• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 19
  • 9
  • 2
  • 1
  • 1
  • Tagged with
  • 35
  • 35
  • 35
  • 11
  • 11
  • 11
  • 9
  • 7
  • 6
  • 6
  • 6
  • 6
  • 5
  • 5
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Contributions à la cryptographie post-quantique / Contributions to post-quantum cryptography

Deneuville, Jean-Christophe 01 December 2016 (has links)
Avec la possibilité de l’existence d’un ordinateur quantique, les primitives cryptographiques basées sur la théorie des nombres risquent de devenir caduques. Il devient donc important de concevoir des schémas résistants à ce nouveau type de menaces. Les réseaux euclidiens et les codes correcteurs d’erreurs sont deux outils mathématiques permettant de construire des problèmes d’algèbre linéaire, pour lesquels il n’existe aujourd’hui pas d’algorithme quantique permettant d’accélérer significativement leur résolution. Dans cette thèse, nous proposons quatre primitives cryptographiques de ce type : deux schémas de signatures (dont une signature traçable) basés sur les réseaux, un protocole de délégation de signature utilisant du chiffrement complètement homomorphe, et une nouvelle approche permettant de construire des cryptosystèmes très efficaces en pratique basés sur les codes. Ces contributions sont accompagnées de paramètres concrets permettant de jauger les coûts calculatoires des primitives cryptographique dans un monde post-quantique. / In the likely event where a quantum computer sees the light, number theoretic based cryptographic primitives being actually in use might become deciduous. This results in an important need to design schemes that could face off this new threat. Lattices and Error Correcting Codes are mathematical tools allowing to build algebraic problems, for which – up to-date – no quantum algorithm significantly speeding up their resolution is known. In this thesis, we propose four such kind cryptographic primitives: two signatures schemes (among those a traceable one) based on lattices, a signature delegation protocol using fully homomorphic encryption, and a new framework for building very efficient and practical code-based cryptosystems. These contributions are fed with concrete parameters allowing to gauge the concrete costs of security in a post-quantum world.
12

Secure and efficient post-quantum cryptographic digital signature algorithms

Mahmoud, Mahmoud Yehia Ahmed 24 August 2021 (has links)
Cryptographic digital signatures provide authentication to communicating parties over communication networks. They are integral asymmetric primitives in cryptography. The current digital signature infrastructure adopts schemes that rely on the hardness of finding discrete logarithms and factoring in finite groups. Given the recent advances in physics which point towards the eventual construction of large scale quantum computers, these hard problems will be solved in polynomial time using Shor’s algorithm. Hence, there is a clear need to migrate the cryptographic infrastructure to post-quantum secure alternatives. Such an initiative is demonstrated by the PQCRYPTO project and the current Post-Quantum Cryptography (PQC) standardization competition run by the National Institute of Standards and Technology (NIST). This dissertation considers hash-based digital signature schemes. Such algorithms rely on simple security notions such as preimage, and weak and strong collision resistances of hash functions. These notions are well-understood and their security against quantum computers has been well-analyzed. However, existing hash-based signature schemes have large signature sizes and high computational costs. Moreover, the signature size increases with the number of messages to be signed by a key pair. The goal of this work is to develop hash-based digital signature schemes to overcome the aforementioned limitations. First, FORS, the underlying few-time signature scheme of the NIST PQC alternate candidate SPHINCS+ is analyzed against adaptive chosen message attacks, and DFORS, a few-time signature scheme with adaptive chosen message security, is proposed. Second, a new variant of SPHINCS+ is introduced that improves the computational cost and security level. Security analysis for the new variant is presented. In addition, the hash-based group digital signature schemes, Group Merkle (GM) and Dynamic Group Merkle (DGM), are studied and their security is analyzed. Group Merkle Multi-Treem (GMMT) is proposed to solve some of the limitations of the GM and DGM hash-based group signature schemes. / Graduate
13

The Singularity Attack on Himq-3: A High-Speed Signature Scheme Based on Multivariate Quadratic Equations

Zhang, Zheng 30 September 2021 (has links)
No description available.
14

Hardware accelerators for post-quantum cryptography and fully homomorphic encryption

