CRYPTOGRAPHIC COMPUTING
|
|
- Natalie Lang
- 5 years ago
- Views:
Transcription
1 CRYPTOGRAPHIC COMPUTING ON GPU Chen Mou Cheng Dept. Electrical Engineering g National Taiwan University January 16, 2009
2 COLLABORATORS Daniel Bernstein, UIC, USA Tien Ren Chen, Army Tanja Lange, TU Eindhoven, the Netherlands Bo Yin Yang, Academia Sinica 1
3 OUTLINE Background on elliptic curve method of factorization (ECM) Our design and implementation of ECM on GPU 2
4 FACTORIZATION IN CRYPTANALYSIS RSA s security depends on how fast we can factor big integers Can use quantum computers Champion on traditional computers is General Number Field Sieves (GNFS) Factorization of (lots of) mid sized integers is an important subroutine of GNFS 3
5 FACTORIZATION OF RSA 155 In the factorization of an RSA 155 number (about ) Used 2 50 auxiliary integers < Found 2 27 smooth integers Factoring into primes < 2 30 Can C use Pollard s p 1 method or Lenstra s elliptic curve method (ECM) 4
6 POLLARD S P 1 METHOD N is B powersmooth means that for all prime p and integer n, p n N p n B Consider a simplified factorization problem Want to factor N=pq for p, q distinct primes Exists a smoothness bound B such that p 1 is B powersmooth but q 1 is not Outline of the algorithm 1. Pick a random a from {2,,p 1},p 2. Compute gcd(a R 1,N) for R=lcm(1,,B) 3. If the gcd is not 1 or N, then p is revealed 5 4. Otherwise, go to step 1 (or give up)
7 WHY IT WORKS p 1 B powersmooth that implies p 1 R=lcm(1,,B) Hence a R =a k(p 1) =1 mod p by Fermat s Little Theorem, so p a R 1 However, q 1 does not divide R since q 1 contains at least a prime power factor that is greater than B Therefore, there exists some a such that a R 1 mod q In this case, gcd(a R 1,q)=1, hence gcd(a R 1,N)=p Otherwise, gcd(a R 1,N)=N and we can pick another a Can mod N in the exponentiation of a because we are only interested in gcd(a R 1,N) at the end 6
8 HOW IT CAN FAIL 1. N does not have any prime factors that are B powersmooth gcd(a R 1,N)=1 Fix: increase B 2. All prime factors of N are B powersmooth and hence are found simultaneously gcd(a R 1,N)=N Fix: decrease B 7
9 LENSTRA S ELLIPTIC CURVE METHOD OF FACTORIZATION (ECM) Problem: find a prime factor of an integer N Outline of the algorithm Let p be a prime factor of N Choose an elliptic curve E over Q (but reduce modulo N) Set R=lcm(1,,B) for some smoothness bound B Pick a random point P on E and compute Q=[R]P Put Q in projective coordinates: Q=(X:Y:Z) If the order m of P modulo p is B powersmooth, then m R, and hence Q modulo p is the neutral element (0:1:0) on E modulo p Thus gcd(x,n) and gcd(z,n) are divisors of N 8
10 ADVANTAGES OF ECM OVER P 1 Can vary the curve, which increases the chance of finding at least one curve such that P has smooth order modulo p If using Pollard s p 1, then we are restricted to Z/pZ. When computing Q=[R]P in affine coordinates, the inversion in Z/NZ can fail since Z/NZ is not a field In this case the gcd of N and the element to be inverted is 1 and hence we have already found a divisor of N! Normally one uses Montgomery curves for ECM We replace them with Edwards curves since the 9 arithmetic is faster
11 WHY PEOPLE CARE ABOUT GPUS? 10
12 DETAILED CHARACTERISTICS OF 280 GTX Massively parallel architecture 240 cores, > 1.4 billion transistors mm 2, TDP: 236 watts (TSMC 65 nm) Thread level parallelism: use thousands of threads to fill up the instruction pipelines Peak P kperformance: 933 GFLOPS Compare: 64 GFLOPS of Core 2 Quad at 3 GHz Memory bandwidth: GB/s vs GB/s Thegap is still increasing! 11
