Hardware/software co-design flavors of elliptic curve scalar multiplication

Many electronic applications use cryptographic algorithms implemented in embedded devices to provide some form of security, e.g. smart cards (banking, SIM, access control), mobile phones, wifi routers, etc. The tight resource constraints of the devices, typically silicon area and power or energy, together with requirements from the application, typically latency or throughput, demand highly efficient implementations of the often computationally complex cryptographic algorithms. We provide a broad overview of the hardware/software co-design space for an essential component of many cryptographic protocols. Based on our experience from teaching a master level course about hardware/software co-design, we explore four typical implementation options and provide concrete implementation results. In addition to the aforementioned criteria, resistance against implementation attacks is vital for the security of embedded cryptographic devices. We analyze our four implementations with respect to a security issue that is due to their electromagnetic emanations, and highlight multiple vulnerabilities that can be exploited to break their security. Next, we investigate state-of-the-art implementation options that are supposed to resist these attacks. We detail their implementation cost and show that it is non-trivial to implement these options securely. Our main contribution is a comprehensive analysis of many implementation options with respect to implementation cost and attack resistance on a single common platform.