### Abstract:

In this paper, we report the results of a comprehensive study of the security level versus the execution performance (and resource requirements) for hardware implementations of small elliptic curves, particularly targeted for lightweight applications, such as RFID tags and sensor nodes. The case study was performed for small elliptic curves (41–163 bits) over GF(2m2m), where finite field elements are represented using polynomial and Gaussian normal bases. The idea behind using elliptic curves in this range is that we obtain small implementations suitable for the mentioned applications, however, this would be at the cost of less security since the Elliptic Curve Discrete Logarithm Problem (ECDLP) would be easier to break, i.e., would require fewer resources and less time for such small curves. Therefore, one must investigate both sides of the coin: first, hardware resources to implement such elliptic curves and the resulting total execution time for a single point multiplication; second, hardware resources to break such a curve and the resulting cost in terms of a defined metric, such as the total amount devices or dollars to solve the ECDLP in a given time duration. Following this reasoning, we studied the hardware (FPGA) implementations of small elliptic curves and determined the amount of resources (number of ALUTs, MEMs, REGs, the duration of clock, the total number of clock cycles and the total execution time) needed for a single point multiplication operation. We also studied the security level of each one of these curves, based on an attack model an associated cost metric. Under our proposed attack model, which we believe is very innovative; we considered three different platforms, namely PC, FPGA, and cloud computing. Due to the complexity of Cloud Computing configurations, we considered two different performance instances, namely, small (low budget) and high performance (relatively high budget). We then calculated the amount of resources and the total amount of dollars needed to solve each particular ECDLP, under different assumptions. We believe the results of our study will allow designers to select the appropriate curve for each application and the device, based on the perceived (or real) threat models that device is operating and the performance requirements of the elliptic curve protocol, such as ECDH, ECDH, or ECIES.