13 GPUS INCRYPTOLOGY Various attempts since middle age of GPGPU, i.e., lots of OpenGL tweaking Attacks on symmetric ciphers Implementations of AES; many parallel executions Cook, Keromytis, CryptoGraphics: Exploiting Graphics Cards For Security, Advances in Information Security, 20, Springer, 2006 Moss, Page, Smart, Toward Acceleration of RSA Using 3D Graphics Hardware, in Cryptography and Coding
14 NVIDIA S CUDA CUDA: Compute Unified Device Architecture Provides general DRAM addressing for support of scatter and gather memory operations Adopts a general purpose programming model, in which GPUsare treated assuper threaded, super massivelydata parallel coprocessors Interface designed for computation No OpenGL, no graphics API any more! Provides high level language support Provides tools and drivers for tasks such as loading user programs onto GPU and managing GPU memory 13
15 STATE OF THE ART Szerwinski and Güneysu, Exploiting the Power of GPUs for Asymmetric Cryptography, CHES 2008, Washington, DC, USA, August 2008 Using nvidia GeForce 8800 GTS 320 (G80) 224 bit scalar 224 bit modulus Special modulus: elliptic curve scalar multiplications per second 14
16 PREVIEW OF OUR RESULT Also using same card, 8800 GTS 320 (G80) 280 bit scalar 280 bit modulus General 280 bit modulus 2414 elliptic curve scalar multiplications per second 15
17 MODULAR ARITHMETIC UNITS 28 limb, radix 2 10, schoolbook multiplication Karatsuba is slower because of inefficient use of the native floating point MAD (multiplyand add) instructions Montgomery s modular reduction Implies that small integers turn into full size modular values Result: R l turns each streaming multiprocessor li into an 8 way modular arithmetic unit 16
18 THREAD ORGANIZATION DESIGN A group of 32 threads (4 are idle) from 4 different warps work on multiplying two 28 limb, 280 bit integers Each hthread works on a 7 by 4 region 21 loads from and 10 stores to on die fast memory 28 multiplication and adds and adds plus 10 additions Each stream multiprocessor executes 256 threads Hence works on 8 modular multiplications at the same time Which thread works on what region is carefully designed Memory accesses by the threads within a same half warp are coalesced properly, avoiding bank conflict in reading from and writing to the fast on die shared memory 17
19
20 ELLIPTIC CURVE ARITHMETIC Use Edwards coordinates! Double and add with sliding window Shared memory is scarce and can only store 1 point New formulas for running two operations in parallel DBL DBL: 4M+3S+6a madd DBL: 7M+1S+7a DBL+mADD: 6M+2S+8a These numbers are even we managed to get perfect parallelism, ie i.e. no wait stages for multiplications Result: frees up enough storage so that we can 19 store 8 points: P, [3]P, [5]P,..., [15]P
21 NEW SPEED RECORDS FOR ECM curves/sec for ECM stage 1 with B1 = 8192 for 280 bit integers on a single PC Using two NVIDIA GeForce 280 GTX graphics cards and an Intel Core 2 Quad Q6600 CPU A single 280 GTX can do modular multiplications per second Compare to (almost) speed leader on CPU, the GMP ECM: curves/secon a 2.4GHz Q modular multiplications per second 20
22 PERFORMANCE COMPARISON 21
23 COST PERFORMANCE ANALYSIS 22
24 WHAT WE ARE WORKING ON NOW Efficient squarings Curves with universally small parameters under Montgomery s reduction Or no Montgomery s reduction at all! Porting to IBM Cell processor, the engine of the IBM Blue Gene supercomputers 23
25 PRELIMINARY RESULTS ON CELL CPU: Q6600, GHz mults/sec (288 bits) GPU: 8800 GTS, GHz mults/sec (288 bits) Cell: ll GHz mults/sec (256 bits) 24
26 RSA CRACKING MACHINES IN VISION 25
27 THANK YOU!! Questions and comments? 26
Edwards Curves and the ECM Factorisation Method
Edwards Curves and the ECM Factorisation Method Peter Birkner Eindhoven University of Technology CADO Workshop on Integer Factorization 7 October 2008 Joint work with Daniel J. Bernstein, Tanja Lange and
