Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography
|
|
- Hilary Morgan
- 5 years ago
- Views:
Transcription
1 Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography Angshuman Karmakar 1 Sujoy Sinha Roy 1 Frederik Vercauteren 1,2 Ingrid Verbauwhede 1 1 COSIC, ESAT KU Leuven and iminds 2 Open Security Research China WAIFI, 2016 Elsewhere) / 25
2 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results Elsewhere) / 25
3 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results Elsewhere) / 25
4 Introduction Classical cryptosystems Widely used public key cryptosystems and protocols are based on RSA and ECC. No known classical algorithm to solve them easily. Elsewhere) / 25
5 Classical cryptosystems Shor s 1 2 algorithm can solve them easily on quantum computers Research in this field is advancing rapidly. 1 Shor, Peter W., Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer 2 J. Proos and C. Zalka. Shor s discrete logarithm quantum algorithm for elliptic curves Elsewhere) / 25
6 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results Elsewhere) / 25
7 Post quantum cryptography We need post quantum cryptography schemes to provide privacy and security even in the presence of practical quantum computers. Many schemes proposed that is presumed to offer such security. I Lattice based cryptography. II Multivariate cryptography. III Hash-based cryptography. IV Code-based cryptography. V Supersingular elliptic curve isogeny cryptography Elsewhere) / 25
8 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results Elsewhere) / 25
9 Isogeny in Elliptic curves An Isogeny φ : E 1 E 2 is morphism between two elliptic curves (E 1 & E 2 ) Basepoint preserving i.e φ(o) O Was presumed a hard problem. First quantum secure cryptosystem based on this problem was proposed by Stolbunov et al. 3 Later Childs et.al showed this problem has sub-exponential quantum complexity. 4 3 Alexander Rostovtsev, Anton Stolbunov Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves 4 Andrew Childs, David Jao, and Vladimir Soukharev. Constructing elliptic curve isogenies in quantum subexponential time Elsewhere) / 25
10 Isogeny in Elliptic curves De Feo et. al(2011) proposed a new cryptosystem based on the hardness of computing isogenies 5 Used supersingular ellptic curves instead of ordinary elliptic curves. Complexity : 4 p on classical and 6 p on a quantum computer(p : characteristic of base field). 5 Luca De Feo, David Jao & Jerome Plut, Towards quantum resistant cryptosystems from supersingular elliptic curve Angshuman isogenies Karmakar, Sujoy Sinha Roy Frederik Efficient Vercauteren, Finite Field Ingrid Multiplication Verbauwhede for (Universities Isogeny Based ofpost Somewhere Quantum WAIFI, andcryptography 2016 Elsewhere) 10 / 25
11 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results 2016 Elsewhere) 11 / 25
12 Special prime structure Computation of isogney is a series of finite field operations over the base field. Efficient field arithmetic Faster isogeny computation The supersingular curves used in isogeny based cryptosystems are defined over F p 2 p = f 2 a 3 b 1, f is a small co-factor. And log 2 a log 3 b. In our case f = 2. Earlier methods used Montgomery reduction and Barrett reduction for efficient modular reduction. Unable to exploit the special structure of the characteristic prime. Fields defined over Mersenne prime or Pseudo-Mersenne primes offer very fast modular reduction due to their special structure. The possibility of exploiting the special structure of p is very intriguing Elsewhere) 12 / 25