Agrawal, Rashmi 16 January 2023 (has links)
With the monetization of user data, data breaches have become very common these days. In the past five years, there were more than 7000 data breaches involving theft of personal information of billions of people. In the year 2020 alone, the global average cost per data breach was $3.86 million, and this number rose to $4.24 million in 2021. Therefore, the need for maintaining data security and privacy is becoming increasingly critical. Over the years, various data encryption schemes including RSA, ECC, and AES are being used to enable data security and privacy. However, these schemes are deemed vulnerable to quantum computers with their enormous processing power. As quantum computers are expected to become main stream in the near future, post-quantum secure encryption schemes are required. To this end, through NIST’s standardization efforts, code-based and lattice-based encryption schemes have emerged as one of the plausible way forward. Both code-based and lattice-based encryption schemes enable public key cryptosystems, key exchange mechanisms, and digital signatures. In addition, lattice-based encryption schemes support fully homomorphic encryption (FHE) that enables computation on encrypted data. Over the years, there have been several efforts to design efficient FPGA-based and ASIC-based solutions for accelerating the code-based and lattice-based encryption schemes. The conventional code-based McEliece cryptosystem uses binary Goppa code, which has good code rate and error correction capability, but suffers from high encoding and decoding complexity. Moreover, the size of the generated public key is in several MBs, leading to cryptosystem designs that cannot be accommodated on low-end FPGAs. In lattice-based encryption schemes, large polynomial ring operations form the core compute kernel and remain a key challenge for many hardware designers. To extend support for large modular arithmetic operations on an FPGA, while incurring low latency and hardware resource utilization requires substantial design efforts. Moreover, prior FPGA solutions for lattice-based FHE include hardware acceleration of basic FHE primitives for impractical parameter sets without the support for bootstrapping operation that is critical to building real-time privacy-preserving applications. Similarly, prior ASIC proposals of FHE that include bootstrapping are heavily memory bound, leading to large execution times, underutilized compute resources, and cost millions of dollars. To respond to these challenges, in this dissertation, we focus on the design of efficient hardware accelerators for code-based and lattice-based public key cryptosystems (PKC). For code-based PKC, we propose the design of a fully-parameterized en/decryption co-processor based on a new variant of McEliece cryptosystem. This co-processor takes advantage of the non-binary Orthogonal Latin Square Code (OLSC) to achieve a lower computational complexity along with smaller key size than that of the binary Goppa code. Our FPGA-based implementation of the co-processor is ∼3.5× faster than an existing classic McEliece cryptosystem implementation. For lattice-based PKC, we propose the design of a co-processor that implements large polynomial ring operations. It uses a fully-pipelined NTT polynomial multiplier to perform fast polynomial multiplications. We also propose the design of a highly-optimized Gaussian noise sampler, capable of sampling millions of high-precision samples per second. Through an FPGA-based implementation of this lattice-based PKC co-processor, we achieve a speedup of 6.5× while utilizing 5× less hardware resources as compared to state-of-the-art implementations. Leveraging our work on lattice-based PKC implementation, we explore the design of hardware accelerators that perform FHE operations using Cheon-Kim-Kim-Song (CKKS) scheme. Here, we first perform an in-depth architectural analysis of various FHE operations in the CKKS scheme so as to explore ways to accelerate an end-to-end FHE application. For this analysis, we develop a custom architecture modeling tool, SimFHE, to measure the compute and memory bandwidth requirements of hardware-accelerated CKKS. Our analysis using SimFHE reveals that, without a prohibitively large cache, all FHE operations exhibit low arithmetic intensity (<1 Op/byte). To address the memory bottleneck resulting from the low arithmetic intensity, we propose several memory-aware design (MAD) techniques, including caching and algorithmic optimizations, to reduce the memory requirements of CKKS-based application execution. We show that the use of our MAD techniques can yield an ASIC design that is at least 5-10× cheaper than the large-cache proposals, but only ∼2-3× slower. We also design FAB, an FPGA-based accelerator for bootstrappable FHE. FAB, for the first time ever, accelerates bootstrapping (along with basic FHE primitives) on an FPGA for a secure and practical parameter set. FAB tackles the memory-bounded nature of bootstrappable FHE through judicious datapath modification, smart operation scheduling, and on-chip memory management techniques to maximize the overall FHE-based compute throughput. FAB outperforms all prior CPU/GPU works by 9.5× to 456× and provides a practical performance for our target application: secure training of logistic regression models. / 2025-01-16T00:00:00Z
15