More informationECM at Work. Joppe W. Bos 1 and Thorsten Kleinjung 2. 1 Microsoft Research, Redmond, USA
ECM at Work Joppe W. Bos 1 and Thorsten Kleinjung 2 1 Microsoft Research, Redmond, USA 2 Laboratory for Cryptologic Algorithms, EPFL, Lausanne, Switzerland 1 / 18 Security assessment of public-key cryptography
More informationShortest Lattice Vector Enumeration on Graphics Cards
Shortest Lattice Vector Enumeration on Graphics Cards Jens Hermans 1 Michael Schneider 2 Fréderik Vercauteren 1 Johannes Buchmann 2 Bart Preneel 1 1 K.U.Leuven 2 TU Darmstadt SHARCS - 10 September 2009
More informationThe factorization of RSA D. J. Bernstein University of Illinois at Chicago
The factorization of RSA-1024 D. J. Bernstein University of Illinois at Chicago Abstract: This talk discusses the most important tools for attackers breaking 1024-bit RSA keys today and tomorrow. The same
More informationECM at Work. Joppe W. Bos and Thorsten Kleinjung. Laboratory for Cryptologic Algorithms EPFL, Station 14, CH-1015 Lausanne, Switzerland 1 / 14
ECM at Work Joppe W. Bos and Thorsten Kleinjung Laboratory for Cryptologic Algorithms EPFL, Station 14, CH-1015 Lausanne, Switzerland 1 / 14 Motivation The elliptic curve method for integer factorization
More informationFully Deterministic ECM
Fully Deterministic ECM Iram Chelli LORIA (CNRS) - CACAO Supervisor: P. Zimmermann September 23, 2009 Introduction The Elliptic Curve Method (ECM) is currently the best-known general-purpose factorization
More informationS XMP LIBRARY INTERNALS. Niall Emmart University of Massachusetts. Follow on to S6151 XMP: An NVIDIA CUDA Accelerated Big Integer Library
S6349 - XMP LIBRARY INTERNALS Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA Accelerated Big Integer Library High Performance Modular Exponentiation A^K mod P Where A,
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationInteger factorization, part 1: the Q sieve. part 2: detecting smoothness. D. J. Bernstein
Integer factorization, part 1: the Q sieve Integer factorization, part 2: detecting smoothness D. J. Bernstein The Q sieve factors by combining enough -smooth congruences ( + ). Enough log. Plausible conjecture:
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationElliptic Curve Method for Integer Factorization on Parallel Architectures
EDIC RESEARCH PROPOSAL 1 Elliptic Curve Method for Integer Factorization on Parallel Architectures Andrea Miele I&C, EPFL Abstract The elliptic curve method (ECM) for integer factorization is an algorithm
More informationCurve41417: Karatsuba revisited
Curve41417: Karatsuba revisited Chitchanok Chuengsatiansup Technische Universiteit Eindhoven September 25, 2014 Joint work with Daniel J. Bernstein and Tanja Lange Chitchanok Chuengsatiansup Curve41417:
More informationECM at Work. 1 Introduction. Joppe W. Bos 1 and Thorsten Kleinjung 2
ECM at Work Joppe W. Bos 1 and Thorsten Kleinjung 2 1 Microsoft Research, One Microsoft Way, Redmond, WA 98052, USA 2 Laboratory for Cryptologic Algorithms, EPFL, Lausanne, Switzerland Abstract. The performance
More informationImplementation of ECM Using FPGA devices. ECE646 Dr. Kris Gaj Mohammed Khaleeluddin Hoang Le Ramakrishna Bachimanchi
Implementation of ECM Using FPGA devices ECE646 Dr. Kris Gaj Mohammed Khaleeluddin Hoang Le Ramakrishna Bachimanchi Introduction Why factor numbers? Security of RSA relies on difficulty to factor large
More informationWelcome to MCS 572. content and organization expectations of the course. definition and classification
Welcome to MCS 572 1 About the Course content and organization expectations of the course 2 Supercomputing definition and classification 3 Measuring Performance speedup and efficiency Amdahl s Law Gustafson
More informationAccelerating linear algebra computations with hybrid GPU-multicore systems.
