This is a state-of-the-art, 128-bit secure ECC library based on the elliptic curve FourQ [1] for 16-bit MSP430 microcontrollers.

The library was built upon FourQlib (https://github.com/Microsoft/FourQlib).

The current version contains MSP430 assembly code that is only compatible with the IAR C compiler.

The library was written by Zhe Liu ([email protected]), Geovandro Pereira ([email protected]) and Hwajeong Seo ([email protected]).

• iar-ide: project files for compilation with the IAR Workbench.
• License.txt: MIT License file.
• README.md: this readme file.

The source folder src contains:

• Main .c and .h files: library and header files. Public API for ECC scalar multiplication, key exchange and signatures is in src/FourQ_api.h.
• src/MSP430/: folder with library files implementing low-level arithmetic for MSP430.
• src/blake2b/: folder with implementation of hash function BLAKE2b.
• src/random/: folder with pseudo-random generation function (ONLY FOR TESTING).
• src/tests/: test files for AVR.

• Random values are generated with rand(). This is NOT a cryptographically secure function. Users should replace this function with a cryptographically-secure PRNG (see random.c) .

• For the specific case of MSP430FRxxxx devices supporting FRAM technology we assume a default 8MHz clock operation. If the MCU is overclocked to 16 MHz (maximum possible speed), e.g., on the MSP430FR5969, then a cache memory is activated and cache attacks may apply. For these cases, the implementation provides an option to use code that is secure against cache attacks (see Instructions below).

The library includes an implementation of BLAKE2b which is used by default by SchnorrQ signatures (see blake2b/).

Users can provide their own hash implementations by replacing the functions in blake2b/, and applying the corresponding changes to the settings in FourQ.h. Refer to [2] for the security requirements for the cryptographic hash function.

• Support for co-factor Elliptic Curve Diffie-Hellman (ECDH) key exchange [3].
• Support for the SchnorrQ digital signature scheme [2].
• Support for 3 core elliptic curve operations: variable-base, fixed-base and double-scalar multiplications.
• Includes an optimized implementation for 16-bit MSP430 microcontrollers with support for the IAR C compiler [5].
• Includes testing and benchmarking code for field arithmetic, elliptic curve and cryptographic functions.
• All functions evaluating secret data have regular, constant-time execution, protecting against timing and cache attacks.
• Includes an option to disable the use of the fast endomorphisms.

Download the IAR Workbench for MSP430 (https://www.iar.com/iar-embedded-workbench/).

Open the project file microFourQ-MSP.eww and compile by clicking on Project > Rebuild All.

Project settings can be accessed and modified by going to Project > Options....

When the software is ran at above 8MHz on MSP430FRxxxx devices, it MUST be configured without the option _NO_CACHE_MEM_ to avoid cache attacks. Go to Project > Options... > C/C++ Compiler > Preprocessor and eliminate the _NO_CACHE_MEM_ entry in the "defined symbols" list. Repeat this process for eccp2.c (right click on the file and then go to Options... > C/C++ Compiler > Preprocessor). Finally, proceed to rebuild.

This library is licensed under the MIT License; see License.txt for details.

It is based on the Microsoft library FourQlib (https://github.com/Microsoft/FourQlib), which is also licensed under MIT.

The BLAKE2b implementation, written by Thomas Pornin, is under an MIT-like open source license (see blake.c).

[1] Craig Costello and Patrick Longa, "FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime". Advances in Cryptology - ASIACRYPT 2015, 2015. The extended version is available here.

[2] Craig Costello and Patrick Longa. "SchnorrQ: Schnorr signatures on FourQ". MSR Technical Report, 2016. Available here.

[3] Watson Ladd, Patrick Longa and Richard Barnes, "Curve4Q". Internet-Draft, draft-ladd-cfrg-4q-01, 2017. Available here.

[4] Patrick Longa, "FourQNEON: faster elliptic curve scalar multiplications on ARM processors". Selected Areas in Cryptography (SAC 2016), 2016. Preprint available here.

[5] Zhe Liu, Patrick Longa, Geovandro Pereira, Oscar Reparaz and Hwajeong Seo, "FourQ on embedded devices with strong countermeasures against side-channel attacks". Preprint available here.