Global ETD Search

51	Postkvantové šifry / Post-Quantum Ciphers Novosadová, Tatiana January 2021 (has links) Národný inštitút pre štandardy a technológie (NIST) zahájil proces na získanie, vyhodnotenie a štandardizáciu jedného alebo viacerých kryptografických algoritmov využívajúcich verejný kľúč prostredníctvom verejnej súťaže. Cieľom tejto dimplomovej práce je naštudovať dostupné postkvantové algoritmy pre ustanovenie kľúča, ktoré boli zverejnené v treťom kole tejto súťaže. Po dôkladnej analýze a porovnaní bol jeden zo študovaných algoritmov implementovaný s využitím knižníc dostupných pre daný algoritmus, následne bol program optimalizovaný a zdokumentovaný.
52	Migration of Signing Algorithms : An investigation in migration of signing algorithms used in certificate authorities. / Migration av signeringsalgoritmer : Undersökning av migration av signeringsalgoritmer som används av certifkatauktoriteter. Hassan, Yusuf January 2019 (has links) The migration of signing algorithms is a process which can be used to move from signing algorithms which are regarded as less safe to algorithms which are regarded as safer. The safety of cryptographic algorithms has been compromised before, algorithms such as SHA-1 has been proven to be broken. The goal of this study was to find criteria that could define a successful migration as well as evaluating a method to perform a migration. The criteria were found by evaluating related works found in an RFC document as well as in a Springer conference paper. The criteria that was found was the following: backwards compatibility, no downtime, no need for mass revocation, no need for strict scheduling and no extra overhead. The evaluated method utilized a construct called a multiple key certificate; it was chosen because it conformed to most of the found criteria. The multiple key certificate utilized two different key pairs, one generated from a conventional algorithm and the other using an alternative algorithm, it also conformed to the x.509 standard. The alternative algorithm could be chosen to be a post quantum algorithm. The prototype was tested for time overhead, memory overhead and backward compatibility. The results of testing to sign and verify 10 000 certificates as well as examining the file size of the certificate showed that the choice of alternative algorithm heavily affects the time overhead of the prototype certificate. The multiple key certificate also proved to be backwards compatible with widely used applications. This solution has proven itself to act in accordance to all the newly established criterion except for the criterion regarding overhead however, alternative algorithms could be strategically chosen to minimize overhead. The multiple key certificate seems to be a successful way to migrate signing algorithms. / Migration av signeringsalgoritmer som används i certifikat är en process som kan behövas när en signeringsalgoritm som är mindre säker ska ersättas med en som är mer säker. Säkerheten som återfinns hos kryptografiska algoritmer har brutits förut, algoritmer såsom SHA-1 har bevisats vara osäkra. Målet med denna studie var att ta fram kriterier som kan definiera en lyckad migration samt evaluera en metod som kan användas för att utföra en migration. Kriterierna togs fram genom att studera tidigare arbeten inom migration av signeringsalgoritmer, dessa arbeten återfinns hos RFC dokument samt konferensrapporter från Springer. Kriterierna som togs fram var följande: kompatibilitet med äldre system, ingen nertid, inget behov av massrevokering, inget behov av strikta tidsscheman samt ingen extra omkostnad. Metoden som utvärderades kallas för flernyckels certifikat. Den valdes för att den följde flest av de nyfunna kriterierna. Lösningen utnyttjar två olika nyckelpar, nämligen ett nyckelpar som har genererats med en konventionell algoritm samt ett nyckelpar som har genererats med en alternativ algoritm. Lösningen följer även x.509 standarden. Den alternativa algoritmen kan väljas så att den är postkvantum. Prototypen testades för omkostnad i tid samt minne genom att signera och verifiera 10 000 certifikat samt att titta på certifikatens filstorlek. Prototypen testades även för kompatibilitet med kända applikationer. Resultaten visade att valet av alternativa algoritmer hade stor påverkan på omkostnaderna. Tester visade att prototypen var kompatibel med applikationer som används i stor utsträckning. Lösningen verkade följa alla nyfunna kriterier förutom kriteriet angående omkostnad men den alternativa algoritmen kan strategiskt väljas för att minimera omkostnaden. Prototypen verkar vara ett lyckat sätt att migrera signeringsalgoritmer. signing algorithm migration post-quantum certificate x.509 backwards compatibility signeringsalgoritm signeringsalgoritmer migration postkvantum certifikat x.509 kompatibilitet Software Engineering Programvaruteknik
