Analysis of Lightweight Cryptographic Primitives

George, Kiernan Brent

05 May 2021

Internet-of-Things (IoT) devices have become increasingly popular in the last 10 years, yet also show an acceptance for lack of security due to hardware constraints. The range of sophistication in IoT devices varies substantially depending on the functionality required, so security options need to be flexible. Manufacturers typically either use no security, or lean towards the use of the Advanced Encryption Standard (AES) with a 128-bit key. AES-128 is suitable for the higher end of that IoT device range, but is costly enough in terms of memory, time, and energy consumption that some devices opt to use no security. Short development and a strong drive to market also contribute to a lack in security. Recent work in lightweight cryptography has analyzed the suitability of custom protocols using AES as a comparative baseline. AES outperforms most custom protocols when looking at security, but those analyses fail to take into account block size and future capabilities such as quantum computers. This thesis analyzes lightweight cryptographic primitives that would be suitable for use in IoT devices, helping fill a gap for "good enough" security within the size, weight, and power (SWaP) constraints common to IoT devices. The primitives have not undergone comprehensive cryptanalysis and this thesis attempts to provide a preliminary analysis of confidentiality. The first is a single-stage residue number system (RNS) pseudorandom number generator (PRNG) that was shown in previous publications to produce strong outputs when analyzed with statistical tests like the NIST RNG test suite and DIEHARD. However, through analysis, an intelligent multi-stage conditional probability attack based on the pigeonhole principle was devised to reverse engineer the initial state (key) of a single-stage RNS PRNG. The reverse engineering algorithm is presented and used against an IoT-caliber device to showcase the ability of an attacker to retrieve the initial state. Following, defenses based on intentional noise, time hopping, and code hopping are proposed. Further computation and memory analysis show the proposed defenses are simple in implementation, but increase complexity for an attacker to the point where reverse engineering the PRNG is likely no longer viable. The next primitive proposed is a block cipher combination technique based on Galois Extension Field multiplication. Using any PRNG to produce the pseudorandom stream, the block cipher combination technique generates a variable sized key matrix to encrypt plaintext. Electronic Codebook (ECB) and Cipher Feedback (CFB) modes of operation are discussed. Both system modes are implemented in MATLAB as well as on a Texas Instruments (TI) MSP430FR5994 microcontroller for hardware validation. A series of statistical tests are then run against the simulation results to analyze overall randomness, including NIST and the Law of the Iterated Logarithm; the system passes both. The implementation on hardware is compared against a stream cipher variation and AES-128. The block cipher proposed outperforms AES-128 in terms of computation time and consumption for small block sizes. While not as secure, the cryptosystem is more scalable to block sizes used in IoT devices. / Master of Science / An Internet-of-Things (IoT) device is a single-purpose computer that operates with less computing resources and sometimes on battery power. The classification of IoT can range anywhere from motion sensors to a doorbell camera, but IoT devices are used in more than just home automation. The medical and industrial spaces use simple wireless computers for a number of tasks as well. One concern with IoT, given the hardware constraints, is the lack of security. Since messages are often transmitted through a wireless medium, anybody could eavesdrop on what is being communicated if data is not encrypted prior to transmission. Cryptography is the practice of taking any string of data and obfuscating it through a process that only valid parties can reverse. The sophistication of cryptographic systems has increased to the point where IoT manufacturers elect to use no security in many cases because the hardware is not advanced enough to run them efficiently. The Advanced Encryption Standard (AES) is usually the choice for security in the IoT space, but typically only higherend devices can afford to use AES. This thesis focuses on alternative lightweight systems to AES. First, a single-stage residue number system (RNS) pseudorandom number generator (PRNG) is analyzed, which has been proven to generate statistically random outputs in previous publications. PRNGs are a cheap method of producing seemingly random outputs through an algorithm once provided with an initial state known as a seed. An intelligent attack on the PRNG is devised, which is able to reverse engineer the initial state, effectively breaking the random behavior. Three defenses against the attack are then implemented to protect against the reported vulnerability. Following, a block cipher combination technique is presented, using the aforementioned PRNG as the source of randomness. A block cipher is a method of encrypting large chunks of data together, to better obfuscate the output. Using a block cipher is more secure than just using a PRNG for encryption. However, PRNGs are used to generate the key for the proposed block cipher, as they offer a more efficient method of security. The combination technique presented serves to increase the security of PRNGs further. The cipher is shown to perform better on an IoT-caliber device in terms of computation time and energy consumption at smaller block sizes than AES.