Accelerating linear algebra computations with hybrid GPU-multicore systems. Marc Baboulin INRIA/Université Paris-Sud joint work with Jack Dongarra (University of Tennessee and Oak Ridge National Laboratory)
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationGPU Acceleration of Cutoff Pair Potentials for Molecular Modeling Applications
GPU Acceleration of Cutoff Pair Potentials for Molecular Modeling Applications Christopher Rodrigues, David J. Hardy, John E. Stone, Klaus Schulten, Wen-Mei W. Hwu University of Illinois at Urbana-Champaign
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationElliptic Curves Spring 2013 Lecture #12 03/19/2013
18.783 Elliptic Curves Spring 2013 Lecture #12 03/19/2013 We now consider our first practical application of elliptic curves: factoring integers. Before presenting the elliptic curve method (ECM) for factoring
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationA new algorithm for residue multiplication modulo
A new algorithm for residue multiplication modulo 2 521 1 Shoukat Ali and Murat Cenk Institute of Applied Mathematics Middle East Technical University, Ankara, Turkey shoukat.1983@gmail.com mcenk@metu.edu.tr
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationAnalysis of Parallel Montgomery Multiplication in CUDA
San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 2013 Analysis of Parallel Montgomery Multiplication in CUDA Yuheng Liu San Jose State University
More informationGPU acceleration of Newton s method for large systems of polynomial equations in double double and quad double arithmetic
GPU acceleration of Newton s method for large systems of polynomial equations in double double and quad double arithmetic Jan Verschelde joint work with Xiangcheng Yu University of Illinois at Chicago
More informationOn the strength comparison of ECC and RSA
SHARCS 2012 (Special-Purpose Hardware for Attacking Cryptographic Systems) Date: 17-18 March 2012 Place: Washington, DC, USA On the strength comparison of ECC and RSA Masaya Yasuda, Takeshi Shimoyama,
More informationarxiv: v1 [hep-lat] 7 Oct 2010
arxiv:.486v [hep-lat] 7 Oct 2 Nuno Cardoso CFTP, Instituto Superior Técnico E-mail: nunocardoso@cftp.ist.utl.pt Pedro Bicudo CFTP, Instituto Superior Técnico E-mail: bicudo@ist.utl.pt We discuss the CUDA
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationSignatures and DLP-I. Tanja Lange Technische Universiteit Eindhoven
Signatures and DLP-I Tanja Lange Technische Universiteit Eindhoven How to compute ap Use binary representation of a to compute a(x; Y ) in blog 2 ac doublings and at most that many additions. E.g. a =
More informationThe RSA Cryptosystem: Factoring the public modulus. Debdeep Mukhopadhyay
The RSA Cryptosystem: Factoring the public modulus Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives
More informationECE297:11 Lecture 12
ECE297:11 Lecture 12 RSA Genesis, operation & security Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob 1 Trap-door one-way
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationECM at Work. Keywords: Elliptic curve factorization, cofactorization, additionsubtraction chains, twisted Edwards curves, parallel architectures.
ECM at Work Joppe W. Bos 1, and Thorsten Kleinjung 2 1 Microsoft Research, One Microsoft Way, Redmond, WA 98052, USA 2 Laboratory for Cryptologic Algorithms, EPFL, Lausanne, Switzerland Abstract. The performance
More informationSoftware implementation of ECC
Software implementation of ECC Radboud University, Nijmegen, The Netherlands June 4, 2015 Summer school on real-world crypto and privacy Šibenik, Croatia Software implementation of (H)ECC Radboud University,
More informationImplementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware
Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware Kris Gaj Soonhak Kwon Patrick Baier Paul Kohlbrenner Hoang Le Khaleeluddin Mohammed Ramakrishna Bachimanchi George Mason University
More informationOptimal Use of Montgomery Multiplication on Smart Cards
Optimal Use of Montgomery Multiplication on Smart Cards Arnaud Boscher and Robert Naciri Oberthur Card Systems SA, 71-73, rue des Hautes Pâtures, 92726 Nanterre Cedex, France {a.boscher, r.naciri}@oberthurcs.com
More informationHyperelliptic-curve cryptography. D. J. Bernstein University of Illinois at Chicago
Hyperelliptic-curve cryptography D. J. Bernstein University of Illinois at Chicago Thanks to: NSF DMS 0140542 NSF ITR 0716498 Alfred P. Sloan Foundation Two parts to this talk: 1. Elliptic curves; modern
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationFaster ECC over F 2. School of Computer and Communication Sciences EPFL, Switzerland 2 CertiVox Labs.
