Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS)
|
|
- Irene Shaw
- 5 years ago
- Views:
Transcription
1 Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Viet Dang and Kris Gaj ECE Department George Mason University Fairfax, VA, USA
2 Introduction to DAGS The first KEM using quasi-dyadic approach for Generalized Srivastava codes Achieve IND-CCA security by applying recent framework in Hofheinz et al. Shortish public and private keys Relatively efficient encapsulation and decapsulation algorithm 2
3 DAGS Sizes Parameter Set Public Key Size (in bytes) Private Key Size (in bytes) Ciphertext Size (in bytes) DAGS_1 6,760 2, DAGS_3 8,448 3, DAGS_5 11,616 6,336 1,616 3
4 DAGS Key Encapsulation Mechanism Alice Bob KEM.KeyGen (sk,pk) pk C KEM.Encaps(pk) (K,C) KEM.Decaps(sk) K Shared Key := K 4
5 Design Methodology Optimization for speed Minimum latency Maximum number of operations per second Key generation performed externally, e.g., in software No countermeasures against side-channel attacks Full compliance with the latest DAGS specification Single module for both Encapsulation and Decapsulation 5
6 GMU Hardware API 6
7 Design Methodology Language: VHDL Approach: Manual design based on specification & reference software implementation Verification: Simulation using test vectors generated using reference software implementation Simulator: Vivado Simulator Synthesis & Implementation: Vivado ver Target: FPGA Family: Xilinx Kintex-7 UltraSCALE Device: XCKU035-FFVA1156 Technology: 20nm CMOS FPGA Tool Option Optimization: Minerva (developed by GMU) 7
8 DAGS parameters Description DAGS_3 DAGS_5 n Code length k Code dimension w Number of errors l Shared secret length F q Base Field/ Subfield F 2 6 F 2 6 F q m Extension Field F 2 12 F
9 Multiplication in Extension Field Reduce extension field multiplication to base field multiplication p, q ε GF 2 12, a 1, b 1, a 2, b 2 ε GF 2 6 ቊ p = a 1x + b 1 q = a 2 x + b 2 p q = a 1 x + b 1 a 2 x + b 2 mod x 2 + α 65 x + α 65 = = x a 1 a 2 α 65 + a 1 b 2 + a 2 b 1 + a 1 a 2 α 65 + b 1 b 2 α 65 = γ a primitive element in base field 9
10 Multiplication in Extension Field p q = x a 1 a 2 α 65 + a 1 b 2 + a 2 b 1 + a 1 a 2 α 65 + b 1 b 2 Resources used: 4 MUL, 1 CMUL, 3 ADD Critical path: 1 MUL + 1 CMUL + 1 ADD 10
11 Direct Inversion in Extension Field Direct inversion: reduces extension field inversion to subfield inversion. p, q ε GF 2 12, a 1, b 1, a 2, b 2 ε GF 2 6 q = p 1 ቊ p = a 1x + b 1 q = a 2 x + b 2 p q = a 1 x + b 1 a 2 x + b 2 mod x 2 + α 65 x + α 65 = 1 a 2 = a 1 α 65 a b 1 α 65 a 1 + b 1 1 b 2 = (α 65 a 1 + b 1 ) α 65 a b 1 α 65 a 1 + b
12 Direct Inversion in Extension Field a 2 = a 1 α 65 a b 1 α 65 a 1 + b 1 1 b 2 = (α 65 a 1 + b 1 ) α 65 a b 1 α 65 a 1 + b 1 1 Resources used: 1 INV, 3 MUL, 1 CMUL, 2 ADD Critical path: 1 CMUL + 1 ADD +1 MUL + 1 ADD + 1 INV + 1 MUL 12
13 Encapsulation K k Shared Key l bytes RAND k k k k G H k k k k Error Gen k n + n n n+k DAGS_3 DAGS_5 n k k k w l G, H SHA-3 Extendable Output Function K SHA3-512 hash function 13
14 Generator Matrix G pub 14
15 G pub generator DAGS_3 DAGS_5 n s k ME: Matrix Expander 15
16 Dyadic Matrix Example M i j = S[i j] S = {S 0, S 1, S 2, S 3, S 4, S 5, S 6, S[7]} M = S 0 S 1 S 2 S 3 S 4 S 5 S 6 S[7] S 1 S 0 S 3 S 2 S 5 S 4 S 7 S[6] S 2 S 3 S 0 S 1 S 6 S 7 S 4 S[5] S 3 S 2 S 1 S 0 S 7 S 6 S 5 S[4] S 4 S 5 S 6 S 7 S 0 S 1 S 2 S[3] S 5 S 4 S 7 S 6 S 1 S 0 S 3 S[2] S 6 S 7 S 4 S 4 S 2 S 3 S 0 S[1] S 7 S 6 S 5 S 5 S 3 S 2 S 1 S[0] 16
17 Dyadic Matrix Expander Example In: {S 0, S 1, S 2, S 3, S 4, S 5, S 6, S[7]} Out: {S 2, S 3, S 0, S 1, S 6, S 7, S 4, S 5 } 17