Block Cipher

Galois Extension Field

Post-Quantum Cryptography

Pseudorandom Number Generator

Residue Number System

Kryptoanalýza algoritmu post-kvantové kryptografie / Cryptoanalysis of a Post-quantum Cryptography Algorithm

Štumpf, Daniel

January 2020

National Institute of Standards and Technology (NIST) is currently running a stan- dardization process for a post-quantum cryptography primitives. Depending on the al- gorithms building blocks these primitives can be divided into five categories. In the first part of this thesis we described all five categories and compared their characteristics. The most important aspect of the schemes for NIST is security against both classical and quantum adversaries. We chose one of the five categories (namely, we picked lattice- based cryptosystems) for further cryptanalysis. As we think that the security analysis of some of the second round candidates in the NIST standardization project is not suffi- ciently well described in their specification documents and some known attacks are not considered at all, we provide a unified security analysis of these schemes. We described two currently known attacks (primal and dual attacks) against lattice-based schemes, estimated cost of these attacks against the lattice-based candidates in the second round of the NIST standardization project and compared these values with the security claimed by these candidates. In most cases our estimations matches those published in the speci- fication documents and therefore we conclude that the security estimates claimed by the candidates are...

Exploring Side-Channel Analysis Targeting FPGA Based RISC-V Architecture : Attempts at Performing Attacks in Preparation for Future PQC Algorithms / Utforska Sidokanalsattacker mot FPGA Baserade RISC-V Arkitekturer : Attackförsök som Förberedelse Inför Framtida PQC Algoritmer

Vilhelmson Näf, Max

January 2021

Many public-key cryptosystems currently in use are threatened by the possibility of large-scale quantum computers being built in the future. To counteract this, a process of developing quantum-resistant cryptographic algorithms is underway. This process also emphasizes the importance of protecting algorithms from Side-Channel Analysis (SCA). National Institute of Standards and Technology (NIST) oversees this process, and candidates for new standards are submitted into a public evaluation to be examined, updated, and possibly eliminated in order to ensure quality and security of the future standard. To develop knowledge of how to prevent SCA on Field Programmable Gate Array (FPGA) targets, this thesis investigated SCA using the ChipWhisperer-lite capture board and a RISC-V architecture synthesized on a PolarFire FPGA development board as the custom target. Various tests and attempts to detect and verify side-channel leakage are presented. Also included is a study and continuation of a previously explored deep neural network-based SCA on Saber Key Encapsulation Mechanism, which is one of the finalists of NIST post-quantum cryptography standardization process. Changes to the network were made to enable attacks using a tenth of the previously used traces for training. In addition, by utilizing t-test, spectrum analysis, and persistence plots, this thesis was able to verify data-dependent leakage from an S-Box implemented on the FPGA target. However, the key extraction using correlation power analysis was not successful, and therefore the hypothesis for mitigation methods could not be explored. As a result, the thesis’ main contribution is to provide a theoretical background and an introduction to the field and its challenges. The lessons learnt and methods used to connect the ChipWhisperer to the FPGA target might save time and facilitate SCA for the more experienced hardware security researchers. Future work should continue to further investigate this field in order to prevent SCA. / Utvecklingen av kvantdatorer hotar många av de konventionella och idag vitt använda krypteringsalgoritmerna. Därför pågår en process att utveckla och standardisera kvantdatorsäkra krypteringsalgoritmer. Som ett viktigt steg i denna process säkerställs även deras motståndskraft mot sidokanalsattacker. Detta sker i en öppen process modererad av National Institute of Standards and Technology. Kandidaterna till de nya algoritmerna utvärderas, justeras och anslås i en öppen process likt en tävling. Målet med detta examensarbete är att bidra med kunskap och insikter kring hur sidokanalsattacker utförs och motverkas. Attacker kommer riktas mot FPGA-hårdvara konfigurerad med en RISC-V arkitektur istället för de vanligt förekommande ChipWhisperer-måltavlorna. Sidokanalsläckage skall först identifieras och verifieras för att motåtgärder skall kunna testas och utvärderas. I arbetet återskapas en tidigare utförd attack med hjälp av neurala nätverk. Den nya återskapade attacken utförs på SaberKEM, men med stor begränsning utav antalet mätserier. Detta examensarbete kunde verifiera läckage ifrån RISC-V arkitekturen när den utförde AES krypteringssteget, S-Box. Verifieringen utfördes genom användning av T-test, spektrumanalys samt studerande av överlapp hos signalerna. Dock lyckades inte attackerna extrahera känslig nyckelinformation från varken S-Box eller lösenordsjämförelser. På grund av att dessa misslyckades kunde inte arbetet fortsätta vidare till testning av hypoteser för motåtgärder. Därför bör bidraget från detta arbete främst ses som en bakgrund och introduktion till ämnet. Kapitlen Introduktion och Bakgrund bör vara en god genomgång för nybörjare för att förstå viktiga begrepp och principer. För de mer erfarna är troligen metoderna för att koppla ihop och konfigurera FPGA-målet mer intressanta. Genom att dra lärdom av arbetets svårigheter, misstag och utmaningar kan tid sparas. Slutligen uppmanas framtida arbeten att utföra attacker på svårare mål utan direkta mätpunkter för att bli bättre på att anfalla och designa säkrare system.

