegawa et al. provide a “small and fast” implementation of ECC in software over Fp for a 16-bit microcompu=-=ter [33]-=-. Guajardo et al. describe an implementation of ECC for the 16-bit TI MSP430x33x family of microcontrollers [30]. Weimerskirch et al., meanwhile, offer an implementation of ECC for Palm OS [65], and B... |

5 |
Elliptic Curve Cryptography FAQ v1.12 22nd,” http://www. cryptoman.com/elliptic.htm
- Barwood
- 1997
(Show Context)
Citation Context ...0, a1, . . . , ap−1}, where {α0, α1, . . . , αp−1} is its basis over F2. Most common for bases over F2 are polynomial bases and normal bases, whereby the former tends to be more efficient in so=-=ftware [11]-=-, though dual, triangular, and other bases exist. Admittedly, polynomial bases are also simpler conceptually and, thus, daresay, an apt choice for a first implementation of ECC on the MICA2. When repr... |

4 |
ATmega128(L) Preliminary Complete
- Corporation
- 2003
(Show Context)
Citation Context ...time of just 1.776 s. Unfortunately, for larger keys (e.g., 63-bit), the module fails to produce results, instead causing the mote to reset cyclically. Though this behavior appears to be undocumented =-=[19], -=-it seems the result of stack overflow. Although none of EccM’s functions are recursive, several utilize a good deal of memory for multi-word arithmetic. In fact, Figure 10s16 offers the results of a... |

4 |
The Mother of All Random Generators,” ftp://ftp.taygeta. com/pub/c/mother.c
- Marsaglia
- 1994
(Show Context)
Citation Context ...in accordance with [59]; multiplication of points follows [37]; conversion of integers to non-adjacent form is accomplished as in [62]. Generation of pseudorandom numbers, meanwhile, is achieved with =-=[45]-=-. On first glance, the results, offered in Figure 15, are encouraging, with 33-bit keys requiring a running time of just 1.776 s. Unfortunately, for larger keys (e.g., 63-bit), the module fails to pro... |

4 |
Lightweight Security for Wireless Networks of Embedded Systems,” http://www.is.bbn.com/projects/lws-nest/bbn nest apr 03. ppt
- Watro
- 2003
(Show Context)
Citation Context ...hentication, integrity, privacy, and security [56, 5]. But too infrequently are such condemnations backed by actual data. In fact, save for a cursory analysis of an implementation of RSA on the MICA2 =-=[64]-=-, little, if any, empirical research has been published on the viability of public-key infrastructure (PKI) for sensor networks. It is precisely this void that this paper aspires to fill. By way of it... |

4 |
ECC-LIB: A Library for Elliptic Curve Cryptography,” http://www.ceid.upatras.gr/faculty/zaro/software/ecc-lib
- Zaroliagis
(Show Context)
Citation Context ...ticularly well-suited for the MICA2, in no small part due to their memory requirements. Ros16sing [58] offers his C-based implementation of ECC over F2p with both polynomial and normal bases. ECC-LIB =-=[68]-=- and pegwit [4] offer their own C-based implementations over F2p with polynomial bases. MIRACL [44] provides the same, with an additional option for curves over Fp. LibTomCrypt [21], also in C, focuse... |

3 |
Wireless Sensor Networks for Emergency Medical Care, http: //www.eecs.harvard.edu/∼mdw/proj/vitaldust
- Dust
(Show Context)
Citation Context ...n this 8-bit, 7.3828-MHz device. 1 Introduction Wireless sensor networks have been proposed for such applications as habitat monitoring [15], structural health monitoring [38], emergency medical care =-=[6]-=-, and vehicular tracking [8], all of which demand some combination of authentication, integrity, privacy, and security. Unfortunately, the state of the art offers weak, if any, guarantees of these nee... |

3 |
Remarks on the security of the elliptic curve cryptosystem. http://www
- Corp
- 2000
(Show Context)
Citation Context ...ivalent security with remarkably smaller key sizes insofar as subexponential algorithms exist for DLP [9, 27, 57, 40], but no such algorithm is known or thought to exist for ECDLP over certain fields =-=[25, 18]-=-. 4 ECDLP and the MICA2 Elliptic curves offer an alternative foundation for the exchange of shared secrets among eavesdroppers with perfect forward secrecy, as described in Figure 13. ECDLP, on which ... |

3 |
How to Disguise an Elliptic Curve (Weil Descent),” ECC ’98
- Frey, Gangl
- 1998
(Show Context)
Citation Context ...F 2 p , where p is prime, as neither appears vulnerable to subexponential attack [25]. Though once popular, extension fields of composite degree over F 2 are vulnerable by reduction with Weil descent =-=[24]-=- of ECDLP to DLP over hyperelliptic curves [25]. But F 2 p , a binary extension field, remains popular among implementations of ECC, especially those in hardware, inasmuch as it allows for particularl... |

2 |
Layer Security for Tiny Devices. http://www.cs.berkeley.edu/ ∼ nks/ tinysec
- Link
(Show Context)
Citation Context ...nally expensive or power-intensive operations. For this reason is public-key cryptography often ruled out for sensor networks as an infrastructure for authentication, integrity, privacy, and security =-=[56, 5]-=-. But too infrequently are such condemnations backed by actual data. In fact, save for a cursory analysis of an implementation of RSA on the MICA2 [64], little, if any, empirical research has been pub... |