18 Error Generation DAGS_3 DAGS_5 n k w L SHA-3 Extendable Output Function 18
19 Error Generator 19
20 Extendable-Output Function SHAKE: based on Keccak hash function Generalization of a cryptographic hash function with arbitrary output length. Modified Basic Iterative with Padding Design from GMU. 20
21 Decapsulation DAGS_3 DAGS_5 n k k k w l G, H SHA-3 Extendable Output Function K SHA3-512 hash function 21
22 Alternant Decoding Calculate syndrome polynomial S z from ciphertext and 2 vectors (Y and V) from private key Apply Extended Euclidean Algorithm to solve key equation, get σ z, ω(z) Evaluate σ z to get error position Evaluate ω(z) to get error value 22
23 Private Key Y = y 0 y 1 y 2 y n 1 V = v 0 v 1 v 2 v n 1 H = v 0 v 1 v n 1 2 v 0 2 v 1 2 v n 1 st 1 v 0 st 1 v 1 st 1 v n 1 y y y n 1 DAGS_3 DAGS_5 n s t
24 Syndrome Calculation S = H c = v 0 v 1 v n 1 2 v 0 2 v 1 2 v n 1 st 1 v 0 st 1 v 1 st 1 v n 1 y y y n 1 c 0 c 1 c 2 c n 1 S = s 0 s 1 s 2 s st 1 = σ n 1 i=0 y i c i σ n 1 i=0 y i c i v i n 1 2 y i c i v i σ i=0 n 1 st 1 y i c i v i σ i=0 S x = s st 1 z st 1 + s st 2 z st s 2 z 2 + s 1 z + s 0 24
25 Syndrome Calculation S = s 0 s 1 s 2 s st 1 = n 1 y i c i σ i=0 σ n 1 i=0 y i c i v i n 1 2 y i c i v i σ i=0 n 1 st 1 y i c i v i σ i=0 DAGS_3 DAGS_5 n s t
26 Solving key equation Find σ z : error locator polynominal ω z : error evaluator polynomial Key Equation: r z = S z u z mod z st with deg(r z ) st Calculate σ z = δ r z 2 and deg(u z ) st and ω (z) = δ u z 2 1 with st 2 = w with δ = r 0 = r 0 DAGS_3 DAGS_5 w s t
27 Extended Euclidean Algorithm q i z = r i 1 r i z z r i+1 z = r i 1 z + q i z r i z u i+1 z = u i 1 z + q i z u i z Termination: i q(z) r(z) u(z) 2 r 2 x = z st u 2 z = 0 1 deg(r i 1 z ) st q 1 x = zst S z 2 r 1 z = S(z) u 1 z = 1 0 q 0 (z) r 0 z u 0 (z) and deg(r i (z)) st 2 1 with st 2 = w 27
28 Polynomial Division = deg(r i 1 z ) deg(r i z ) t z = ldcoeff r i 1 z ldcoeff r i z 1 r i 1 z = r i 1 z + r i z t(z) 28
29 Polynomial Multiplication u i 1 z = u i 1 z + u i (z) q i,j z j 29
30 Polynomial Evaluation Root Finding Apply Chien search to evaluate σ x and ω(x) σ z = σ 0 + σ 1 z + σ 2 z σ st/2 z st/2 σ α i = σ 0 + σ 1 (α i ) + σ 2 (α i ) σ st/2 (α i ) st/2 = γ i,0 + γ i,1 + γ i,2 + + γ i,st/2 σ α i+1 = σ 0 + σ 1 (α i+1 ) + σ 2 (α i+1 ) σ st/2 (α i+1 ) st/2 = σ 0 + σ 1 α i α + σ 2 (α i ) 2 α σ st/2 (α i ) st/2 α st/2 = γ i,0 + γ i,1 α + γ i,2 α γ i,st/2 α st/2 30
31 Polynomial Evaluation Root Finding Chien search 31
32 Get Error Position and Value Error locator polynomial: st/2 σ z = (1 L i z) i=1 Evaluate error evaluator polynomial and get error value: ErrVal i = 1 ω V i Y i ς j i (1 V j V 1 i ) (i and j in range (0 to st/2)) 32
33 Tentative Result for DAGS_3 Software Hardware Speed Up Encapsulation 8,419,526 ns 78,318 ns Decapsulation 70,803,320 ns 1,034,085 ns 68.5 Software: Processor x64 Intel core with 16GiB of RAM compiled with GCC version Hardware: maximum frequency 43.2 MHz. 33
34 Timing Analysis of Encapsulation 34
35 Timing Analysis of Decapsulation 76.1 % 35
36 Implementation Results DAGS_3 Algorithm LUTs FFs Block Rams DAGS_3 189,213 (70.3%) 99,210 (16.0%) 3 Blocks LUTS FFs Block Rams Encoder/Decoder 142,724 65,002 2 Error Gen 17,069 17,058 1 Matrix Gen 20,453 4,
37 Conclusions First hardware implementation of DAGS scheme Fully compliant with the PQC Hardware API Hardware vs Software speed up of times for encapsulation and 68.5 times for decapsulation Needs improvement in maximum clock frequency and area Needs to be constant-time Our VHDL code will soon be made available as open-source 37