Post-Quantum Cryptography

Field Programmable Gate Array

Neural Network

Learning With Errors/Rounding

Key Encapsulation Mechanism

Post-Quantum Cryptography

Field Programmable Gate Array

Neural Network

Learning With Errors/Rounding

Key Encapsulation Mechanism

Elektroteknik och elektronik

Proposta de aprimoramento para o protocolo de assinatura digital Quartz / Proposal of enhancement for digital signature protocol Quartz

Andrade, Ewerton Rodrigues

27 August 2013

Atualmente, podemos perceber que uma grande dependência dos sistemas desenvolvidos sob a seara da criptografia foi instaurada em todos nós. Principalmente no tocante dos sistemas criptográficos de chave pública, que são vastamente utilizados na Internet. No entanto, a criptografia de chave pública viu-se ameaçada e começou a investigar novas fontes de problemas para seus sistemas quando Shor em 1997 desenvolveu um algoritmo de tempo polinomial para fatorar inteiros e para calcular o logaritmo discreto em um computador quântico. Neste contexto, Patarin propõe a função alçapão HFE (Hidden Field Equations), uma trapdoor baseada nos Problemas MQ (Multivariate Quadratic) e IP (Isomorfismo de Polinômios). Tais problemas não são afetados pelo algoritmo de Shor, além disto o Problema MQ foi demonstrado por Patarin e Goubin como sendo NP-completo. Apesar do HFE ter sua versão básica quebrada, ele apresenta variações -- obtidas através de modificadores genéricos -- resistentes aos principais ataques da atualidade. O Quartz -- esquema de assinatura digital baseado no HFEv-, com escolha especial de parâmetros -- é um bom exemplo desta resistência a ataques algébricos que visem a recuperação da chave privada, pois até hoje permanece seguro. Além de também se destacar por gerar assinaturas curtas. Todavia, Joux e Martinet -- baseados em axiomas do Ataque pelo Paradoxo de Aniversário -- provaram que o Quartz é maleável, demonstrando que caso o adversário possua um par (mensagem, assinatura) válido, ele conseguirá obter uma segunda assinatura com 2^(50) computações e 2^(50) chamadas ao oráculo de assinatura, logo muito abaixo dos padrões de segurança atuais que são de, no mínimo, 2^(112). Desta forma, baseado no Quartz, apresentamos um novo esquema de assinatura digital resistente a ataques adaptativos de mensagem escolhida que realizem chamadas ao oráculo aleatório, com um nível de segurança estimado em 2^(112). Nosso criptossistema proporciona, ainda, um ganho de eficiência no algoritmo de verificação de assinatura e na inicialização dos vetores que serão utilizados pelos algoritmos de assinatura e verificação. Além de, também, disponibilizarmos uma implementação do Quartz Original e do Quartz Aprimorado, na linguagem de programação Java. / Today, we can see that a large dependence of the systems developed under the cryptography was introduced in all of us. Especially in terms of public key cryptosystems, which are widely used on the Internet. However, public key cryptography was threatened and began to investigate new sources of problems for their systems when Shor in 1997 developed a polynomial time algorithm for factoring integers and to compute the discrete logarithm in a quantum computer. In this context, Patarin proposed Hidden Field Equations (HFE), a trapdoor based on MQ (Multivariate Quadratic) and IP (Isomorphism of Polynomials) problems. Such problems are not affected by the Shor algorithm, moreover MQ Problem was demonstrate by Patarin and Goubin as NP-complete. Despite the basic HFE has broken, it varies secure, obtained by generic modification. The Quartz -- digital signature scheme based on HFEv-, with special choice of