Global ETD Search

281	Métodos eficientes para criptografia baseada em reticulados. / Efficient methods for lattice-based cryptography. Barguil, João Marcos de Mattos 14 August 2015 (has links) Reticulados têm sido aplicados de diferentes maneiras em criptografia. Inicialmente utilizados para a destruição de criptossistemas, eles foram posteriormente aplicados na construção de novos esquemas, incluindo criptossistemas assimétricos, esquemas de assinatura cega e os primeiros métodos para encriptação completamente homomórfica. Contudo, seu desempenho ainda é proibitivamente lenta em muitos casos. Neste trabalho, expandimos técnicas originalmente desenvolvidas para encriptação homomórfica, tornando-as mais genéricas e aplicando-as no esquema GGH-YK-M, um esquema de encriptação de chave pública, e no esquema LMSV, a única construção homomórfica que não sucumbiu a ataques de recuperação de chaves IND-CCA1 até o momento. Em nossos testes, reduzimos o tamanho das chaves do GGH-YK-M em uma ordem de complexidade, especificamente, de O(n2 lg n) para O(n lg n), onde n é um parâmetro público do esquema. A nova técnica também atinge processamento mais rápido em todas as operações envolvidas em um criptossistema assimétrico, isto é, geração de chaves, encriptação e decriptação. A melhora mais significativa é na geração de chaves, que se torna mais de 3 ordens de magnitude mais rápida que resultados anteriores, enquanto a encriptação se torna por volta de 2 ordens de magnitude mais rápida. Para decriptação, nossa implementação é dez vezes mais rápida que a literatura. Também mostramos que é possível aumentar a segurança do esquema LMSV contra os ataques quânticos de recuperação de chaves recentemente publicados pela agência britânica GCHQ. Isso é feito através da adoção de reticulados não-ciclotômicos baseados em anéis polinomiais irredutíveis quase-circulantes. Em nossa implementação, o desempenho da encriptação é virtualmente idêntico, e a decriptação torna-se ligeiramente inferior, um pequeno preço a se pagar pelo aumento de segurança. A geração de chaves, porém, é muito mais lenta, devido à necessidade de se utilizar um método mais genérico e caro. A existência de métodos dedicados altamente eficientes para a geração de chaves nesta variante mais segura do LMSV permanece como um problema em aberto. / Lattices have been applied in many different ways in cryptography. Firstly used for the destruction of cryptosystems, they were later applied in the construction of new schemes, including asymmetric cryptosystems, blind signature schemes and the first methods for fully homomorphic encryption. Nonetheless, performance is still prohibitively slow in many cases. In this work, we expand techniques originally devised for homomorphic encryption, making them more general and applying them to the GGH-YK-M cryptosystem, a lattice-based public-key cryptosystem, and to the LMSV scheme, the only known homomorphic scheme that has not succumbed to INDCCA1 key recovery attacks to this date. In our tests, we reduce public key bandwidth occupation of GGH-YK-M by an order of complexity, specifically, from O(n2 lg n) down to O(n lg n) bits, where n is a public parameter of the scheme. The new technique also attains faster processing in all operations involved in an asymmetric cryptosystem, that is, key generation, encryption, and decryption. The most significant improvement in performance is in key generation, which becomes more than 3 orders of magnitude faster than previous results, while encryption becomes about 2 orders of magnitude faster. For decryption, our implementation is ten times faster than the literature. We also show that it is possible to improve security of LMSV against the quantum key recovery attacks recently published by British GCHQ.We do so by adopting non-cyclotomic lattices based on nearly-circulant irreducible polynomial rings. In our implementation, performance of encryption remains virtually the same, and decryption becomes slightly worse, a small price to pay for the improved security. Key generation, however, is much slower, due to the fact that it is necessary to use a more generic and expensive method. The existence of highly effcient dedicated methods for key generation of this secure variant of LMSV remains as an open problem. Algoritmos Criptografia Criptografia pós-quântica Cryptography Encriptação homomórfica Homomorphic encryption Lattices Post-quantum cryptography Reticulados
282	Tamper-Resistant Arithmetic for Public-Key Cryptography Gaubatz, Gunnar 01 March 2007 (has links) Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines. Side Channel Attacks Fault Attacks Public-Key Cryptography Error Detection Error Detecting Codes Cryptography