38 Acknowledgments Owners, inventors, developers and submitters of DAGS Gustavo Banegas 1, Paulo S. L. M. Barreto 2, Brice Odilon Boidje 3, Pierre Louis Cayrel 4, Gilbert Ndollane Dione 3, Kris Gaj 7, Cheikh Thiécoumba Gueye 3, Richard Haeussler 7, Jean Belo Klamti 3, Ousmane N diaye 3, Duc Tri Nguyen 7, Edoardo Persichetti 5, and Jefferson E. Ricardini 6 1 Technische Universiteit Eindhoven, The Netherlands 2 University of Washington Tacoma, USA 3 Université Cheikh Anta Diop, Dakar, Senegal 4 Laboratoire Hubert Curien, Saint Etienne, France 5 Florida Atlantic University, USA 6 Universidade de São Paulo, Brazil 7 George Mason University, USA Dr.Patrick Baier 38
39 Thank you! Questions? 39
Code-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June 4th 2013 Pierre-Louis CAYREL
More informationLessons Learned from High-Speed Implementa6on and Benchmarking of Two Post-Quantum Public-Key Cryptosystems
Lessons Learned from High-Speed Implementa6on and Benchmarking of Two Post-Quantum Public-Key Cryptosystems Malik Umar Sharif, Ahmed Ferozpuri, and Kris Gaj George Mason University USA Partially supported
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationHardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols
Hardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols Moncef Amara University of Paris 8 LAGA laboratory Saint-Denis / France Amar Siad University of Paris 8 LAGA
More informationFPGA-based Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1. Yale University, USA 2. Fraunhofer Institute SIT, Germany April 9, 2018 PQCrypto 2018
More informationarxiv: v2 [cs.cr] 14 Feb 2018
Code-based Key Encapsulation from McEliece s Cryptosystem Edoardo Persichetti arxiv:1706.06306v2 [cs.cr] 14 Feb 2018 Florida Atlantic University Abstract. In this paper we show that it is possible to extend
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationMcBits: Fast code-based cryptography
McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography
More informationFPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256
IMES FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256 Dorian Amiet 1, Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule für Technik, Rapperswil, Switzerland 2 Securosys SA, Zürich,
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography J.-L. Beuchat 1 N. Brisebarre 2 J. Detrey 3 E. Okamoto 1 1 University of Tsukuba, Japan 2 École Normale Supérieure de Lyon, France 3 Cosec, b-it, Bonn,
More informationCode-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr 16 Novembre 2011 Pierre-Louis
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
Cryptographie basée sur les correcteurs d erreurs et arithmétique with with with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France
More informationDAGS: Key Encapsulation using Dyadic GS Codes
DAGS: Key Encapsulation using Dyadic GS Codes Anonymized for Submission Abstract. Code-based Cryptography is one of the main areas of interest for the Post-Quantum Cryptography Standardization call. In
More information1 Reed Solomon Decoder Final Project. Group 3 Abhinav Agarwal S Branavan Grant Elliott. 14 th May 2007
1 Reed Solomon Decoder 6.375 Final Project Group 3 Abhinav Agarwal S Branavan Grant Elliott 14 th May 2007 2 Outline Error Correcting Codes Mathematical Foundation of Reed Solomon Codes Decoder Architecture
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationA Parallel Method for the Computation of Matrix Exponential based on Truncated Neumann Series