A deep learning based side-channel analysis of an FPGA implementation of Saber / En djupinlärningsbaserad sidokanalanalys av en FPGA-implementering av Saber

Ji, Yanning January 2022 (has links)
In 2016, NIST started a post quantum cryptography (PQC) standardization project in response to the rapid development of quantum algorithms which break many public-key cryptographic schemes. As the project nears its end, it is necessary to assess the resistance of its finalists to side-channel attacks. Although several side-channel attacks on software implementations PQCfinalists have been presented in recent papers, hardware implementations have been investigated much less. In this thesis, we present the first side-channel attack on an FPGA implementation of one of the NIST PQC finalists, Saber. Our experiments are performed on a publicly availible implementation of Saber compiled with Xilinx Vivado for an Artix-7 XC7A100T FPGA. We trained several deep learning models in an attempt to recover the Hamming weight and value of messages using their corresponding power traces. We also proposed a method to determine the Hamming weight of messages through binary search based on these models. We found out that, due to the difference in software and hardware implementations, the previously presented message recovery method that breaks a masked software implementation of Saber cannot be directly applied to the hardware implementation. The main reason for this is that, in the hardware implementation used in our experiments, all 256 bits of a message are processed in parallel, while in the software implementation used in the previous work, the bits are processed one-by-one. Future works includes finding new methods for analyzing hardware implementations. / Under 2016 startade NIST ett standardiseringsprojekt efter kvantkryptering (PQC) som svar på den snabba utvecklingen av kvantalgoritmer som bryter många kryptografiska system med offentliga nyckel. När projektet närmar sig sitt slut är det nödvändigt att bedöma finalisternas motstånd mot sidokanalsattacker. Även om flera sidokanalsattacker på programvaruimplementationer PQC-finalister har presenterats i de senaste tidningarna, har hårdvaruimplementationer undersökts mycket mindre. I denna avhandling presenterar vi den första sidokanalsattacken på en FPGA-implementering av en av NIST PQC-finalisterna, Sabre. Våra experiment utförs på en allmänt tillgänglig implementering av Sabre kompilerad med Xilinx Vivado för en Artix-7 XC7A100T FPGA. Vi tränade f lera modeller för djupinlärning i ett försök att återställa Hamming-vikten och värdet av meddelanden med hjälp av deras motsvarande kraftspår. Vi föreslog också en metod för att bestämma Hamming-vikten för meddelanden genom binär sökning baserat på dessa modeller. Vi fick reda på att, på grund av skillnaden i mjukvaru- och hårdvaruimplementationer, kan den tidigare presenterade meddelandeåterställningsmetoden som bryter en maskerad mjukvaruimplementering av Sabre inte direkt appliceras på hårdvaruimplementeringen. Den främsta anledningen till detta är att i hårdvaruimplementeringen som används i våra experiment bearbetas alla 256 bitar i ett meddelande parallellt, medan i mjukvaruimplementeringen som användes i det tidigare arbetet bearbetas bitarna en i taget. Framtida arbete inkluderar att hitta nya metoder för att analysera hårdvaruimplementationer.
16