283	Threshold Implementations of the Present Cipher Farmani, Mohammad 06 September 2017 (has links) "The process of securing data has always been a challenge since it is related to the safety of people and society. Nowadays, there are many cryptographic algorithms developed to solve security problems. However, some applications have constraints which make it difficult to achieve high levels of security. Light weight cryptography aims to address this issue while trying to maintain low costs. Side-channel attacks have changed the way of cryptography significantly. In this kind of attacks, the attacker has physical access to the crypto-system and can extract the sensitive data by monitoring and measuring the side-channels such as power consumption, electromagnetic emanation, timing information, sound, etc. These attacks are based on the relationship between side-channels and secret data. Therefore, there need to be countermeasures to eliminate or reduce side channel leaks or to break the relationship between side-channels and secret data to protect the crypto systems against side-channel attacks. In this work, we explore the practicality of Threshold Implementation (TI) with only two shares for a smaller design that needs less randomness but is still leakage resistant. We demonstrate the first two-share Threshold Implementations of light-weight block cipher Present. Based on implementation results, two-share TI has a lower area overhead and better throughput when compared with a first-order resistant three-share scheme. Leakage analysis of the developed implementations reveals that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. " Masking Countermeasure Side channel countermeasure Present cipher FPGA Lightweight cryptography Cryptography Threshold implementation
284	Efficient Algorithms for Elliptic Curve Cryptosystems on Embedded Systems Woodbury, Adam D 01 October 2001 (has links) "This thesis describes how an elliptic curve cryptosystem can be implemented on low cost microprocessors without coprocessors with reasonable performance. We focus in this paper on the Intel 8051 family of microcontrollers popular in smart cards and other cost-sensitive devices, and on the Motorola Dragonball, found in the Palm Computing Platform. The implementation is based on the use of the Optimal Extension Fields GF((2^8-17)^17) for low end 8-bit processors, and GF((2^13-1)^13) for 16-bit processors. Two advantages of our method are that subfield modular reduction can be performed infrequently, and that an adaption of Itoh and Tsujii's inversion algorithm may be used for the group operation. We show that an elliptic curve scalar multiplication with a fixed point, which is the core operation for a signature generation, can be performed in a group of order approximately 2^134 in less than 2 seconds on an 8-bit smart card. On a 16-bit microcontroller, signature generation in a group of order approximately 2^169 can be performed in under 700 milliseconds. Unlike other implementations, we do not make use of curve parameters defined over a subfield such as Koblitz curves." cryptography implementation finite fields Cryptography Curves Elliptic Embedded computer systems Algorithms
285	Modular Exponentiation on Reconfigurable Hardware Blum, Thomas 03 September 1999 (has links) "It is widely recognized that security issues will play a crucial role in the majority of future computer and communication systems. A central tool for achieving system security are cryptographic algorithms. For performance as well as for physical security reasons, it is often advantageous to realize cryptographic algorithms in hardware. In order to overcome the well-known drawback of reduced flexibility that is associated with traditional ASIC solutions, this contribution proposes arithmetic architectures which are optimized for modern field programmable gate arrays (FPGAs). The proposed architectures perform modular exponentiation with very long integers. This operation is at the heart of many practical public-key algorithms such as RSA and discrete logarithm schemes. We combine two versions of Montgomery modular multiplication algorithm with new systolic array designs which are well suited for FPGA realizations. The first one is based on a radix of two and is capable of processing a variable number of bits per array cell leading to a low cost design. The second design uses a radix of sixteen, resulting in a speed-up of a factor three at the cost of more used resources. The designs are flexible, allowing any choice of operand and modulus. Unlike previous approaches, we systematically implement and compare several versions of our new architecture for different bit lengths. We provide absolute area and timing measures for each architecture on Xilinx XC4000 series FPGAs. As a first practical result we show that it is possible to implement modular exponentiation at secure bit lengths on a single commercially available FPGA. Secondly we present faster processing times than previously reported. The Diffie-Hellman key exchange scheme with a modulus of 1024 bits and an exponent of 160 bits is computed in 1.9 ms. Our fastest design computes a 1024 bit RSA decryption in 3.1 ms when the Chinese remainder theorem is applied. These times are more than ten times faster than any reported software implementation. They also outperform most of the hardware-implementations presented in technical literature." public-key cryptography FPGA Montgomery multiplication Modular Exponentiation RSA Reconfigurable Hardware Cryptography Gate array circuits