13 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results 2016 Elsewhere) 13 / 25
14 Field element representation Representation of field elements are very crucial in our method. We take our prime p = 2 2 a 3 b 1 with b even and 2N bits. An element A F p is written as : A = a 1 2 a 3 b + a 2 2 a/2 3 b/2 + a 3 a 1 [0, 1] and a 2, a 3 [0, 2 a/2 3 b/2 ) Multiply A(a 1, a 2, a 3 ), B(b 1, b 2, b 3 ) F p Multiply a 2,3 with b 2,3 4 NxN multiplications. Product C = AxB = c 1 2 a 3 b + c 2 2 a/2 3 b/2 + c 3 Problem : c 2, c 3 [0, 2 a 3 b ) not compatible with our representation 2016 Elsewhere) 14 / 25
15 Efficient reduction Solution : We need to divide c 2,3 by 2 a/2 3 b/2 We used a modified Barrett division to perform these two divisions Elsewhere) 15 / 25
16 Efficient Reduction Modified Barrett division Division by 2 a/2 3 b/2 can be made efficient due to the special structure of the divisor. Fundamentally we have to perform Barrett division for 3 b/2 only. But we have to perform two of these Elsewhere) 16 / 25
17 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results 2016 Elsewhere) 17 / 25
18 Complexity Barrett Montgomery Ours Input Size 4N 4N 4N Reductions Multiplications 4N x 2N 2N x 2N 3N/2 x N 2N x 2N 4N x 2N N x N/2 (last 2N bits required) Total 12N 2 6N 2 4N 2 Table: Complexity comparison 2016 Elsewhere) 18 / 25
19 Parallelization Two Barrett divisions can be run in parallel. Figure: Serial and Parallel execution of Barrett divisions 2016 Elsewhere) 19 / 25
20 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results 2016 Elsewhere) 20 / 25
21 Hardware implementation Figure: Hardware Architecture 2016 Elsewhere) 21 / 25
22 Outline 1 Introduction Classical Cryptosystems Post-quantum cryptography 2 Isogeny Based Cryptography Isogeny in Elliptic curves Special prime structure 3 Efficient modular arithmetic Representation of field elements Comparison with other methods Hardware Implementation Results 2016 Elsewhere) 22 / 25
23 Results Proof of concept implementation Using C in a 32 bit multi-precision format. Time is measured on a core-i5 cpu running CentOS. 62% speed up in reduction and 43% speed up in modular multiplication. Operation running time (µ s) Normal multiplication Our Multiplication Table: Comparison of Our algorithm with normal Barrett reduction algorithm 2016 Elsewhere) 23 / 25
24 HW Results Target FPGA Virtex 6 FPGA xc6vcx240t-2ff784 Registers 11,924 LUTs 12,790 Frequency 31 MHz Cycles 236 Time 7.6 µs 2016 Elsewhere) 24 / 25
25 Thank you!!
Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography
Efficient Finite Field Multiplication for Isogeny Based Post Quantum Cryptography Angshuman Karmakar 1, Sujoy Sinha Roy 1, Frederik Vercauteren 1,2, and Ingrid Verbauwhede 1 1 KU Leuven ESAT/COSIC and
More informationCompact Ring LWE Cryptoprocessor
1 Compact Ring LWE Cryptoprocessor CHES 2014 Sujoy Sinha Roy 1, Frederik Vercauteren 1, Nele Mentens 1, Donald Donglong Chen 2 and Ingrid Verbauwhede 1 1 ESAT/COSIC and iminds, KU Leuven 2 Electronic Engineering,
More informationThe isogeny cycle seminar
The isogeny cycle seminar Luca De Feo Université de Versailles & Inria Saclay September 29, 2016, École Polytechnique Fédérale de Lausanne Elliptic curves Let E : y 2 = x 3 + ax + b be an elliptic curve...