Theoretical and Practical Aspects of the Migration to Post Quantum Cryptography

Schröck, Florian 23 April 2024 (has links)
Partial Post Quantum Cryptography migration of GitLab Community Edition source code with 3 main contributions 1. Devloped RubyCrypt - a simple scanner to assist the Cryptographic Inventory Compilation of Ruby apps 2. Configured git to use PQC signature (CRYSTALS-Dilithium) for commit signing 3. Included CRYSTALS-Dilithium to ssh_data, a common cryptographic Ruby gem used by GitLab (& GitHub):1. Introduction 2. Theoretical Background - Post Quantum Cryptography 2.1. Code-based Cryptography 2.1.1. McEliece Cryptosystem 2.2. Lattice-based Cryptography 2.2.1. CRYSTALS-Dilithium 3. Post Quantum Cryptography Migration of GitLab - a Case Study 3.1. Problem Statement 3.2. Related Work 3.2.1. Software Tools for Static Program Analysis 3.3. Chosen Approach 4. Implementation 4.1. Cryptographic Inventory Compilation 4.1.1. Results 4.2. Migration Planning 4.3. Migration Execution 4.3.1. PQC Commit Signatures in git 4.3.2. Including Dilithium to ssh_data 5. Conclusion and Outlook 6. References List of Tables List of Figures List of Source Code Acronyms Notation / Partielle Migration des GitLab Community Edition Source Codes auf Verfahren der Post-Quanten-Kryptographie mit 3 Hauptergebnissen 1. Entwicklung von RubyCrypt - einem simplen Scanner zur Unterstützung der Inventarisierung verwendeter Kryptographie in Ruby-Anwendungen 2. Konfiguration von git zur Verwendung des quantensicheren Signaturalgorithmus CRYSTALS-Dilithium zur Signatur von Commits 3. Integration von CRYSTALS-Dilithium in ssh_data, ein populäres kryptographisches Ruby gem welches in GitLab (und GitHub) verwendet wird:1. Introduction 2. Theoretical Background - Post Quantum Cryptography 2.1. Code-based Cryptography 2.1.1. McEliece Cryptosystem 2.2. Lattice-based Cryptography 2.2.1. CRYSTALS-Dilithium 3. Post Quantum Cryptography Migration of GitLab - a Case Study 3.1. Problem Statement 3.2. Related Work 3.2.1. Software Tools for Static Program Analysis 3.3. Chosen Approach 4. Implementation 4.1. Cryptographic Inventory Compilation 4.1.1. Results 4.2. Migration Planning 4.3. Migration Execution 4.3.1. PQC Commit Signatures in git 4.3.2. Including Dilithium to ssh_data 5. Conclusion and Outlook 6. References List of Tables List of Figures List of Source Code Acronyms Notation
17