286	Versatile Montgomery Multiplier Architectures Gaubatz, Gunnar 30 April 2002 (has links) Several algorithms for Public Key Cryptography (PKC), such as RSA, Diffie-Hellman, and Elliptic Curve Cryptography, require modular multiplication of very large operands (sizes from 160 to 4096 bits) as their core arithmetic operation. To perform this operation reasonably fast, general purpose processors are not always the best choice. This is why specialized hardware, in the form of cryptographic co-processors, become more attractive. Based upon the analysis of recent publications on hardware design for modular multiplication, this M.S. thesis presents a new architecture that is scalable with respect to word size and pipelining depth. To our knowledge, this is the first time a word based algorithm for Montgomery's method is realized using high-radix bit-parallel multipliers working with two different types of finite fields (unified architecture for GF(p) and GF(2n)). Previous approaches have relied mostly on bit serial multiplication in combination with massive pipelining, or Radix-8 multiplication with the limitation to a single type of finite field. Our approach is centered around the notion that the optimal delay in bit-parallel multipliers grows with logarithmic complexity with respect to the operand size n, O(log3/2 n), while the delay of bit serial implementations grows with linear complexity O(n). Our design has been implemented in VHDL, simulated and synthesized in 0.5μ CMOS technology. The synthesized net list has been verified in back-annotated timing simulations and analyzed in terms of performance and area consumption. computer arithmetic modular multiplication public key cryptography montgomery vlsi high radix Public key cryptography Computer algorithms
287	A microcoded elliptic curve cryptographic processor. January 2001 (has links) Leung Ka Ho. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2001. / Includes bibliographical references (leaves [85]-90). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / List of Figures --- p.ix / List of Tables --- p.xi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Aims --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Thesis Outline --- p.4 / Chapter 2 --- Cryptography --- p.6 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Foundations --- p.6 / Chapter 2.3 --- Secret Key Cryptosystems --- p.8 / Chapter 2.4 --- Public Key Cryptosystems --- p.9 / Chapter 2.4.1 --- One-way Function --- p.10 / Chapter 2.4.2 --- Certification Authority --- p.10 / Chapter 2.4.3 --- Discrete Logarithm Problem --- p.11 / Chapter 2.4.4 --- RSA vs. ECC --- p.12 / Chapter 2.4.5 --- Key Exchange Protocol --- p.13 / Chapter 2.4.6 --- Digital Signature --- p.14 / Chapter 2.5 --- Secret Key vs. Public Key Cryptography --- p.16 / Chapter 2.6 --- Summary --- p.18 / Chapter 3 --- Mathematical Background --- p.19 / Chapter 3.1 --- Introduction --- p.19 / Chapter 3.2 --- Groups and Fields --- p.19 / Chapter 3.3 --- Finite Fields --- p.21 / Chapter 3.4 --- Modular Arithmetic --- p.21 / Chapter 3.5 --- Polynomial Basis --- p.21 / Chapter 3.6 --- Optimal Normal Basis --- p.22 / Chapter 3.6.1 --- Addition --- p.23 / Chapter 3.6.2 --- Squaring --- p.24 / Chapter 3.6.3 --- Multiplication --- p.24 / Chapter 3.6.4 --- Inversion --- p.30 / Chapter 3.7 --- Summary --- p.33 / Chapter 4 --- Literature Review --- p.34 / Chapter 4.1 --- Introduction --- p.34 / Chapter 4.2 --- Hardware Elliptic Curve Implementation --- p.34 / Chapter 4.2.1 --- Field Processors --- p.34 / Chapter 4.2.2 --- Curve Processors --- p.36 / Chapter 4.3 --- Software Elliptic Curve Implementation --- p.36 / Chapter 4.4 --- Summary --- p.38 / Chapter 5 --- Introduction to Elliptic Curves --- p.39 / Chapter 5.1 --- Introduction --- p.39 / Chapter 5.2 --- Historical Background --- p.39 / Chapter 5.3 --- Elliptic Curves over R2 --- p.40 / Chapter 5.3.1 --- Curve Addition and Doubling --- p.41 / Chapter 5.4 --- Elliptic Curves over Finite Fields --- p.44 / Chapter 5.4.1 --- Elliptic Curves over Fp with p>〉3 --- p.44 / Chapter 5.4.2 --- Elliptic Curves over F2n --- p.45 / Chapter 5.4.3 --- Operations