parameters -- is a good example of this resistance to algebraic attacks aimed at the recovery of the private key, because even today remains secure. Furthermore, it also generates short signatures. However, Joux and Martinet -- based on axioms of Birthday Paradox Attack -- proved that Quartz is malleable, showing that if the adversary has a pair (message, signature) valid, he can get a second signature with 2^(50) computations and 2^(50) calls to the signing oracle, so far the current security standards that are at least 2^(112). Thus, based on Quartz, we present a new digital signature scheme, achieving the adaptive chosen message attacks that make calls to the random oracle, with a secure level estimated at 2^(112). Our cryptosystem also provides an efficiency gain in signature verification algorithm and initialization vectors that will be used for signing and verification algorithms. Further we provide an implementation of Original Quartz and Enhanced Quartz in the Java programming language.

Assinatura Digital

Criptografia Pós-Quântica

Digital Signature

MPKC

MPKC

MQ Problem

Post-Quantum Cryptography

Problema MQ

Quartz

Quartz

Application of linear block codes in cryptography

Esmaeili, Mostafa

19 March 2019

Recently, there has been a renewed interest in code based cryptosystems. Amongst the reasons for this interest is that they have shown to be resistant to quantum at- tacks, making them candidates for post-quantum cryptosystems. In fact, the National Institute of Standards and Technology is currently considering candidates for secure communication in the post-quantum era. Three of the proposals are code based cryp- tosystems. Other reasons for this renewed interest include e cient encryption and decryption. In this dissertation, new code based cryptosystems (symmetric key and public key) are presented that use high rate codes and have small key sizes. Hence they overcome the drawbacks of code based cryptosystems (low information rate and very large key size). The techniques used in designing these cryptosystems include random bit/block deletions, random bit insertions, random interleaving, and random bit ipping. An advantage of the proposed cryptosystems over other code based cryp- tosystems is that the code can be/is not secret. These cryptosystems are among the rst with this advantage. Having a public code eliminates the need for permutation and scrambling matrices. The absence of permutation and scrambling matrices results in a signi cant reduction in the key size. In fact, it is shown that with simple random bit ipping and interleaving the key size is comparable to well known symmetric key cryptosystems in use today such as Advanced Encryption Standard (AES). The security of the new cryptosystems are analysed. It is shown that they are immune against previously proposed attacks for code based cryptosystems. This is because scrambling or permutation matrices are not used and the random bit ipping is beyond the error correcting capability of the code. It is also shown that having a public code still provides a good level of security. This is proved in two ways, by nding the probability of an adversary being able to break the cryptosystem and showing that this probability is extremely small, and showing that the cryptosystem has indistinguishability against a chosen plaintext attack (i.e. is IND-CPA secure). IND-CPA security is among the primary necessities for a cryptosystem to be practical. This means that a ciphertext reveals no information about the corresponding plaintext other than its length. It is also shown that having a public code results in smaller key sizes. / Graduate