A Parallel Method for the Computation of Matrix Exponential based on Truncated Neumann Series V. S. Dimitrov 12, V. Ariyarathna 3, D. F. G. Coelho 1, L. Rakai 1, A. Madanayake 3, R. J. Cintra 4 1 ECE Department,
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1
More informationOn the Use of Masking to Defeat Power-Analysis Attacks
1/32 On the Use of Masking to Defeat Power-Analysis Attacks ENS Paris Crypto Day February 16, 2016 Presented by Sonia Belaïd Outline Power-Analysis Attacks Masking Countermeasure Leakage Models Security
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationAn efficient structural attack on NIST submission DAGS
An efficient structural attack on NIST submission DAGS Élise Barelli 1 and Alain Couvreur 1 1 INRIA & LIX, CNRS UMR 7161 École polytechnique, 91128 Palaiseau Cedex, France Abstract We present an efficient
More informationA Smart Card Implementation of the McEliece PKC
A Smart Card Implementation of the McEliece PKC Falko Strenzke 1 1 FlexSecure GmbH, Germany, strenzke@flexsecure.de 2 Cryptography and Computeralgebra, Department of Computer Science, Technische Universität
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationDifferential Fault Attacks on Deterministic Lattice Signatures
S C I E N C E P A S S I O N T E C H N O L O G Y Differential Fault Attacks on Deterministic Lattice Signatures Leon Groot Bruinderink 1, Peter Pessl 2 1 Technische Universiteit Eindhoven, 2 Graz University
More informationClassic McEliece vs. NTS-KEM
Classic McEliece vs. NTS-KEM Classic McEliece Comparison Task Force 2018.06.29 Contents 1 Introduction 2 2 Ciphertext size: identical 3 3 Ciphertext details: Classic McEliece is better 4 4 Patent status:
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationReport on Learning with Errors over Rings-based HILA5 and its CCA Security
Report on Learning with Errors over Rings-based HILA5 and its CCA Security Jesús Antonio Soto Velázquez January 24, 2018 Abstract HILA5 is a cryptographic primitive based on lattices that was submitted
More informationRecent progress in code-based cryptography
Recent progress in code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June, 21st
More informationPresentation of Normal Bases
Presentation of Normal Bases Mohamadou Sall mohamadou1.sall@ucad.edu.sn University Cheikh Anta Diop, Dakar (Senegal) Pole of Research in Mathematics and their Applications in Information Security (PRMAIS)
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationFPGA accelerated multipliers over binary composite fields constructed via low hamming weight irreducible polynomials
FPGA accelerated multipliers over binary composite fields constructed via low hamming weight irreducible polynomials C. Shu, S. Kwon and K. Gaj Abstract: The efficient design of digit-serial multipliers
More informationHILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction
HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction Daniel J. Bernstein 1 Leon Groot Bruinderink 2 Tanja Lange 2 Lorenz Panny 2 1 University of Illinois at Chicago 2
More informationMCELIECE [1] is the oldest post-quantum public key
1 BLAKE-512 Based 128-bit CCA2 Secure Timing Attack Resistant McEliece Cryptoprocessor Santosh Ghosh and Ingrid Verbauwhede, Senior Member, IEEE {firstname.lastname}@esat.kuleuven.be Abstract This paper
More informationElliptic Curve Group Core Specification. Author: Homer Hsing
Elliptic Curve Group Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 March 4, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Revision History Rev.
