Page d'accueil

Benchmarking threshold signatures on embedded platforms

Ensuring security in the so-called Internet of Things (IoT) is a tricky challenge. A typical IoT application usually comprises a large number of interconnected "Things" which additionally connect to a remote cloud, which translates to a large attack surface. The security of the Things must not be underestimated, as evidenced by the large number of recent attacks.

Securing the Things is especially difficult because of a tension between the need to keep their cost low and the fact that they are often exposed to physical attacks. Threshold cryptography provides variants of regular cryptographic primitives such that t of the parties are needed to evaluate the primitive. This means that if an attacker recovers (t-1) or fewer shares of the key, the key is still secure. This has the advantage of reducing the dependency on the security of the hardware.

The goal of this work was therefore to evaluate existing threshold signature schemes to determine if threshold signature would be a viable solution for embedded devices and, if possible, select the best one for the customer use case.

We first established a detailed state-of-the-art comparison between different schemes by taking into account multiple criteria such as the keys and signature size, the number of round and the paper's respective benchmarks. We then selected a set of schemes that were theoretically the best, BLS, FROST and ECDSA, and looked for existing implementation with permissive license that would work on a nRF52840 board, or implemented our own if no fitting implementation was available.

We have achieved two implementations based on existing, well recognized and audited libraries. Surprisingly, one was in practice better than the other on all aspects. A third very promising scheme should be tested after this work: even though it may not outmatch the current best, it is a lot more popular and has been used for a longer time which would facilitate its adoption.