More informationIsogenies in a quantum world
Isogenies in a quantum world David Jao University of Waterloo September 19, 2011 Summary of main results A. Childs, D. Jao, and V. Soukharev, arxiv:1012.4019 For ordinary isogenous elliptic curves of equal
More informationQuantum-resistant cryptography
Quantum-resistant cryptography Background: In quantum computers, states are represented as vectors in a Hilbert space. Quantum gates act on the space and allow us to manipulate quantum states with combination
More informationSide-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman
Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman Presenter: Reza Azarderakhsh CEECS Department and I-Sense, Florida Atlantic University razarderakhsh@fau.edu Paper by: Brian
More informationAn introduction to supersingular isogeny-based cryptography
An introduction to supersingular isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8, 2017 Šibenik, Croatia Towards quantum-resistant cryptosystems from supersingular
More informationFaster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
Faster F p -arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves Junfeng Fan, Frederik Vercauteren and Ingrid Verbauwhede Katholieke Universiteit Leuven, COSIC May 18, 2009 1 Outline What is
More informationSupersingular Isogeny Key Encapsulation
Supersingular Isogeny Key Encapsulation Presented by David Jao University of Waterloo and evolutionq, Inc. Full list of submitters: Reza Azarderakhsh, FAU Matt Campagna, Amazon Craig Costello, MSR Luca
More informationReprésentation RNS des nombres et calcul de couplages
Représentation RNS des nombres et calcul de couplages Sylvain Duquesne Université Rennes 1 Séminaire CCIS Grenoble, 7 Février 2013 Sylvain Duquesne (Rennes 1) RNS et couplages Grenoble, 07/02/13 1 / 29
More informationElliptic curve cryptography in a post-quantum world: the mathematics of isogeny-based cryptography
Elliptic curve cryptography in a post-quantum world: the mathematics of isogeny-based cryptography Andrew Sutherland MIT Undergraduate Mathematics Association November 29, 2018 Creating a shared secret
More informationSupersingular Isogeny Key Encapsulation (SIKE)
Supersingular Isogeny Key Encapsulation (SIKE) Reza Azarderakhsh Matthew Campagna Craig Costello Luca De Feo Basil Hess David Jao Brian Koziel Brian LaMacchia Patrick Longa Michael Naehrig Joost Renes
More informationCryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International
Cryptography in the Quantum Era Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International Postulate #1: Qubit state belongs to Hilbert space of dimension 2 ψ
More informationHardware implementations of ECC
Hardware implementations of ECC The University of Electro- Communications Introduction Public- key Cryptography (PKC) The most famous PKC is RSA and ECC Used for key agreement (Diffie- Hellman), digital
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationRing-LWE: Applications to cryptography and their efficient realization
Ring-LWE: Applications to cryptography and their efficient realization Sujoy Sinha Roy, Angshuman Karmakar, and Ingrid Verbauwhede ESAT/COSIC and iminds, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee,
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationOn hybrid SIDH schemes using Edwards and Montgomery curve arithmetic
On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic Michael Meyer 1,2, Steffen Reith 1, and Fabio Campos 1 1 Department of Computer Science, University of Applied Sciences Wiesbaden 2
More informationA quantum algorithm for computing isogenies between supersingular elliptic curves
A quantum algorithm for computing isogenies between supersingular elliptic curves Jean-François Biasse 1,2, David Jao 1, and Anirudh Sankar 1 1 Department of Combinatorics and Optimization 2 Institute
More informationhttps://www.microsoft.com/en-us/research/people/plonga/ Outline Motivation recap Isogeny-based cryptography The SIDH key exchange protocol The SIKE protocol Authenticated key exchange from supersingular
More informationLessons Learned from High-Speed Implementa6on and Benchmarking of Two Post-Quantum Public-Key Cryptosystems
Lessons Learned from High-Speed Implementa6on and Benchmarking of Two Post-Quantum Public-Key Cryptosystems Malik Umar Sharif, Ahmed Ferozpuri, and Kris Gaj George Mason University USA Partially supported
More informationPUBLIC-KEY cryptography (PKC), a concept introduced
1 Speeding Up Barrett and Montgomery Modular Multiplications Miroslav Knežević, Student Member, IEEE, Frederik Vercauteren, and Ingrid Verbauwhede, Senior Member, IEEE Abstract This paper proposes two
More informationPost-quantum security models for authenticated encryption
Post-quantum security models for authenticated encryption Vladimir Soukharev David R. Cheriton School of Computer Science February 24, 2016 Introduction Bellare and Namprempre in 2008, have shown that
More informationA brief survey on quantum computing
A brief survey on quantum computing Edward Poon University of Ottawa Edward Poon (Ottawa) A brief survey on quantum computing March 19, 2018 1 / 7 Outline Goal: Provide a high-level overview of what quantum
More informationFaster SeaSign signatures through improved rejection sampling
Faster SeaSign signatures through improved rejection sampling Thomas Decru 1, Lorenz Panny 2, and Frederik Vercauteren 1 thomas.decru@kuleuven.be, lorenz@yx7.cc, frederik.vercauteren@kuleuven.be 1 imec-cosic,
More informationA Post-Quantum Digital Signature Scheme based on Supersingular Isogenies
Post-Quantum Digital Signature Scheme based on Supersingular Isogenies by Youngho Yoo thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More informationArithmetic operators for pairing-based cryptography
7. Kryptotag November 9 th, 2007 Arithmetic operators for pairing-based cryptography Jérémie Detrey Cosec, B-IT, Bonn, Germany jdetrey@bit.uni-bonn.de Joint work with: Jean-Luc Beuchat Nicolas Brisebarre
More informationQuantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes
Quantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes Xavier Bonnetain 1,2 and André Schrottenloher 2 1 Sorbonne Université, Collège Doctoral, F-75005 Paris, France 2 Inria, France Abstract.
More informationFPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256
IMES FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256 Dorian Amiet 1, Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule für Technik, Rapperswil, Switzerland 2 Securosys SA, Zürich,
More informationLoop-abort faults on supersingular isogeny cryptosystems
Loop-abort faults on supersingular isogeny cryptosystems Alexandre Gélin Benjamin Wesolowski Laboratoire d Informatique de Paris 6 Sorbonne Universités UPMC, France École Polytechnique Fédérale de Lausanne,
More informationA gentle introduction to isogeny-based cryptography
A gentle introduction to isogeny-based cryptography Craig Costello Tutorial at SPACE 2016 December 15, 2016 CRRao AIMSCS, Hyderabad, India Part 1: Motivation Part 2: Preliminaries Part 3: Brief SIDH sketch
More informationDefinition of a finite group
Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *
More informationA Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m )
A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m ) Stefan Tillich, Johann Großschädl Institute for Applied Information Processing and
More informationNewHope for ARM Cortex-M
for ARM Cortex-M Erdem Alkim 1, Philipp Jakubeit 2, Peter Schwabe 2 erdemalkim@gmail.com, phil.jakubeit@gmail.com, peter@cryptojedi.org 1 Ege University, Izmir, Turkey 2 Radboud University, Nijmegen, The
More informationLow-Weight Polynomial Form Integers for Efficient Modular Multiplication
1 Low-Weight Polynomial Form Integers for Efficient Modular Multiplication Jaewook Chung and M. Anwar Hasan February 9, 2006 Abstract In 1999, Jerome Solinas introduced families of moduli called the generalized
More informationInternational Journal of Advanced Computer Technology (IJACT)
AN EFFICIENT DESIGN OF LOW POWER,FAST EL- LIPTIC CURVE SCALAR MULTIPLIER IN ECC USING S Jayalakshmi K R, M.Tech student, Mangalam college of engineering,kottayam,india; Ms.Hima Sara Jacob, Assistant professor,
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography J.-L. Beuchat 1 N. Brisebarre 2 J. Detrey 3 E. Okamoto 1 1 University of Tsukuba, Japan 2 École Normale Supérieure de Lyon, France 3 Cosec, b-it, Bonn,
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationThe quantum threat to cryptography
The quantum threat to cryptography Ashley Montanaro School of Mathematics, University of Bristol 20 October 2016 Quantum computers University of Bristol IBM UCSB / Google University of Oxford Experimental
More informationComputing modular polynomials with the Chinese Remainder Theorem
Computing modular polynomials with the Chinese Remainder Theorem Andrew V. Sutherland Massachusetts Institute of Technology ECC 009 Reinier Bröker Kristin Lauter Andrew V. Sutherland (MIT) Computing modular
More informationTripartite Modular Multiplication
Tripartite Modular Multiplication Kazuo Sakiyama 1,2, Miroslav Knežević 1, Junfeng Fan 1, Bart Preneel 1, and Ingrid Verbauhede 1 1 Katholieke Universiteit Leuven Department of Electrical Engineering ESAT/SCD-COSIC
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationImplementation of ECM Using FPGA devices. ECE646 Dr. Kris Gaj Mohammed Khaleeluddin Hoang Le Ramakrishna Bachimanchi
Implementation of ECM Using FPGA devices ECE646 Dr. Kris Gaj Mohammed Khaleeluddin Hoang Le Ramakrishna Bachimanchi Introduction Why factor numbers? Security of RSA relies on difficulty to factor large
