Hello !
https://www.nxp.com/docs/en/white-paper/IOTSECWP.pdf
here in the page 4 is mentioned that CASPER driver supports :
– Elliptic Prime Curve 521-bit (EC_secp521r1)
But no any benchmark digits.
What is current situation , can P521 be accelerated ( at list partially ) on CASPER ?
Pure SW routines is too slow on LPC55.
Regards,
Eugene
Hi, Eugene,
In the SDK package for LPC55S69, there is CASPER examples, which includes the RSA example and ECC examples. I copy the screenshot for loading the casper examples in SDK package. there is 256 bits and 384 bits ECC examples.
Hope it can help you
this is part of the code:
/* Begin code to test elliptic curve scalar multiplication. */
{
int i;
int m1, m2;
int errors = 0;
for (i = 0; i < 8; i++)
{
PRINTF("Round: %d\r\n", i);
uint32_t X1[8], Y1[8];
uint32_t *X3 = &test_ecmulans[i][0];
uint32_t *Y3 = &test_ecmulans[i][8];
CASPER_ECC_SECP256R1_Mul(CASPER, X1, Y1, &test_ecmulans[0][0], &test_ecmulans[0][8], test_ecmulscalar[i]);
CASPER_ECC_equal(&m1, X1, X3);
CASPER_ECC_equal(&m2, Y1, Y3);
if (m1 != 0 || m2 != 0)
{
errors++;
}
}
if (errors != 0)
{
PRINTF("Not all EC scalar multipication tests were succesfull.\r\n");
PRINTF("%d / 8 tests failed.\n", errors);
}
else
{
PRINTF("All EC scalar multiplication tests were succesfull.\r\n");
}
}
/* End code to test elliptic curve scalar multiplication. */
/* Begin code to test elliptic curve double scalar multiplication. */
{
int i;
int m1, m2;
int errors = 0;
uint32_t c3[NUM_LIMBS], c4[NUM_LIMBS];
for (i = 0; i < 8; i++)
{
PRINTF("Round: %d\r\n", i);
uint32_t *c1 = &test_ecddoublemul_result[i][0];
uint32_t *c2 = &test_ecddoublemul_result[i][NUM_LIMBS];
CASPER_ECC_SECP256R1_MulAdd(CASPER, c3, c4, &test_ecddoublemul_base[0][0],
&test_ecddoublemul_base[0][NUM_LIMBS], &test_ecddoublemul_scalars[i][0],
&test_ecddoublemul_base[1][0], &test_ecddoublemul_base[1][NUM_LIMBS],
&test_ecddoublemul_scalars[i][NUM_LIMBS]);
CASPER_ECC_equal(&m1, c1, c3);
CASPER_ECC_equal(&m2, c2, c4);
if (m1 != 0 || m2 != 0)
{
errors++;
}
}
if (errors != 0)
{
PRINTF("Not all EC double scalar multipication tests were succesfull.\r\n");
PRINTF("%d / 8 tests failed.\n", errors);
}
else
{
PRINTF("All EC double scalar multiplication tests were succesfull.\r\n");
}
}
/* End code to test elliptic curve double scalar multiplication. */
#elif CASPER_ECC_P384
PRINTF("Casper ECC Demo P384\r\n\r\n");
/* Begin code to test elliptic curve scalar multiplication. */
{
int i;
int m1, m2;
int errors = 0;
for (i = 0; i < 8; i++)
{
PRINTF("Round: %d\r\n", i);
uint32_t X1[12], Y1[12];
uint32_t *X3 = &test_ecmulans[i][0];
uint32_t *Y3 = &test_ecmulans[i][12];
CASPER_ECC_SECP384R1_Mul(CASPER, X1, Y1, &test_ecmulans[0][0], &test_ecmulans[0][12], test_ecmulscalar[i]);
CASPER_ECC_equal(&m1, X1, X3);
CASPER_ECC_equal(&m2, Y1, Y3);
if (m1 != 0 || m2 != 0)
{
errors++;
}
}
if (errors != 0)
{
PRINTF("Not all EC scalar multipication tests were succesfull.\r\n");
PRINTF("%d / 8 tests failed.\r\n", errors);
}
else
{
PRINTF("All EC scalar multiplication tests were succesfull.\r\n");
}
}
/* End code to test elliptic curve scalar multiplication. */
/* Begin code to test elliptic curve double scalar multiplication. */
{
int i;
int m1, m2;
int errors = 0;
uint32_t c3[NUM_LIMBS], c4[NUM_LIMBS];
for (i = 0; i < 8; i++)
{
PRINTF("Round: %d\r\n", i);
uint32_t *c1 = &test_ecddoublemul_result[i][0];
uint32_t *c2 = &test_ecddoublemul_result[i][NUM_LIMBS];
CASPER_ECC_SECP384R1_MulAdd(CASPER, c3, c4, &test_ecddoublemul_base[0][0],
&test_ecddoublemul_base[0][NUM_LIMBS], &test_ecddoublemul_scalars[i][0],
&test_ecddoublemul_base[1][0], &test_ecddoublemul_base[1][NUM_LIMBS],
&test_ecddoublemul_scalars[i][NUM_LIMBS]);
CASPER_ECC_equal(&m1, c3, c1);
CASPER_ECC_equal(&m2, c4, c2);
if (m1 != 0 || m2 != 0)
{
errors++;
}
}
if (errors != 0)
{
PRINTF("Not all EC double scalar multipication tests were succesfull.\r\n");
PRINTF("%d / 128 tests failed.\r\n", errors);
}
else
{
PRINTF("All EC double scalar multiplication tests were succesfull.\r\n");
}
}
/* End code to test elliptic curve scalar multiplication. */
#endif
/* Deinitialize CASPER */
CASPER_Deinit(CASPER);
while (1)
{
}
}
Hi @xiangjun_rong !
Yes situation with P256/384 are clear. But nowadays P-521 is minimal requirement quite often.
CASPER has potential for be used for partial acceleration of it.
And it is quite important to understand if it going to be utilized in nearest feature.
OR software calculations of P-521 will be used for this MCU forever.
Regards,
Eugene
Hi, Eugene,
We have implemented the 512 bits ECC in both software implementation and CASPER implementation.
I suggest you refer to the application note an12445.pdf located at:
https://www.nxp.com.cn/docs/en/application-note/AN12445.pdf
The SDK package for LPC55S69 has mbedTLS example.BR
BR
XiangJun Rong
Hello !
But in both cases you have pure SW implementation.
Only P256/384 cases are accelerated.
Can CASPER be used at list partially for P-521 already ?
Regards,
Eugene
Hi, Eugene,
I am sorry, you are right, the _mbed-crypto_benchmark example is implemented with pure software, the hardware CASPER accelerator is not used.
I have asked the AE team, the 512 bits ECC algorithms based on CASPER has been developing, it is estimated it can be released at the end of this year, but we do not guarantee, because it is dependent on the priority of the task.
BR
Xiangjun Rong