More information2. Accelerated Computations
2. Accelerated Computations 2.1. Bent Function Enumeration by a Circular Pipeline Implemented on an FPGA Stuart W. Schneider Jon T. Butler 2.1.1. Background A naive approach to encoding a plaintext message
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationAnalysis of cryptographic hash functions
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share
More informationKeccak. Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1
Keccak Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors 17th Workshop on Elliptic Curve Cryptography Leuven, Belgium, September 17th, 2013 1
More informationAURORA: A Cryptographic Hash Algorithm Family
AURORA: A Cryptographic Hash Algorithm Family Submitters: Sony Corporation 1 and Nagoya University 2 Algorithm Designers: Tetsu Iwata 2, Kyoji Shibutani 1, Taizo Shirai 1, Shiho Moriai 1, Toru Akishita
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationFPGA-based Key Generator for the Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Key Generator for the Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1 Yale University, New Haven, CT, USA {wen.wang.ww349, jakub.szefer}@yale.edu
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationTate Bilinear Pairing Core Specification. Author: Homer Hsing
Tate Bilinear Pairing Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 March 4, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Revision History Rev.
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationSimplification of Procedure for Decoding Reed- Solomon Codes Using Various Algorithms: An Introductory Survey
2014 IJEDR Volume 2, Issue 1 ISSN: 2321-9939 Simplification of Procedure for Decoding Reed- Solomon Codes Using Various Algorithms: An Introductory Survey 1 Vivek Tilavat, 2 Dr.Yagnesh Shukla 1 PG Student,
More informationFormal Verification of Masked Implementations
Formal Verification of Masked Implementations Sonia Belaïd Benjamin Grégoire CHES 2018 - Tutorial September 9th 2018 1 / 47 1 Side-Channel Attacks and Masking 2 Formal Tools for Verification at Fixed Order
More informationImproved Parameters for the Ring-TESLA Digital Signature Scheme
Improved Parameters for the Ring-TESLA Digital Signature Scheme Arjun Chopra Abstract Akleylek et al. have proposed Ring-TESLA, a practical and efficient digital signature scheme based on the Ring Learning
More informationImproved Timing Attacks against the Secret Permutation in the McEliece PKC
INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL ISSN 1841-9836, 1(1):7-5, February 017. Improved Timing Attacks against the Secret Permutation in the McEliece PKC D. Bucerzan, P.L. Cayrel,
More informationImplementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware
Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware Kris Gaj Soonhak Kwon Patrick Baier Paul Kohlbrenner Hoang Le Khaleeluddin Mohammed Ramakrishna Bachimanchi George Mason University
More informationTitanium: Post-Quantum Lattice-Based Public-Key Encryption balancing Security Risk and Practicality
Titanium: Post-Quantum Lattice-Based Public-Key Encryption balancing Security Risk and Practicality Ron Steinfeld, Amin Sakzad, Raymond K. Zhao Monash University ron.steinfeld@monash.edu Ron Steinfeld
More informationLeakage Resilient ElGamal Encryption
Asiacrypt 2010, December 9th, Singapore Outline 1 Hybrid Encryption, the KEM/DEM framework 2 ElGamal KEM 3 Leakage Resilient Crypto Why? How? Other models? 4 Leakage Resilient ElGamal CCA1 secure KEM (Key
More informationFormal Verification of Side-Channel Countermeasures
Formal Verification of Side-Channel Countermeasures Sonia Belaïd June 5th 2018 1 / 35 1 Side-Channel Attacks 2 Masking 3 Formal Tools Verification of Masked Implementations at Fixed Order Verification
More informationSupersingular Isogeny Key Encapsulation
Supersingular Isogeny Key Encapsulation Presented by David Jao University of Waterloo and evolutionq, Inc. Full list of submitters: Reza Azarderakhsh, FAU Matt Campagna, Amazon Craig Costello, MSR Luca
More informationChapter 7: Signature Schemes. COMP Lih-Yuan Deng
Chapter 7: Signature Schemes COMP 7120-8120 Lih-Yuan Deng lihdeng@memphis.edu Overview Introduction Security requirements for signature schemes ElGamal signature scheme Variants of ElGamal signature scheme
More informationFrom 5-pass MQ-based identification to MQ-based signatures
From 5-pass MQ-based identification to MQ-based signatures Ming-Shing Chen 1,2, Andreas Hülsing 3, Joost Rijneveld 4, Simona Samardjiska 5, Peter Schwabe 4 National Taiwan University 1 / Academia Sinica
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationDigital Signatures. p1.