Faster ECC over F 2 521 1 Robert Granger 1 and Michael Scott 2 1 Laboratory for Cryptologic Algorithms School of Computer and Communication Sciences EPFL, Switzerland robbiegranger@gmail.com 2 CertiVox
More informationArithmétique et Cryptographie Asymétrique
Arithmétique et Cryptographie Asymétrique Laurent Imbert CNRS, LIRMM, Université Montpellier 2 Journée d inauguration groupe Sécurité 23 mars 2010 This talk is about public-key cryptography Why did mathematicians
More informationElliptic Curve Cryptography
The State of the Art of Elliptic Curve Cryptography Ernst Kani Department of Mathematics and Statistics Queen s University Kingston, Ontario Elliptic Curve Cryptography 1 Outline 1. ECC: Advantages and
More informationBasic Algorithms in Number Theory
Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi Discrete Logs, Modular Square Roots & Euclidean Algorithm. July 20 th 2010 Basic Algorithms
More informationENHANCING THE PERFORMANCE OF FACTORING ALGORITHMS
ENHANCING THE PERFORMANCE OF FACTORING ALGORITHMS GIVEN n FIND p 1,p 2,..,p k SUCH THAT n = p 1 d 1 p 2 d 2.. p k d k WHERE p i ARE PRIMES FACTORING IS CONSIDERED TO BE A VERY HARD. THE BEST KNOWN ALGORITHM
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationEstimates for factoring 1024-bit integers. Thorsten Kleinjung, University of Bonn
Estimates for factoring 1024-bit integers Thorsten Kleinjung, University of Bonn Contents GNFS Overview Polynomial selection, matrix construction, square root computation Sieving and cofactoring Strategies
More informationIntroduction to numerical computations on the GPU
Introduction to numerical computations on the GPU Lucian Covaci http://lucian.covaci.org/cuda.pdf Tuesday 1 November 11 1 2 Outline: NVIDIA Tesla and Geforce video cards: architecture CUDA - C: programming
More informationShor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017
Shor s Algorithm Polynomial-time Prime Factorization with Quantum Computing Sourabh Kulkarni October 13th, 2017 Content Church Thesis Prime Numbers and Cryptography Overview of Shor s Algorithm Implementation
More informationAn Implementation of SPELT(31, 4, 96, 96, (32, 16, 8))
An Implementation of SPELT(31, 4, 96, 96, (32, 16, 8)) Tung Chou January 5, 2012 QUAD Stream cipher. Security relies on MQ (Multivariate Quadratics). QUAD The Provably-secure QUAD(q, n, r) Stream Cipher
More informationSolving Quadratic Equations with XL on Parallel Architectures
Solving Quadratic Equations with XL on Parallel Architectures Cheng Chen-Mou 1, Chou Tung 2, Ni Ru-Ben 2, Yang Bo-Yin 2 1 National Taiwan University 2 Academia Sinica Taipei, Taiwan Leuven, Sept. 11, 2012
More informationCSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal
CSE 311 Lecture 13: Primes and GCD Emina Torlak and Kevin Zatloukal 1 Topics Modular arithmetic applications A quick wrap-up of Lecture 12. Primes Fundamental theorem of arithmetic, Euclid s theorem, factoring.