of Elliptic Curves over F2n --- p.46 / Chapter 5.4.4 --- Curve Multiplication --- p.49 / Chapter 5.5 --- Elliptic Curve Discrete Logarithm Problem --- p.51 / Chapter 5.6 --- Public Key Cryptography --- p.52 / Chapter 5.7 --- Elliptic Curve Diffie-Hellman Key Exchange --- p.54 / Chapter 5.8 --- Summary --- p.55 / Chapter 6 --- Design Methodology --- p.56 / Chapter 6.1 --- Introduction --- p.56 / Chapter 6.2 --- CAD Tools --- p.56 / Chapter 6.3 --- Hardware Platform --- p.59 / Chapter 6.3.1 --- FPGA --- p.59 / Chapter 6.3.2 --- Reconfigurable Hardware Computing --- p.62 / Chapter 6.4 --- Elliptic Curve Processor Architecture --- p.63 / Chapter 6.4.1 --- Arithmetic Logic Unit (ALU) --- p.64 / Chapter 6.4.2 --- Register File --- p.68 / Chapter 6.4.3 --- Microcode --- p.69 / Chapter 6.5 --- Parameterized Module Generator --- p.72 / Chapter 6.6 --- Microcode Toolkit --- p.73 / Chapter 6.7 --- Initialization by Bitstream Reconfiguration --- p.74 / Chapter 6.8 --- Summary --- p.75 / Chapter 7 --- Results --- p.76 / Chapter 7.1 --- Introduction --- p.76 / Chapter 7.2 --- Elliptic Curve Processor with Serial Multiplier (p = 1) --- p.76 / Chapter 7.3 --- Projective verses Affine Coordinates --- p.78 / Chapter 7.4 --- Elliptic Curve Processor with Parallel Multiplier (p > 1) --- p.79 / Chapter 7.5 --- Summary --- p.80 / Chapter 8 --- Conclusion --- p.82 / Chapter 8.1 --- Recommendations for Future Research --- p.83 / Bibliography --- p.85 / Chapter A --- Elliptic Curves in Characteristics 2 and3 --- p.91 / Chapter A.1 --- Introduction --- p.91 / Chapter A.2 --- Derivations --- p.91 / Chapter A.3 --- "Elliptic Curves over Finite Fields of Characteristic ≠ 2,3" --- p.92 / Chapter A.4 --- Elliptic Curves over Finite Fields of Characteristic = 2 --- p.94 / Chapter B --- Examples of Curve Multiplication --- p.95 / Chapter B.1 --- Introduction --- p.95 / Chapter B.2 --- Numerical Results --- p.96 Computer security Curves, Elliptic--Data processing Public key cryptography Cryptography Field programmable gate arrays
288	Métodos eficientes para criptografia baseada em reticulados. / Efficient methods for lattice-based cryptography. João Marcos de Mattos Barguil 14 August 2015 (has links) Reticulados têm sido aplicados de diferentes maneiras em criptografia. Inicialmente utilizados para a destruição de criptossistemas, eles foram posteriormente aplicados na construção de novos esquemas, incluindo criptossistemas assimétricos, esquemas de assinatura cega e os primeiros métodos para encriptação completamente homomórfica. Contudo, seu desempenho ainda é proibitivamente lenta em muitos casos. Neste trabalho, expandimos técnicas originalmente desenvolvidas para encriptação homomórfica, tornando-as mais genéricas e aplicando-as no esquema GGH-YK-M, um esquema de encriptação de chave pública, e no esquema LMSV, a única construção homomórfica que não sucumbiu a ataques de recuperação de chaves IND-CCA1 até o momento. Em nossos testes, reduzimos o tamanho das chaves do GGH-YK-M em uma ordem de complexidade, especificamente, de O(n2 lg n) para O(n lg n), onde n é um parâmetro público do esquema. A nova técnica também atinge processamento mais rápido em todas as operações envolvidas em um criptossistema assimétrico, isto é, geração de chaves, encriptação e decriptação. A melhora mais significativa é na geração de chaves, que se torna mais de 3 ordens de magnitude mais rápida que resultados anteriores, enquanto a encriptação se torna por volta de 2 ordens de magnitude mais rápida. Para decriptação, nossa implementação é dez vezes mais rápida que a literatura. Também mostramos que é possível aumentar a segurança do esquema LMSV contra os ataques quânticos de recuperação de chaves recentemente publicados pela agência britânica GCHQ. Isso é feito através da adoção de reticulados não-ciclotômicos baseados em anéis polinomiais irredutíveis quase-circulantes. Em nossa implementação, o desempenho da encriptação é virtualmente idêntico, e a decriptação torna-se ligeiramente inferior, um pequeno preço a se pagar pelo aumento de segurança. A geração de chaves, porém, é muito mais lenta, devido à necessidade de se utilizar um método mais genérico e caro. A existência de métodos dedicados altamente eficientes para a geração de chaves nesta variante mais segura do LMSV permanece como um problema em aberto. / Lattices have been applied in many different ways in cryptography. Firstly used for the destruction of cryptosystems, they were later applied in the construction of new schemes, including asymmetric cryptosystems, blind signature schemes and the first methods for fully homomorphic encryption. Nonetheless, performance is still prohibitively slow in many cases. In this work, we expand techniques originally devised for homomorphic encryption, making them more general and applying