RSA algorithm

Using Arduino Programming Questions
1

Good afternoon,

I'm develloping a system that need cryptographic functions. So I would like to know if anybody has a RSA library.

THX

2

Didn't do much searching, did you?

3

Yes I do and i found some in C++ but convert that to arduino is a big big trouble. So can somebody help me?

4

naf18:
Yes I do

I don't think you did. If you had Googled for "arduino crypto" you would have found:

http://dangerousprototypes.com/2010/12/15/avr-crypto-library/

http://www.arduino.cc/cgi-bin/yabb2/YaBB.pl?num=1280431018/all
http://www.das-labor.org/wiki/AVR-Crypto-Lib/en

And numerous other hits that look to be worth investigating.

"RSA" includes a lot of stuff. What exactly do you want to do?

5

Yes I do and i found some in C++ but convert that to arduino is a big big trouble. So can somebody help me?

I said searching, as in searching the Arduino forum, not googling. Googling searches here and there and everywhere useless. Searching, on the other hand, is limited to the Arduino site, where there are a number of threads on the topic of RSA.

6

gardner:
"RSA" includes a lot of stuff.

All that you show me I already found but only the first link includes the RSA algorithm and as you said it includes a lot of stuff. It is for my master thesis and I need a really good cryptography function. So first i think in public-key cryptography then i choose RSA because it is a common algorithm. However the implementation is a little exhaustive and I'm not been succeed.

7

the implementation is a little exhaustive

When it comes to security, that's usually the best approach.

8

When choosing a crypto algorithm, keep in mind the very limited SRAM resources in a AVR chip. 2K for a 328 chip is not a lot to work with, esp for the algorithms that utilize block encoding/decoding.

Lefty

9

naf18:
...need cryptographic functions....RSA ...need a really good cryptography function...

Does it have to be public key? Are the programs at both ends of the network connection running in Arduino boards or is one end an Arduino and the other some workstation on a network? Or what? Are there any specific requirements for encryption and/or decryption speed?

I would be really interested (and pleasantly surprised) to learn that any significant RSA functionality can be implemented (at what speed) on any kind of Arduino. The "lot of stuff" in the various RSA libraries that I have glanced at (including C code in libtomcrypt and C++ code in cryptoplusplus) involve multiple-precision (in some cases arbitrary-precision) integer arithmetic. The libraries that I have glanced at make frequent and copious use of dynamic memory allocation so, just looking at the code, I can't get a feel for how much RAM would be involved. See Footnote [1]:

However...

Other algorithms (symmetric-key block ciphers like AES) are definitely implementable on small processors. I haven't tried AES (or any other serious kind of encryption) on any of my "toy" Arduino projects, but I have used the public-domain XTEA algorithm in wireless network applications using rather modest (small, cheap) processors like the Renesas RF211B4 with 16 K Bytes of Program Memory and 1 K Bytes of RAM. The encryption/decryption part of the program represented a very small percentage of the time and memory requirements of the application code. It's really small. What, exactly, are your requirements?

So: Instead of claiming that any approach that I might consider is "really good," I might ask , "How good is "good enough?" In particular (and in addition to robustness of the cipher itself) a major consideration is key management. That's where many schemes break down. How do the different network elements learn what key to use in order to join the network? If they can be configured off-line (maybe when they are programmed, but in any case not over the network), it might not be a problem. If, on the other hand, you have to convey a key to a remote element when it first wants to join the network, then...

Regards,

Dave

Footnotes:
[1]
[/begin Editorial Comment]
I am very leery of the use of dynamic memory allocation of any kind in C (or C++) based embedded applications like Arduino stuff because of the ever-present possibility of unrecoverable heap memory fragmentation after an unpredictable amount of operation. That's where there is actually enough unallocated memory on the heap but not enough contiguous memory to grant a request.
[/end Editorial Comment]

That's just an opinion. My opinion. It's worth exactly as much as you want it to be worth.

[2]
When it comes to encryption, there are two important security rules:

  1. Don't tell everything you know.
10

I'm develloping a system that need cryptographic functions.

Can you tell more about the system and why it needs crypto? Maybe there are other solutions.