Analysis of Lightweight Cryptographic Primitives

George, Kiernan Brent 05 May 2021 (has links)
Internet-of-Things (IoT) devices have become increasingly popular in the last 10 years, yet also show an acceptance for lack of security due to hardware constraints. The range of sophistication in IoT devices varies substantially depending on the functionality required, so security options need to be flexible. Manufacturers typically either use no security, or lean towards the use of the Advanced Encryption Standard (AES) with a 128-bit key. AES-128 is suitable for the higher end of that IoT device range, but is costly enough in terms of memory, time, and energy consumption that some devices opt to use no security. Short development and a strong drive to market also contribute to a lack in security. Recent work in lightweight cryptography has analyzed the suitability of custom protocols using AES as a comparative baseline. AES outperforms most custom protocols when looking at security, but those analyses fail to take into account block size and future capabilities such as quantum computers. This thesis analyzes lightweight cryptographic primitives that would be suitable for use in IoT devices, helping fill a gap for "good enough" security within the size, weight, and power (SWaP) constraints common to IoT devices. The primitives have not undergone comprehensive cryptanalysis and this thesis attempts to provide a preliminary analysis of confidentiality. The first is a single-stage residue number system (RNS) pseudorandom number generator (PRNG) that was shown in previous publications to produce strong outputs when analyzed with statistical tests like the NIST RNG test suite and DIEHARD. However, through analysis, an intelligent multi-stage conditional probability attack based on the pigeonhole principle was devised to reverse engineer the initial state (key) of a single-stage RNS PRNG. The reverse engineering algorithm is presented and used against an IoT-caliber device to showcase the ability of an attacker to retrieve the initial state. Following, defenses based on intentional noise, time hopping, and code hopping are proposed. Further computation and memory analysis show the proposed defenses are simple in implementation, but increase complexity for an attacker to the point where reverse engineering the PRNG is likely no longer viable. The next primitive proposed is a block cipher combination technique based on Galois Extension Field multiplication. Using any PRNG to produce the pseudorandom stream, the block cipher combination technique generates a variable sized key matrix to encrypt plaintext. Electronic Codebook (ECB) and Cipher Feedback (CFB) modes of operation are discussed. Both system modes are implemented in MATLAB as well as on a Texas Instruments (TI) MSP430FR5994 microcontroller for hardware validation. A series of statistical tests are then run against the simulation results to analyze overall randomness, including NIST and the Law of the Iterated Logarithm; the system passes both. The implementation on hardware is compared against a stream cipher variation and AES-128. The block cipher proposed outperforms AES-128 in terms of computation time and consumption for small block sizes. While not as secure, the cryptosystem is more scalable to block sizes used in IoT devices. / Master of Science / An Internet-of-Things (IoT) device is a single-purpose computer that operates with less computing resources and sometimes on battery power. The classification of IoT can range anywhere from motion sensors to a doorbell camera, but IoT devices are used in more than just home automation. The medical and industrial spaces use simple wireless computers for a number of tasks as well. One concern with IoT, given the hardware constraints, is the lack of security. Since messages are often transmitted through a wireless medium, anybody could eavesdrop on what is being communicated if data is not encrypted prior to transmission. Cryptography is the practice of taking any string of data and obfuscating it through a process that only valid parties can reverse. The sophistication of cryptographic systems has increased to the point where IoT manufacturers elect to use no security in many cases because the hardware is not advanced enough to run them efficiently. The Advanced Encryption Standard (AES) is usually the choice for security in the IoT space, but typically only higherend devices can afford to use AES. This thesis focuses on alternative lightweight systems to AES. First, a single-stage residue number system (RNS) pseudorandom number generator (PRNG) is analyzed, which has been proven to generate statistically random outputs in previous publications. PRNGs are a cheap method of producing seemingly random outputs through an algorithm once provided with an initial state known as a seed. An intelligent attack on the PRNG is devised, which is able to reverse engineer the initial state, effectively breaking the random behavior. Three defenses against the attack are then implemented to protect against the reported vulnerability. Following, a block cipher combination technique is presented, using the aforementioned PRNG as the source of randomness. A block cipher is a method of encrypting large chunks of data together, to better obfuscate the output. Using a block cipher is more secure than just using a PRNG for encryption. However, PRNGs are used to generate the key for the proposed block cipher, as they offer a more efficient method of security. The combination technique presented serves to increase the security of PRNGs further. The cipher is shown to perform better on an IoT-caliber device in terms of computation time and energy consumption at smaller block sizes than AES.
18

Investigation of Post-Quantum Cryptography (FIPS 203 &amp; 204) Compared to Legacy Cryptosystems, and Implementation in Large Corporations.

Marmebro, Alma, Stenbom, Kristin January 2024 (has links)
As quantum computing advances, there is a critical need to develop quantum resistant cryptographic algorithms. The precise timeline for quantum computers to challenge current encryption methods is uncertain, yet the potential risk to global data security is clear. This study addresses the necessity to prepare for these future threats by evaluating and enhancing the security of proposed quantum safe systems. The National Institute of Standards and Technology (NIST) has been proactive in addressing these challenges, proposing a set of quantum safe cryptographic systems, including ML-KEM (Module Lattice-based Key Encapsulation Mechanism) and ML-DSA (Module Lattice-based Digital Signature Algorithm). These systems are believed to be resilient against the computational capabilities of quantum computers, offering a pathway to secure cryptographic practices in the forthcoming quantum era. We have conducted a detailed analysis of ML-KEM and ML-DSA, focusing on their mathematical foundations and the inherent hardness of these systems. This examination helps clarify why they are considered secure against quantum computing. Our study involves implementing an Module-Learning With Errors (MLWE)-based cryptosystem, the foundational hardness of which underpins the security of ML-KEM and ML-DSA. In this implementation, we test two distributions to evaluate the impact of their parameters, as the choice of distribution is crucial since poor distribution choices can lead to significant errors. We carefully track these errors to determine their onset and rate of increase. Furthermore, we assess the readiness of organizations for the quantum era, finding that some have already begun their transition. However, our analysis suggests that security personnel within a well known company may not be as prepared as NIST’s recommendations would suggest. It is imperative for organizations to start preparing now to ensure the future security of their data in the face of quantum computing advancements.
19