them to the GGH-YK-M cryptosystem, a lattice-based public-key cryptosystem, and to the LMSV scheme, the only known homomorphic scheme that has not succumbed to INDCCA1 key recovery attacks to this date. In our tests, we reduce public key bandwidth occupation of GGH-YK-M by an order of complexity, specifically, from O(n2 lg n) down to O(n lg n) bits, where n is a public parameter of the scheme. The new technique also attains faster processing in all operations involved in an asymmetric cryptosystem, that is, key generation, encryption, and decryption. The most significant improvement in performance is in key generation, which becomes more than 3 orders of magnitude faster than previous results, while encryption becomes about 2 orders of magnitude faster. For decryption, our implementation is ten times faster than the literature. We also show that it is possible to improve security of LMSV against the quantum key recovery attacks recently published by British GCHQ.We do so by adopting non-cyclotomic lattices based on nearly-circulant irreducible polynomial rings. In our implementation, performance of encryption remains virtually the same, and decryption becomes slightly worse, a small price to pay for the improved security. Key generation, however, is much slower, due to the fact that it is necessary to use a more generic and expensive method. The existence of highly effcient dedicated methods for key generation of this secure variant of LMSV remains as an open problem. Algoritmos Criptografia Criptografia pós-quântica Encriptação homomórfica Reticulados Cryptography Homomorphic encryption Lattices Post-quantum cryptography
289	Efficient Pairings on Various Platforms Grewal, Gurleen 30 April 2012 (has links) Pairings have found a range of applications in many areas of cryptography. As such, to utilize the enormous potential of pairing-based protocols one needs to efficiently compute pairings across various computing platforms. In this thesis, we give an introduction to pairing-based cryptography and describe the Tate pairing and its variants. We then describe some recent work to realize efficient computation of pairings. We further extend these optimizations and implement the O-Ate pairing on BN-curves on ARM and x86-64 platforms. Specifically, we extend the idea of lazy reduction to field inversion, optimize curve arithmetic, and construct efficient tower extensions to optimize field arithmetic. We also analyze the use of affine coordinates for pairing computation leading us to the conclusion that they are a competitive choice for fast pairing computation on ARM processors, especially at high security level. Our resulting implementation is more than three times faster than any previously reported implementation on ARM processors. ARM processor cryptography pairing-based cryptography pairings pairing computation O-Ate pairing Combinatorics and Optimization
290	On Pairing-Based Signature and Aggregate Signature Schemes Knapp, Edward January 2008 (has links) In 2001, Boneh, Lynn, and Shacham presented a pairing-based signature scheme known as the BLS signature scheme. In 2003, Boneh, Gentry, Lynn, and Shacham presented the first aggregate signature scheme called the BGLS aggregate signature scheme. The BGLS scheme allows for N users with N signatures to combine their signatures into a single signature. The size of the resulting signature is independent of N. The BGLS signature scheme enjoys roughly the same level of security as the BLS scheme. In 2005, Waters presented a pairing-based signature scheme which does not assume the existence of random oracles. In 2007, Lu, Ostrovsky, Sahai, Shacham, and Waters presented the LOSSW aggregate signature scheme which does not assume the existence of random oracles. The BLS, BGLS, Waters, and LOSSW authors each chose to work with a restricted class of pairings. In each scheme, it is clear that the scheme extend to arbitrary pairings. We present the schemes in their full generality, explore variations of the schemes, and discuss optimizations that can be made when using specific pairings. Each of the schemes we discuss is secure assuming that the computational Diffie-Hellman (CDH) assumption holds. We improve on the security reduction for a variation of the BGLS signature scheme which allows for some restrictions of the BGLS signature scheme can be dropped and provides a stronger guarantee of security. We show that the BGLS scheme can be modified to reduce public-key size in presence of a certifying authority, when a certain type of pairing is used. We show that patient-free bit-compression can be applied to each of the scheme with a few modifications. mathematics cryptography signature schemes provable security elliptic curves public-key cryptography Combinatorics and Optimization

Search results