cryptography

linear block codes

random bit deletion

random bit insertion

random interleaving

code based encryption

post-quantum encryption

Performance analysis of lattice based post-quantum secure cryptography with Java

Johansson, Alexander

January 2019

Efficient quantum computers will break most of today’s public-key cryptosystems. Therefore, the National Institute of Standards and Technology (NIST) calls for proposals to standardise one or more quantum-secure cryptographic schemes. Eventually, banks must adopt the standardised schemes, but little is known about how efficient such an implementation would be in Java, one of the standard programming languages for banks. In this thesis, we test and evaluate a post-quantum secure encryption scheme known as FrodoKEM, which is based on a hard lattice problem known as Learning With Errors (LWE). We found that a post-quantum secure encryption version of FrodoKEM provides strong theoretical security regarding the criteria given by NIST, and is also sufficiently fast for key generation, encryption and decryption. These results imply that it could be possible to implement these types of post-quantum secure algorithms in high-level programming languages such as Java, demonstrating that we no longer are limited to use low-level languages such as C. Consequently, we can easier and cheaper implement post-quantum secure cryptography.

Cryptography

Post-quantum secure cryptography

Lattice-based cryptography

Learning with errors

Java

Other Computer and Information Science

Annan data- och informationsvetenskap

Post-Quantum Public Key Cryptography for the Internet of Things

Magnusson, Olof, Hurtig, Mats

January 2019

Recent progress in the field of quantum computers provide radically improved muscles to search and sort in lists, solve systems of equations and prime factorize – virtues that inflict an immediate threat to the most common systems for public key cryptography used in a vast proportion of today’s computer networks. NTRUEncrypt is a lattice-based cryptography system which inhibits quantum computers for breaking the algorithm in polynomial time. The cryptographic algorithm is one of the seventeen that passed the first round in the NIST Post-Quantum standardisation competition which serves an indication that this system is robust against the efforts from a cryptanalysist to compromise its security properties. With the development of a server and client application that is built using Python3 integrated with WolfSSL, the results obtained from the experiment show that the suggested model acquires the capabilities to overcome the quantum computers capacities, providing fast quantum-safe asymmetric encryption algorithm for TLS communication in smart homes. The handshake process with NTRUEncrypt and WolfSSL is proven to be significantly faster comparing to other algorithms tested.

Cryptography

Post-quantum lightweight encryption

NTRUEncrypt

WolfSSL

Transport layer security

Application domain

Quantum computers

Computer Systems

Datorsystem

Proposta de aprimoramento para o protocolo de assinatura digital Quartz / Proposal of enhancement for digital signature protocol Quartz