More informationCSIDH: An Efficient Post-Quantum Commutative Group Action
CSIDH: An Efficient Post-Quantum Commutative Group Action Wouter Castryck 1, Tanja Lange 2, Chloe Martindale 2, Lorenz Panny 2, and Joost Renes 3 wouter.castryck@esat.kuleuven.be, tanja@hyperelliptic.org,
More informationHardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols
Hardware Implementation of Elliptic Curve Point Multiplication over GF (2 m ) for ECC protocols Moncef Amara University of Paris 8 LAGA laboratory Saint-Denis / France Amar Siad University of Paris 8 LAGA
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationCurrent trends and challenges in post-quantum cryptography. Steven Galbraith University of Auckland, New Zealand
Current trends and challenges in post-quantum cryptography University of Auckland, New Zealand Thanks Eric Bach, Joshua Holden, Jen Paulhus, Andrew Shallue, Renate Scheidler, Jonathan Sorenson. Hilary
More informationSide-Channel Attacks on Quantum-Resistant Supersingular Isogeny Die-Hellman
Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Die-Hellman Brian Koziel 1, Reza Azarderakhsh 2, and David Jao 3 1 Texas Instruments, kozielbrian@gmail.com. 2 CEECS Dept and I-SENSE FAU,
More informationFPGA-based Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1. Yale University, USA 2. Fraunhofer Institute SIT, Germany April 9, 2018 PQCrypto 2018
More informationLattice-Based Cryptography
Liljana Babinkostova Department of Mathematics Computing Colloquium Series Detecting Sensor-hijack Attacks in Wearable Medical Systems Krishna Venkatasubramanian Worcester Polytechnic Institute Quantum
More informationEfficient Application of Countermeasures for Elliptic Curve Cryptography
Efficient Application of Countermeasures for Elliptic Curve Cryptography Vladimir Soukharev, Ph.D. Basil Hess, Ph.D. InfoSec Global Inc. May 19, 2017 Outline Introduction Brief Summary of ECC Arithmetic
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationImplementation Options for Finite Field Arithmetic for Elliptic Curve Cryptosystems Christof Paar Electrical & Computer Engineering Dept. and Computer Science Dept. Worcester Polytechnic Institute Worcester,
More informationImproving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems
Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems Robert Niebuhr 1, Pierre-Louis Cayrel 2, and Johannes Buchmann 1,2 1 Technische Universität Darmstadt Fachbereich
More informationAn Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation
An Algorithm for the η T Pairing Calculation in Characteristic Three and its Hardware Implementation Jean-Luc Beuchat 1 Masaaki Shirase 2 Tsuyoshi Takagi 2 Eiji Okamoto 1 1 Graduate School of Systems and
More informationNew Algorithm for Classical Modular Inverse
New Algorithm for Classical Modular Inverse Róbert órencz C in Prague CR 9/8/00 CHE 00 1 Introduction - Modular Inverse Inseparable part of cryptographic algorithms. Always needed classical modular inverse
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More information6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)
6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC) 6.0 Introduction Elliptic curve cryptography (ECC) is the application of elliptic curve in the field of cryptography.basically a form of PKC which applies over the