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition
More informationEdwards coordinates for elliptic curves, part 1
Edwards coordinates for elliptic curves, part 1 Tanja Lange Technische Universiteit Eindhoven tanja@hyperelliptic.org joint work with Daniel J. Bernstein 19.10.2007 Tanja Lange http://www.hyperelliptic.org/tanja/newelliptic/
More informationGauss Sieve on GPUs. Shang-Yi Yang 1, Po-Chun Kuo 1, Bo-Yin Yang 2, and Chen-Mou Cheng 1
Gauss Sieve on GPUs Shang-Yi Yang 1, Po-Chun Kuo 1, Bo-Yin Yang 2, and Chen-Mou Cheng 1 1 Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan {ilway25,kbj,doug}@crypto.tw 2
More informationSide-channel attacks and countermeasures for curve based cryptography
Side-channel attacks and countermeasures for curve based cryptography Tanja Lange Technische Universiteit Eindhoven tanja@hyperelliptic.org 28.05.2007 Tanja Lange SCA on curves p. 1 Overview Elliptic curves
More informationSolving Multivariate Polynomial Systems
Solving Multivariate Polynomial Systems Presented by: Bo-Yin Yang work with Lab of Yang and Cheng, and Charles Bouillaguet, ENS Institute of Information Science and TWISC, Academia Sinica Taipei, Taiwan
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationLecture 6: Introducing Complexity
COMP26120: Algorithms and Imperative Programming Lecture 6: Introducing Complexity Ian Pratt-Hartmann Room KB2.38: email: ipratt@cs.man.ac.uk 2015 16 You need this book: Make sure you use the up-to-date
More informationSignatures and DLP. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J. Bernstein
Signatures and DLP Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein ECDSA Users can sign messages using Edwards curves. Take a point P on an Edwards curve modulo a
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationUnbelievable Security Matching AES security using public key systems
Unbelievable Security Matching AES security using public key systems Arjen K. Lenstra Citibank, N.A. and Technische Universiteit Eindhoven 1 North Gate Road, Mendham, NJ 07945-3104, U.S.A. arjen.lenstra@citicorp.com
More informationQuantum Computer Simulation Using CUDA (Quantum Fourier Transform Algorithm)
Quantum Computer Simulation Using CUDA (Quantum Fourier Transform Algorithm) Alexander Smith & Khashayar Khavari Department of Electrical and Computer Engineering University of Toronto April 15, 2009 Alexander
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationDirect Self-Consistent Field Computations on GPU Clusters
Direct Self-Consistent Field Computations on GPU Clusters Guochun Shi, Volodymyr Kindratenko National Center for Supercomputing Applications University of Illinois at UrbanaChampaign Ivan Ufimtsev, Todd
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationThanks to: University of Illinois at Chicago NSF DMS Alfred P. Sloan Foundation
Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS 0140542 Alfred P. Sloan Foundation I want to work for NSA as an independent contractor.
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationSecurity Level of Cryptography Integer Factoring Problem (Factoring N = p 2 q) December Summary 2
Security Level of Cryptography Integer Factoring Problem (Factoring N = p 2 ) December 2001 Contents Summary 2 Detailed Evaluation 3 1 The Elliptic Curve Method 3 1.1 The ECM applied to N = p d............................
More informationPost-quantum RSA. We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity
We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta The referees are questioning applicability...
More informationRSA Implementation. Oregon State University
RSA Implementation Çetin Kaya Koç Oregon State University 1 Contents: Exponentiation heuristics Multiplication algorithms Computation of GCD and Inverse Chinese remainder algorithm Primality testing 2
More informationA Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m )
A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m ) Stefan Tillich, Johann Großschädl Institute for Applied Information Processing and
More informationAccelerating Linear Algebra on Heterogeneous Architectures of Multicore and GPUs using MAGMA and DPLASMA and StarPU Schedulers
UT College of Engineering Tutorial Accelerating Linear Algebra on Heterogeneous Architectures of Multicore and GPUs using MAGMA and DPLASMA and StarPU Schedulers Stan Tomov 1, George Bosilca 1, and Cédric
More informationA CUDA Solver for Helmholtz Equation
Journal of Computational Information Systems 11: 24 (2015) 7805 7812 Available at http://www.jofcis.com A CUDA Solver for Helmholtz Equation Mingming REN 1,2,, Xiaoguang LIU 1,2, Gang WANG 1,2 1 College
