• Registered: 2024-08-27
  • Posts: 2

Topic: ed448 space/performance

Working with bootloaders for an embedded system.

We wish to use ED448 for signature verification of appplications since we won't be able to replace bootloaders in the field and the product has a long time to end-of-life.

Without ED448_SMALL I managed to squeeze the bootloader into 115 KB on a STM32H7@480 MHz. Signature verification took 12 ms which is excellent.

Memory footprint will get us in trouble though when we implement bootladers on a STM32G4 and a STM32L0.

With ED448_SMALL bootloader size is reduced to 43 KB. Difference in size is 72 KB due to this flag. But performance is reduced to 609 ms, i.e. 50 times slower.

Startup requirements will cause trouble in the less performant microcontrollers.

Have you considered some intermediate optimization? There are papers describing implementations using the Karatsuba fast multiplication, e.g.

https://koreascience.kr/article/JAKO201950548326815.pdf

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 352

Re: ed448 space/performance

Hello Jens,

Thanks for joining the wolfSSL Forums.

Yes, we implemented Karatsuba in 2022:
https://github.com/wolfSSL/wolfssl/pull/4853
You'll see some comparison benchmarks in the comments of that PR

Have you checked out our wolfBoot project?
https://github.com/wolfSSL/wolfBoot
https://github.com/wolfSSL/wolfBoot/blo … md#stm32h7

Feel free to email us at support@wolfssl.com with any questions.

Kind regards,
Eric - wolfSSL Support

embhorn's Website

Share

  • Registered: 2024-08-27
  • Posts: 2

Re: ed448 space/performance

Thanks for your response

It is great that you have it already, although only in the fast version.

70 KB extra flash for the bootloader is plenty though. And 5000% slowdown by using ED448_SMALL is also plenty. Some speedup in the small ED448 functions would be welcome, or an intermediate optimization level.

I'll have a second look into WolfBoot although our own bootloader is pretty much in place. And we need better than 128-bit security due to the long expected time on market as bootloaders are intended to be fused. Replacing them means replacing hardware.

We will have a commercial license for WolfSSL eventually. But right now we are years ahead of launch so we wait with the license fees ;-).

Share