Ewerton Rodrigues Andrade

27 August 2013

Atualmente, podemos perceber que uma grande dependência dos sistemas desenvolvidos sob a seara da criptografia foi instaurada em todos nós. Principalmente no tocante dos sistemas criptográficos de chave pública, que são vastamente utilizados na Internet. No entanto, a criptografia de chave pública viu-se ameaçada e começou a investigar novas fontes de problemas para seus sistemas quando Shor em 1997 desenvolveu um algoritmo de tempo polinomial para fatorar inteiros e para calcular o logaritmo discreto em um computador quântico. Neste contexto, Patarin propõe a função alçapão HFE (Hidden Field Equations), uma trapdoor baseada nos Problemas MQ (Multivariate Quadratic) e IP (Isomorfismo de Polinômios). Tais problemas não são afetados pelo algoritmo de Shor, além disto o Problema MQ foi demonstrado por Patarin e Goubin como sendo NP-completo. Apesar do HFE ter sua versão básica quebrada, ele apresenta variações -- obtidas através de modificadores genéricos -- resistentes aos principais ataques da atualidade. O Quartz -- esquema de assinatura digital baseado no HFEv-, com escolha especial de parâmetros -- é um bom exemplo desta resistência a ataques algébricos que visem a recuperação da chave privada, pois até hoje permanece seguro. Além de também se destacar por gerar assinaturas curtas. Todavia, Joux e Martinet -- baseados em axiomas do Ataque pelo Paradoxo de Aniversário -- provaram que o Quartz é maleável, demonstrando que caso o adversário possua um par (mensagem, assinatura) válido, ele conseguirá obter uma segunda assinatura com 2^(50) computações e 2^(50) chamadas ao oráculo de assinatura, logo muito abaixo dos padrões de segurança atuais que são de, no mínimo, 2^(112). Desta forma, baseado no Quartz, apresentamos um novo esquema de assinatura digital resistente a ataques adaptativos de mensagem escolhida que realizem chamadas ao oráculo aleatório, com um nível de segurança estimado em 2^(112). Nosso criptossistema proporciona, ainda, um ganho de eficiência no algoritmo de verificação de assinatura e na inicialização dos vetores que serão utilizados pelos algoritmos de assinatura e verificação. Além de, também, disponibilizarmos uma implementação do Quartz Original e do Quartz Aprimorado, na linguagem de programação Java. / Today, we can see that a large dependence of the systems developed under the cryptography was introduced in all of us. Especially in terms of public key cryptosystems, which are widely used on the Internet. However, public key cryptography was threatened and began to investigate new sources of problems for their systems when Shor in 1997 developed a polynomial time algorithm for factoring integers and to compute the discrete logarithm in a quantum computer. In this context, Patarin proposed Hidden Field Equations (HFE), a trapdoor based on MQ (Multivariate Quadratic) and IP (Isomorphism of Polynomials) problems. Such problems are not affected by the Shor algorithm, moreover MQ Problem was demonstrate by Patarin and Goubin as NP-complete. Despite the basic HFE has broken, it varies secure, obtained by generic modification. The Quartz -- digital signature scheme based on HFEv-, with special choice of parameters -- is a good example of this resistance to algebraic attacks aimed at the recovery of the private key, because even today remains secure. Furthermore, it also generates short signatures. However, Joux and Martinet -- based on axioms of Birthday Paradox Attack -- proved that Quartz is malleable, showing that if the adversary has a pair (message, signature) valid, he can get a second signature with 2^(50) computations and 2^(50) calls to the signing oracle, so far the current security standards that are at least 2^(112). Thus, based on Quartz, we present a new digital signature scheme, achieving the adaptive chosen message attacks that make calls to the random oracle, with a secure level estimated at 2^(112). Our cryptosystem also provides an efficiency gain in signature verification algorithm and initialization vectors that will be used for signing and verification algorithms. Further we provide an implementation of Original Quartz and Enhanced Quartz in the Java programming language.

Assinatura Digital

Criptografia Pós-Quântica

MPKC

Problema MQ

Quartz

Digital Signature

MPKC

MQ Problem

Post-Quantum Cryptography

Quartz

Implementing and Evaluating the Quantum Resistant Cryptographic Scheme Kyber on a Smart Card / Implementering och utvärdering av den kvantresistenta kryptoalgoritmen Kyber på ett smartkort

