Eclipses logo

Many business cases and user experiences could be improved or made more profitable if specific ECC-supporting hardware existed that would speedup security protocols by an order of magnitude at minimal cost. The main purpose of Eclipses is to accelerate progress towards such hardware solutions and subsequently boost low-cost public-key and pairing-based cryptography in embedded secure applications.

Who can I contact?

Dr. Matthieu Rivain

Matthieu Rivain, PhD

COO, Senior Security Expert


4 Partners

Related technology

Embedded Cryptographic Libraries

Give us the instruction set of your microcontroller and we do the rest.

We have more than 16 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software can be declined on a variety of hardware platforms and support standard and advanced cryptographic algorithms.


Related service

Cryptographic Protocols

Security by design is not an abstract concept.

Beware of alleged "military grade secure" products. It is one thing to use AES-256 or RSA-4096, using it correctly is a different kettle of fish.
We can help you build innovative products that require any standard or advanced cryptographic tools, such as elliptic curves, identity-based encryption, anonymous signatures, e-cash, DRM, Pay-TV and many others.


Related research projects


Exploring the reverse-engineering taboo.

The goal of the MARSHAL project is to design and realize a mobile security object that withstands all known reverse-engineering attacks by means of software and hardware countermeasures.



Formally proving that your crypto libs are side-channel resistant.

The PRINCE research project addresses the challenge of building leakage-resilient primitives and leakage-resilient implementations for standard algorithms. Through an appropriate security modelling, the embedded security industry has never been closer to fill in the gap between empirically secure cryptographic implementations and built-in, provably perfect resistance against side-channels.


Recent years have witnessed the emergence of public-key cryptography based on elliptic curves, as an alternative to the well-known RSA cryptosystem. Elliptic-Curve Cryptography (ECC) supports public-key encryption (Elliptic Curve ElGamal), digital signatures (ECDSA), key establishment protocols (EC Diffie-Hellman), etc. and has been normalized through a series of industrial standards. Secure applications which require a high level of security do not consider RSA as an acceptable cryptosystem any longer, mainly due to the lack of performance that hardware and software implementations present with respect to large keys (2048-bit RSA is equivalent to elliptic curves based on 384-bit prime fields), as illustrated by NIST’s recent Suite B (announced in 2005) which completely excludes RSA. Adopted by the National Security Agency (NSA) for government communications, ECC provides the most security per bit of any known public-key scheme. The growing need for ECC, wherein keys and signatures are much shorter, is a natural technological trend opening the way to faster public-key implementations and is intended to compensate the announced obsolescence of RSA. Furthermore, the recent appearance of bilinear maps (aka pairings, a primitive elliptic-curve operation with no RSA equivalent) in cryptography and their increasing popularity (see below) confirms the inherent superiority and versatility of elliptic curves as the natural mathematical ground and foundation for cryptographic applications in near to long-term future.

Secure embedded systems, however, continue to heavily rely on RSA-dedicated cryptoprocessors by taking advantage of the hardware-based modular arithmetic operations they provide to support ECC on prime fields when necessary. Although this may lead to seemingly acceptable implementations, this is inappropriate for a number of reasons:

  1. RSA-dedicated coprocessors work on very large operands (much larger than what elliptic curve operations actually require), thereby leading to a dramatic waste of specific memory, logic gates, surface and power consumption,
  2. All types of curves are not supported, typically curves defined over binary fields,
  3. Operations on the curve, typically point addition, doubling or halving, etc. are necessarily coded in software based on native operations, thus wasting execution time and code size, whereas the cryptoprocessor could advantageously be redesigned to natively support these operations
  4. Implementations of pairings (such as IBCS#1 based on the Tate pairing) yield unacceptably poor performances on embedded systems.


ECLIPSES is meant to address all these limitations by providing a groundbreaking design for an elliptic-curve hardware coprocessor which exactly fits the computational needs of ECC-based cryptosystems: basic point operations, scalar multiplication and hardware-supported pairing computations on the widest range of elliptic curves. The ECLIPSES cryptoprocessor shall inherently and transparently resist the most advanced techniques of side-channel analysis and fault-based attacks while reaching unprecedented throughputs with a minimal number of gates, thus opening the way to a new generation of ECC-supporting cryptographic platforms and promoting (the switch from RSA to) a wide adoption of Elliptic Curve Cryptography on the security marketplace.

ECLIPSES requires strong theoretical investigations and targets the development of an experimental prototype but overall remains essentially oriented towards industrial research.