More informationArithmetic in Integer Rings and Prime Fields
Arithmetic in Integer Rings and Prime Fields A 3 B 3 A 2 B 2 A 1 B 1 A 0 B 0 FA C 3 FA C 2 FA C 1 FA C 0 C 4 S 3 S 2 S 1 S 0 http://koclab.org Çetin Kaya Koç Spring 2018 1 / 71 Contents Arithmetic in Integer
More informationECM at Work. Joppe W. Bos 1 and Thorsten Kleinjung 2. 1 Microsoft Research, Redmond, USA
ECM at Work Joppe W. Bos 1 and Thorsten Kleinjung 2 1 Microsoft Research, Redmond, USA 2 Laboratory for Cryptologic Algorithms, EPFL, Lausanne, Switzerland 1 / 18 Security assessment of public-key cryptography
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationEfficient Implementation of Cryptographic pairings. Mike Scott Dublin City University
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things l Efficient algorithms l Suitable elliptic curves We have
More informationClassical and Quantum Algorithms for Isogeny-based Cryptography
Classical and Quantum Algorithms for Isogeny-based Cryptography by Anirudh Sankar A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics
More informationSpeeding Up Bipartite Modular Multiplication
Speeding Up Bipartite Modular Multiplication Miroslav Knežević, Frederik Vercauteren, and Ingrid Verbauhede Katholieke Universiteit Leuven Department of Electrical Engineering - ESAT/SCD-COSIC and IBBT
More informationFast, twist-secure elliptic curve cryptography from Q-curves
Fast, twist-secure elliptic curve cryptography from Q-curves Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC #17, Leuven September 16,
More informationFPGA Realization of Low Register Systolic All One-Polynomial Multipliers Over GF (2 m ) and their Applications in Trinomial Multipliers
Wright State University CORE Scholar Browse all Theses and Dissertations Theses and Dissertations 2016 FPGA Realization of Low Register Systolic All One-Polynomial Multipliers Over GF (2 m ) and their
More informationNEON-SIDH: Ecient Implementation of Supersingular Isogeny Die-Hellman Key Exchange Protocol on ARM
NEON-SIDH: Ecient Implementation of Supersingular Isogeny Die-Hellman Key Exchange Protocol on ARM Brian Koziel 1, Amir Jalali 2, Reza Azarderakhsh 3, David Jao 4, and Mehran Mozaari-Kermani 5 1 Texas
More informationYou could have invented Supersingular Isogeny Diffie-Hellman
You could have invented Supersingular Isogeny Diffie-Hellman Lorenz Panny Technische Universiteit Eindhoven Πλατανιάς, Κρήτη, 11 October 2017 1 / 22 Shor s algorithm 94 Shor s algorithm quantumly breaks
More informationEfficient algorithms for supersingular isogeny
Efficient algorithms for supersingular isogeny Diffie-Hellman Craig Costello, Patrick Longa, and Michael Naehrig Microsoft Research, US bstract. We propose a new suite of algorithms that significantly
More informationOn the complexity of computing discrete logarithms in the field F
On the complexity of computing discrete logarithms in the field F 3 6 509 Francisco Rodríguez-Henríquez CINVESTAV-IPN Joint work with: Gora Adj Alfred Menezes Thomaz Oliveira CINVESTAV-IPN University of
More informationON ISOGENY GRAPHS OF SUPERSINGULAR ELLIPTIC CURVES OVER FINITE FIELDS
ON ISOGENY GRAPHS OF SUPERSINGULAR ELLIPTIC CURVES OVER FINITE FIELDS GORA ADJ, OMRAN AHMADI, AND ALFRED MENEZES Abstract. We study the isogeny graphs of supersingular elliptic curves over finite fields,
More informationElliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.