Eriksson, Hampus

January 2020

Cyber attacks happen on a daily basis, where criminals can aim to disrupt internet services or in other cases try to get hold of sensitive data. Fortunately, there are systems in place to protect these services. And one can rest assured that communication channels and data are secured under well-studied cryptographic schemes. Still, a new class of computation power is on the rise, namely quantum computation. Companies such as Google and IBM have in recent time invested in research regarding quantum computers. In 2019, Google announced that they had achieved quantum supremacy. A quantum computer could in theory break the currently most popular schemes that are used to secure communication. Whether quantum computers will be available in the forseeable future, or at all, is still uncertain. Nonetheless, the implication of a practical quantum computer calls for a new class of crypto schemes; schemes that will remain secure in a post-quantum era. Since 2016 researchers within the field of cryptography have been developing post-quantum cryptographic schemes. One specific branch within this area is lattice-based cryptography. Lattice-based schemes base their security on underlying hard lattice problems, for which there are no currently known efficient algorithms that can solve them. Neither with quantum, nor classical computers. A promising scheme that builds upon these types of problems is Kyber. The aforementioned scheme, as well as its competitors, work efficiently on most computers. However, they still demand a substantial amount of computation power, which is not always available. Some devices are constructed to operate with low power, and are computationally limited to begin with. This group of constrained devices, includes smart cards and microcontrollers, which also need to adopt the post-quantum crypto schemes. Consequently, there is a need to explore how well Kyber and its relatives work on these low power devices. In this thesis, a variant of the cryptographic scheme Kyber is implemented and evaluated on an Infineon smart card. The implementation replaces the scheme’s polynomial multiplication technique, NTT, with Kronecker substitution. In the process, the cryptographic co-processor on the card is leveraged to perform Kronecker substitution efficiently. Moreover, the scheme’s original functionality for sampling randomness is replaced with the card’s internal TRNG. The results show that an IND-CPA secure variant of Kyber can be implemented on the smart card, at the cost of segmenting the IND-CPA functions. All in all, key generation, encryption, and decryption take 23.7 s, 30.9 s and 8.6 s to execute respectively. This shows that the thesis work is slower than implementations of post-quantum crypto schemes on similarly constrained devices.

post-quantum

cryptography

lattice-based cryptography

quantum-resistant

Kyber

constrained device

performance

evaluation

implementation

Communication Systems

Kommunikationssystem

An Investigation of Methods to Improve Area and Performance of Hardware Implementations of a Lattice Based Cryptosystem

Beckwith, Luke Parkhurst

05 November 2020

With continuing research into quantum computing, current public key cryptographic algorithms such as RSA and ECC will become insecure. These algorithms are based on the difficulty of integer factorization or discrete logarithm problems, which are difficult to solve on classical computers but become easy with quantum computers. Because of this threat, government and industry are investigating new public key standards, based on mathematical assumptions that remain secure under quantum computing. This paper investigates methods of improving the area and performance of one of the proposed algorithms for key exchanges, "NewHope." We describe a pipelined FPGA implementation of NewHope512cpa which dramatically increases the throughput for a similar design area. Our pipelined encryption implementation achieves 652.2 Mbps and a 0.088 Mbps/LUT throughput-to-area (TPA) ratio, which are the best known results to date, and achieves an energy efficiency of 0.94 nJ/bit. This represents TPA and energy efficiency improvements of 10.05× and 8.58×, respectively, over a non-pipelined approach. Additionally, we investigate replacing the large SHAKE XOF (hash) function with a lightweight Trivium based PRNG, which reduces the area by 32% and improves energy efficiency by 30% for the pipelined encryption implementation, and which could be considered for future cipher specifications. / Master of Science / Cryptography is prevalent in almost every aspect of our lives. It is used to protect communication, banking information, and online transactions. Current cryptographic protections are built specifically upon public key encryption, which allows two people who have never communicated before to setup a secure communication channel. However, due to the nature of current cryptographic algorithms, the development of quantum computers will make it possible to break the algorithms that secure our communications. Because of this threat, new algorithms based on principles that stand up to quantum computing are being investigated to find a suitable alternative to secure our systems. These algorithms will need to be efficient in order to keep up with the demands of the ever growing internet. This paper investigates four hardware implementations of a proposed quantum-secure algorithm to explore ways to make designs more efficient. The improvements are valuable for high throughput applications, such as a server which must handle a large number of connections at once.

Post Quantum Cryptography

NewHope

Field programmable gate arrays

Cryptography

Pipelined Architecture

Trivium

Random Number Generation

Register Transfer Level Design

NIST