More informationBackground. Another interests. Sieve method. Parallel Sieve Processing on Vector Processor and GPU. RSA Cryptography
Background Parallel Sieve Processing on Vector Processor and GPU Yasunori Ushiro (Earth Simulator Center) Yoshinari Fukui (Earth Simulator Center) Hidehiko Hasegawa (Univ. of Tsukuba) () RSA Cryptography
More informationSpeeding up characteristic 2: I. Linear maps II. The Å(Ò) game III. Batching IV. Normal bases. D. J. Bernstein University of Illinois at Chicago
Speeding up characteristic 2: I. Linear maps II. The Å(Ò) game III. Batching IV. Normal bases D. J. Bernstein University of Illinois at Chicago NSF ITR 0716498 Part I. Linear maps Consider computing 0
More informationAlternative Approaches: Bounded Storage Model
Alternative Approaches: Bounded Storage Model A. Würfl 17th April 2005 1 Motivation Description of the Randomized Cipher 2 Motivation Motivation Description of the Randomized Cipher Common practice in
More informationTWO NEW FACTORS OF FERMAT NUMBERS
TWO NEW FACTORS OF FERMAT NUMBERS R. P. BRENT, R. E. CRANDALL, AND K. DILCHER Abstract. We report the discovery of new 27-decimal digit factors of the thirteenth and sixteenth Fermat numbers. Each of the
More informationOn Portability, Performance and Scalability of a MPI OpenCL Lattice Boltzmann Code
On Portability, Performance and Scalability of a MPI OpenCL Lattice Boltzmann Code E Calore, S F Schifano, R Tripiccione Enrico Calore INFN Ferrara, Italy 7 th Workshop on UnConventional High Performance
More informationScalable and Power-Efficient Data Mining Kernels
Scalable and Power-Efficient Data Mining Kernels Alok Choudhary, John G. Searle Professor Dept. of Electrical Engineering and Computer Science and Professor, Kellogg School of Management Director of the
More informationExperience in Factoring Large Integers Using Quadratic Sieve
Experience in Factoring Large Integers Using Quadratic Sieve D. J. Guan Department of Computer Science, National Sun Yat-Sen University, Kaohsiung, Taiwan 80424 guan@cse.nsysu.edu.tw April 19, 2005 Abstract
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 15 2018 Review Hash functions Collision resistance Merkle-Damgaard
More informationResearch into GPU accelerated pattern matching for applications in computer security
Research into GPU accelerated pattern matching for applications in computer security November 4, 2009 Alexander Gee age19@student.canterbury.ac.nz Department of Computer Science and Software Engineering
More informationParallel Cube Tester Analysis of the CubeHash One-Way Hash Function
Parallel Cube Tester Analysis of the CubeHash One-Way Hash Function Alan Kaminsky Department of Computer Science B. Thomas Golisano College of Computing and Information Sciences Rochester Institute of
More informationParallel Rabin-Karp Algorithm Implementation on GPU (preliminary version)
Bulletin of Networking, Computing, Systems, and Software www.bncss.org, ISSN 2186-5140 Volume 7, Number 1, pages 28 32, January 2018 Parallel Rabin-Karp Algorithm Implementation on GPU (preliminary version)
More informationElliptic curves. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J. Bernstein
Elliptic curves Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Diffie-Hellman key exchange Pick some generator. Diffie-Hellman key exchange Pick some generator. Diffie-Hellman
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationMcBits: Fast code-based cryptography
McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography
More informationImplementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware
Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware Kris Gaj 1, Soonhak Kwon 2, Patrick Baier 1, Paul Kohlbrenner 1, Hoang Le 1, Mohammed Khaleeluddin 1, Ramakrishna Bachimanchi
More informationUniversity of Illinois at Chicago. Prelude: What is the fastest algorithm to sort an array?
Challenges in quantum algorithms for integer factorization 1 D. J. Bernstein University of Illinois at Chicago Prelude: What is the fastest algorithm to sort an array? def blindsort(x): while not issorted(x):
More informationAnalysis of the RSA Encryption Algorithm
Analysis of the RSA Encryption Algorithm Betty Huang June 16, 2010 Abstract The RSA encryption algorithm is commonly used in public security due to the asymmetric nature of the cipher. The procedure is
More informationComparison of Elliptic Curve and Edwards Curve
CS90G - PROJECT REPORT Comparison of Elliptic Curve and Edwards Curve Shivapriya Hiremath, Stephanie Smith June 14, 013 1 INTRODUCTION In this project we have implemented the Elliptic Curve and Edwards
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More information