Digital Signatures p1. Digital Signatures Digital signature is the same as MAC except that the tag (signature) is produced using the secret key of a public-key cryptosystem. Message m MAC k (m) Message
More informationOn the Impossibility of Constructing Efficient KEMs and Programmable Hash Functions in Prime Order Groups
On the Impossibility of Constructing Efficient KEMs and Programmable Hash Functions in Prime Order Groups Goichiro Hanaoka, Takahiro Matsuda, Jacob C.N. Schuldt Research Institute for Secure Systems (RISEC)
More informationWild McEliece Incognito
Wild McEliece Incognito Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Seminaire de Cryptographie Rennes April 1, 2011 Bad news Quantum computers
More informationHardware Architectures of Elliptic Curve Based Cryptosystems over Binary Fields
Hardware Architectures of Elliptic Curve Based Cryptosystems over Binary Fields Chang Shu Doctoral Dissertation Defense Feb. 8, 007 Advisor: Dr. Kris Gaj Dept. of Electrical & Computer Engineering George
More informationBIKE: Bit Flipping Key Encapsulation
BIKE: Bit Flipping Key Encapsulation Version 2 Nicolas Aragon, University of Limoges, France Paulo S. L. M. Barreto, University of Washington Tacoma, USA Slim Bettaieb, Worldline, France Loïc Bidoux, Worldline,
More informationQC-MDPC: A Timing Attack and a CCA2 KEM
QC-MDPC: A Timing Attack and a CCA2 KEM Edward Eaton 1, Matthieu Lequesne 23, Alex Parent 1, and Nicolas Sendrier 3 1 ISARA Corporation, Waterloo, Canada {ted.eaton,alex.parent}@isara.com 2 Sorbonne Universités,
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationGeneralized subspace subcodes with application in cryptology
1 Generalized subspace subcodes with application in cryptology Thierry P. BERGER, Cheikh Thiécoumba GUEYE and Jean Belo KLAMTI arxiv:1704.07882v1 [cs.cr] 25 Apr 2017 Cheikh Thiécoumba GUEYE and Jean Belo
More informationFrodoKEM Learning With Errors Key Encapsulation. Algorithm Specifications And Supporting Documentation
FrodoKEM Learning With Errors Key Encapsulation Algorithm Specifications And Supporting Documentation Erdem Alkim Joppe W. Bos Léo Ducas Patrick Longa Ilya Mironov Michael Naehrig Valeria Nikolaenko Chris
More informationCode-based Cryptography
a Hands-On Introduction Daniel Loebenberger Ηράκλειο, September 27, 2018 Post-Quantum Cryptography Various flavours: Lattice-based cryptography Hash-based cryptography Code-based
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationA New Identification Scheme Based on the Perceptrons Problem
Advances in Cryptology Proceedings of EUROCRYPT 95 (may 21 25, 1995, Saint-Malo, France) L.C. Guillou and J.-J. Quisquater, Eds. Springer-Verlag, LNCS 921, pages 319 328. A New Identification Scheme Based
More informationDual-Field Arithmetic Unit for GF(p) and GF(2 m ) *
Institute for Applied Information Processing and Communications Graz University of Technology Dual-Field Arithmetic Unit for GF(p) and GF(2 m ) * CHES 2002 Workshop on Cryptographic Hardware and Embedded
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
On Repeated Squarings in Binary Fields Kimmo Järvinen Helsinki University of Technology August 14, 2009 K. Järvinen On Repeated Squarings in Binary Fields 1/1 Introduction Repeated squaring Repeated squaring:
More informationReduced-Area Constant-Coefficient and Multiple-Constant Multipliers for Xilinx FPGAs with 6-Input LUTs
Article Reduced-Area Constant-Coefficient and Multiple-Constant Multipliers for Xilinx FPGAs with 6-Input LUTs E. George Walters III Department of Electrical and Computer Engineering, Penn State Erie,
More informationDIFFERENTIAL POWER ANALYSIS RESISTANCE IN-PRACTICE FOR HARDWARE IMPLEMENTATIONS OF THE KECCAK SPONGE FUNCTION. A Thesis.
