1

(2 replies, posted in wolfCrypt)

Thanks for your response

It is great that you have it already, although only in the fast version.

70 KB extra flash for the bootloader is plenty though. And 5000% slowdown by using ED448_SMALL is also plenty. Some speedup in the small ED448 functions would be welcome, or an intermediate optimization level.

I'll have a second look into WolfBoot although our own bootloader is pretty much in place. And we need better than 128-bit security due to the long expected time on market as bootloaders are intended to be fused. Replacing them means replacing hardware.

We will have a commercial license for WolfSSL eventually. But right now we are years ahead of launch so we wait with the license fees ;-).

2

(2 replies, posted in wolfCrypt)

Working with bootloaders for an embedded system.

We wish to use ED448 for signature verification of appplications since we won't be able to replace bootloaders in the field and the product has a long time to end-of-life.

Without ED448_SMALL I managed to squeeze the bootloader into 115 KB on a STM32H7@480 MHz. Signature verification took 12 ms which is excellent.

Memory footprint will get us in trouble though when we implement bootladers on a STM32G4 and a STM32L0.

With ED448_SMALL bootloader size is reduced to 43 KB. Difference in size is 72 KB due to this flag. But performance is reduced to 609 ms, i.e. 50 times slower.

Startup requirements will cause trouble in the less performant microcontrollers.

Have you considered some intermediate optimization? There are papers describing implementations using the Karatsuba fast multiplication, e.g.

https://koreascience.kr/article/JAKO201950548326815.pdf