Exploring Side-Channel Analysis Targeting FPGA Based RISC-V Architecture : Attempts at Performing Attacks in Preparation for Future PQC Algorithms / Utforska Sidokanalsattacker mot FPGA Baserade RISC-V Arkitekturer : Attackförsök som Förberedelse Inför Framtida PQC Algoritmer

Vilhelmson Näf, Max January 2021 (has links)
Many public-key cryptosystems currently in use are threatened by the possibility of large-scale quantum computers being built in the future. To counteract this, a process of developing quantum-resistant cryptographic algorithms is underway. This process also emphasizes the importance of protecting algorithms from Side-Channel Analysis (SCA). National Institute of Standards and Technology (NIST) oversees this process, and candidates for new standards are submitted into a public evaluation to be examined, updated, and possibly eliminated in order to ensure quality and security of the future standard. To develop knowledge of how to prevent SCA on Field Programmable Gate Array (FPGA) targets, this thesis investigated SCA using the ChipWhisperer-lite capture board and a RISC-V architecture synthesized on a PolarFire FPGA development board as the custom target. Various tests and attempts to detect and verify side-channel leakage are presented. Also included is a study and continuation of a previously explored deep neural network-based SCA on Saber Key Encapsulation Mechanism, which is one of the finalists of NIST post-quantum cryptography standardization process. Changes to the network were made to enable attacks using a tenth of the previously used traces for training. In addition, by utilizing t-test, spectrum analysis, and persistence plots, this thesis was able to verify data-dependent leakage from an S-Box implemented on the FPGA target. However, the key extraction using correlation power analysis was not successful, and therefore the hypothesis for mitigation methods could not be explored. As a result, the thesis’ main contribution is to provide a theoretical background and an introduction to the field and its challenges. The lessons learnt and methods used to connect the ChipWhisperer to the FPGA target might save time and facilitate SCA for the more experienced hardware security researchers. Future work should continue to further investigate this field in order to prevent SCA. / Utvecklingen av kvantdatorer hotar många av de konventionella och idag vitt använda krypteringsalgoritmerna. Därför pågår en process att utveckla och standardisera kvantdatorsäkra krypteringsalgoritmer. Som ett viktigt steg i denna process säkerställs även deras motståndskraft mot sidokanalsattacker. Detta sker i en öppen process modererad av National Institute of Standards and Technology. Kandidaterna till de nya algoritmerna utvärderas, justeras och anslås i en öppen process likt en tävling. Målet med detta examensarbete är att bidra med kunskap och insikter kring hur sidokanalsattacker utförs och motverkas. Attacker kommer riktas mot FPGA-hårdvara konfigurerad med en RISC-V arkitektur istället för de vanligt förekommande ChipWhisperer-måltavlorna. Sidokanalsläckage skall först identifieras och verifieras för att motåtgärder skall kunna testas och utvärderas. I arbetet återskapas en tidigare utförd attack med hjälp av neurala nätverk. Den nya återskapade attacken utförs på SaberKEM, men med stor begränsning utav antalet mätserier. Detta examensarbete kunde verifiera läckage ifrån RISC-V arkitekturen när den utförde AES krypteringssteget, S-Box. Verifieringen utfördes genom användning av T-test, spektrumanalys samt studerande av överlapp hos signalerna. Dock lyckades inte attackerna extrahera känslig nyckelinformation från varken S-Box eller lösenordsjämförelser. På grund av att dessa misslyckades kunde inte arbetet fortsätta vidare till testning av hypoteser för motåtgärder. Därför bör bidraget från detta arbete främst ses som en bakgrund och introduktion till ämnet. Kapitlen Introduktion och Bakgrund bör vara en god genomgång för nybörjare för att förstå viktiga begrepp och principer. För de mer erfarna är troligen metoderna för att koppla ihop och konfigurera FPGA-målet mer intressanta. Genom att dra lärdom av arbetets svårigheter, misstag och utmaningar kan tid sparas. Slutligen uppmanas framtida arbeten att utföra attacker på svårare mål utan direkta mätpunkter för att bli bättre på att anfalla och designa säkrare system.
20