Elliptic Curves I 1.0 Introduction The first three sections introduce and explain the properties of elliptic curves. A background understanding of abstract algebra is required, much of which can be found
More informationShor s Prime Factorization Algorithm
Shor s Prime Factorization Algorithm Bay Area Quantum Computing Meetup - 08/17/2017 Harley Patton Outline Why is factorization important? Shor s Algorithm Reduction to Order Finding Order Finding Algorithm
More informationArithmetic Operators for Pairing-Based Cryptography
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationImplementing RLWE-based Schemes Using an RSA Co-Processor
Implementing RLWE-based Schemes Using an RSA Co-Processor Martin R. Albrecht 1, Christian Hanser 2, Andrea Hoeller 2, Thomas Pöppelmann 3, Fernando Virdia 1, Andreas Wallner 2 1 Information Security Group,
More informationAn Optimized Hardware Architecture of Montgomery Multiplication Algorithm
An Optimized Hardware Architecture of Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, and Tarek El-Ghazawi 1 1 The George Washington University, Washington, DC 20052,
More informationChapter 4 Finite Fields
Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number
More informationNon-generic attacks on elliptic curve DLPs
Non-generic attacks on elliptic curve DLPs Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC Summer School Leuven, September 13 2013 Smith
More informationSelecting Elliptic Curves for Cryptography Real World Issues
Selecting Elliptic Curves for Cryptography Real World Issues Michael Naehrig Cryptography Research Group Microsoft Research UW Number Theory Seminar Seattle, 28 April 2015 Elliptic Curve Cryptography 1985:
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationarxiv:quant-ph/ v2 22 Jan 2004
Shor s discrete logarithm quantum algorithm for elliptic curves arxiv:quant-ph/0301141v2 22 Jan 2004 John Proos and Christof Zalka Department of Combinatorics and Optimization University of Waterloo, Waterloo,
More informationAnalysis of Hidden Field Equations Cryptosystem over Odd-Characteristic Fields
Nonlinear Phenomena in Complex Systems, vol. 17, no. 3 (2014), pp. 278-283 Analysis of Hidden Field Equations Cryptosystem over Odd-Characteristic Fields N. G. Kuzmina and E. B. Makhovenko Saint-Petersburg
More informationPost-Snowden Elliptic Curve Cryptography. Patrick Longa Microsoft Research
Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos Craig Costello Michael Naehrig NXP Semiconductors Microsoft Research Microsoft Research June 2013 the Snowden leaks the
More informationFPGA-Based Elliptic Curve Cryptography for RFID Tag Using Verilog
Journal From the SelectedWorks of Journal 2016 FPGA-Based Elliptic Curve Cryptography for RFID Tag Using Verilog M. Neelappa Dr. N. G. Kurahatti This work is licensed under a Creative Commons CC_BY-NC
More informationMODULAR multiplication with large integers is the main
1658 IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 25, NO. 5, MAY 2017 A General Digit-Serial Architecture for Montgomery Modular Multiplication Serdar Süer Erdem, Tuğrul Yanık,
More informationA Generic Hybrid Encryption Construction in the Quantum Random Oracle Model
A Generic Hybrid Encryption Construction in the Quantum Random Oracle Model Presented by: Angela Robinson Department of Mathematical Sciences, Florida Atlantic University April 4, 2018 Motivation Quantum-resistance
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationEfficient Hardware Architecture for Scalar Multiplications on Elliptic Curves over Prime Field
Efficient Hardware Architecture for Scalar Multiplications on Elliptic Curves over Prime Field Khalid Javeed BEng, MEng A Disertation submitted in fulfilment of the requirements for the award of Doctor
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationOptimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves
CT-RSA 2012 February 29th, 2012 Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves Joint work with: Nicolas Estibals CARAMEL project-team, LORIA, Université de Lorraine / CNRS / INRIA,
More informationAn FPGA-based Accelerator for Tate Pairing on Edwards Curves over Prime Fields
. Motivation and introduction An FPGA-based Accelerator for Tate Pairing on Edwards Curves over Prime Fields Marcin Rogawski Ekawat Homsirikamol Kris Gaj Cryptographic Engineering Research Group (CERG)
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationLoop-abort faults on supersingular isogeny cryptosystems
Loop-abort faults on supersingular isogeny cryptosystems Alexandre Gélin 1 and Benjamin Wesolowski 2 1 Sorbonne Universités, UPMC Paris 6, UMR 7606, LIP6, Paris, France alexandre.gelin@lip6.fr 2 École
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationHigh-speed cryptography, part 3: more cryptosystems. Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
High-speed cryptography, part 3: more cryptosystems Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Cryptographers Working systems Cryptanalytic algorithm designers
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationTOWARDS QUANTUM-RESISTANT CRYPTOSYSTEMS FROM SUPERSINGULAR ELLIPTIC CURVE ISOGENIES
TOWRDS QUNTUM-RESISTNT CRYPTOSYSTEMS FROM SUPERSINGULR ELLIPTIC CURVE ISOGENIES LUC DE FEO, DVID JO, ND JÉRÔME PLÛT bstract. We present new candidates for quantum-resistant public-key cryptosystems based
More informationRSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen
RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2 Introduction to Cryptography 3 Communication Is Insecure Alice Bob Paparazzi
More information