DIFFERENTIAL POWER ANALYSIS RESISTANCE IN-PRACTICE FOR HARDWARE IMPLEMENTATIONS OF THE KECCAK SPONGE FUNCTION A Thesis presented to the Faculty of California Polytechnic State University, San Luis Obispo
More informationA Lattice-based AKE on ARM Cortex-M4
A Lattice-based AKE on ARM Cortex-M4 Julian Speith 1, Tobias Oder 1, Marcel Kneib 2, and Tim Güneysu 1,3 1 Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany {julian.speith,tobias.oder,tim.gueneysu}@rub.de
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationTestability. Shaahin Hessabi. Sharif University of Technology. Adapted from the presentation prepared by book authors.
Testability Lecture 6: Logic Simulation Shaahin Hessabi Department of Computer Engineering Sharif University of Technology Adapted from the presentation prepared by book authors Slide 1 of 27 Outline What
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationCoding Theory. Ruud Pellikaan MasterMath 2MMC30. Lecture 11.1 May
Coding Theory Ruud Pellikaan g.r.pellikaan@tue.nl MasterMath 2MMC30 /k Lecture 11.1 May 12-2016 Content lecture 11 2/31 In Lecture 8.2 we introduced the Key equation Now we introduce two algorithms which
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationLattice-Based Fault Attacks on RSA Signatures
Lattice-Based Fault Attacks on RSA Signatures Mehdi Tibouchi École normale supérieure Workshop on Applied Cryptography, Singapore, 2010-12-03 Gist of this talk Review a classical attack on RSA signatures
More informationSingular curve point decompression attack
Singular curve point decompression attack Peter Günther joint work with Johannes Blömer University of Paderborn FDTC 2015, September 13th, Saint Malo Peter Günther (UPB) Decompression Attack FDTC 2015
More informationAn Optimized Hardware Architecture of Montgomery Multiplication Algorithm
An Optimized Hardware Architecture of Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, and Tarek El-Ghazawi 1 1 The George Washington University, Washington, DC 20052,
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationImproving the Performance of the SYND Stream Cipher
Improving the Performance of the SYND Stream Cipher Mohammed Meziani, Gerhard Hoffmann and Pierre-Louis Cayrel AfricaCrypt 2012, July 10-12, Ifrane Morocco Backgrounds Previous Works XSYND Conclusion and
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationCBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions
CBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions Author: Markku-Juhani O. Saarinen Presented by: Jean-Philippe Aumasson CT-RSA '14, San Francisco, USA 26 February 2014 1 / 19 Sponge
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationHow to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions
Presentation Article presentation, for the ENS Lattice Based Crypto Workgroup http://www.di.ens.fr/~pnguyen/lbc.html, 30 September 2009 How to Use Short Basis : Trapdoors for http://www.cc.gatech.edu/~cpeikert/pubs/trap_lattice.pdf
More informationFrom NewHope to Kyber. Peter Schwabe April 7, 2017
From NewHope to Kyber Peter Schwabe peter@cryptojedi.org https://cryptojedi.org April 7, 2017 In the past, people have said, maybe it s 50 years away, it s a dream, maybe it ll happen sometime. I used
More information