Proposta de aprimoramento para o protocolo de assinatura digital Quartz / Proposal of enhancement for digital signature protocol Quartz

Andrade, Ewerton Rodrigues 27 August 2013 (has links)
Atualmente, podemos perceber que uma grande dependência dos sistemas desenvolvidos sob a seara da criptografia foi instaurada em todos nós. Principalmente no tocante dos sistemas criptográficos de chave pública, que são vastamente utilizados na Internet. No entanto, a criptografia de chave pública viu-se ameaçada e começou a investigar novas fontes de problemas para seus sistemas quando Shor em 1997 desenvolveu um algoritmo de tempo polinomial para fatorar inteiros e para calcular o logaritmo discreto em um computador quântico. Neste contexto, Patarin propõe a função alçapão HFE (Hidden Field Equations), uma trapdoor baseada nos Problemas MQ (Multivariate Quadratic) e IP (Isomorfismo de Polinômios). Tais problemas não são afetados pelo algoritmo de Shor, além disto o Problema MQ foi demonstrado por Patarin e Goubin como sendo NP-completo. Apesar do HFE ter sua versão básica quebrada, ele apresenta variações -- obtidas através de modificadores genéricos -- resistentes aos principais ataques da atualidade. O Quartz -- esquema de assinatura digital baseado no HFEv-, com escolha especial de parâmetros -- é um bom exemplo desta resistência a ataques algébricos que visem a recuperação da chave privada, pois até hoje permanece seguro. Além de também se destacar por gerar assinaturas curtas. Todavia, Joux e Martinet -- baseados em axiomas do Ataque pelo Paradoxo de Aniversário -- provaram que o Quartz é maleável, demonstrando que caso o adversário possua um par (mensagem, assinatura) válido, ele conseguirá obter uma segunda assinatura com 2^(50) computações e 2^(50) chamadas ao oráculo de assinatura, logo muito abaixo dos padrões de segurança atuais que são de, no mínimo, 2^(112). Desta forma, baseado no Quartz, apresentamos um novo esquema de assinatura digital resistente a ataques adaptativos de mensagem escolhida que realizem chamadas ao oráculo aleatório, com um nível de segurança estimado em 2^(112). Nosso criptossistema proporciona, ainda, um ganho de eficiência no algoritmo de verificação de assinatura e na inicialização dos vetores que serão utilizados pelos algoritmos de assinatura e verificação. Além de, também, disponibilizarmos uma implementação do Quartz Original e do Quartz Aprimorado, na linguagem de programação Java. / Today, we can see that a large dependence of the systems developed under the cryptography was introduced in all of us. Especially in terms of public key cryptosystems, which are widely used on the Internet. However, public key cryptography was threatened and began to investigate new sources of problems for their systems when Shor in 1997 developed a polynomial time algorithm for factoring integers and to compute the discrete logarithm in a quantum computer. In this context, Patarin proposed Hidden Field Equations (HFE), a trapdoor based on MQ (Multivariate Quadratic) and IP (Isomorphism of Polynomials) problems. Such problems are not affected by the Shor algorithm, moreover MQ Problem was demonstrate by Patarin and Goubin as NP-complete. Despite the basic HFE has broken, it varies secure, obtained by generic modification. The Quartz -- digital signature scheme based on HFEv-, with special choice of parameters -- is a good example of this resistance to algebraic attacks aimed at the recovery of the private key, because even today remains secure. Furthermore, it also generates short signatures. However, Joux and Martinet -- based on axioms of Birthday Paradox Attack -- proved that Quartz is malleable, showing that if the adversary has a pair (message, signature) valid, he can get a second signature with 2^(50) computations and 2^(50) calls to the signing oracle, so far the current security standards that are at least 2^(112). Thus, based on Quartz, we present a new digital signature scheme, achieving the adaptive chosen message attacks that make calls to the random oracle, with a secure level estimated at 2^(112). Our cryptosystem also provides an efficiency gain in signature verification algorithm and initialization vectors that will be used for signing and verification algorithms. Further we provide an implementation of Original Quartz and Enhanced Quartz in the Java programming language.

Page generated in 0.0618 seconds