53	A Side Channel Attack on a Higher-Order Masked Software Implementation of Saber / En Sidokanalsattack på en Högre-Ordnings Maskad Mjukvaruimplementation av Saber Paulsrud, Nils January 2022 (has links) One of the key security aspects which must be evaluated for cryptosystems is their resistance against side-channel attacks. Masking is a commonly used countermeasure against side-channel attacks, in which the secret to be protected is partitioned into multiple shares using random “masks”. A k-order masked implementation uses k+1 shares. Masked implementations are available for the key encapsulation mechanism of Saber, a finalist in the NIST post-quantum cryptography standardization project. Though Saber has not been selected for standardization, it is similar to the selected CRYSTALS-Kyber, and may therefore have similar leakage. In this thesis, a side-channel attack against a higher-order masked implementation of Saber is attempted. A previous attack on first-order masked Saber using a deep learning-based approach is used as a starting point, though differences in the implementations make the attack not directly applicable to the higher-order case. A byte-wise leakage is found in the higher-order masked implementation, and two different attacks on this leakage point are considered. The first uses the Hamming weights of bytes and is able to recover Hamming weights of individual shares but not the complete message or secret keys from 2nd-order masked Saber. The other uses a method from a different previous side-channel attack in which message bytes are recovered using biased deep learning models. This method successfully recovers all message bytes from 1st-order masked Saber and is shown to successfully recover byte values from 2nd-order masked Saber by training multiple biased models and selecting the best performing models from these, though this also requires a much larger amount of attack data than the 1st-order masking case. This shows that a bytewise leakage in higher-order masked Saber can be exploited using a power analysis side-channel attack, though recovering the complete message and secret keys remains as future work. / En av de främsta säkerhetsaspekterna som måste utvärderas för krypteringsalgoritmer är resistens mot sidokanalsattacker. Maskning är en av de vanligaste åtgärderna för att skydda mot sidokanalsattacker, där känslig information partitioneras i flera delar med hjälp av slumpmässiga värden. En maskning av ordning k använder k+1 delar. Maskade implementationer finns tillgängliga för Saber, en av finalisterna NISTs postkvantkryptografiska standardiseringsprojekt. Saber har inte valts som standard, men har många likheter med den valda standarden CRYSTALS-Kyber och kan därför ha liknande sårbarheter. I detta examensarbete utförs en sidokanalsattack på en högre ordnings maskad implementation av Saber. En tidigare attack på första ordningens maskad Saber används som utgångspunkt, men skillnader i implementationen gör att denna attack inte kan användas direkt. Ett läckage på byte-nivå hittads i den högre ordnings maskade implementationen, och två olika attacker utförs. Den första, som använder Hammingvikten av en byte i meddelandet, kunde erhålla Hammingvikterna för individuella delar av det maskade meddelandet, men inte det ursprungliga meddelandet. Den andra attacken använder en metod från en tidigare sidokanalsattack där meddelanden kunde erhållas med hjälp av partiska djupinlärningsmodeller. Den här metoded kunde användas för att erhålla alla bytevärden från meddelandet med fösta ordningens maskning. Med betydligt mer data och genom att träna ett flertal djupinlärningsmodeller och sedan välja de bästa från bland dessa kunda även vissa bytevärden erhållas från andra ordningens maskning. Detta visar att denna svaghet på byte-nivå kan användas vid en attack på högre ordnings maskad Saber, men det återstår att extrahera hela meddelandet och hemliga nycklar. Post-quantum cryptography Saber KEM Side-channel attack Power analysis Higher-order masking Postkvantkryptografi Saber KEM Sidokanalsattack Effektanalys Högre ordnings maskning Computer and Information Sciences Data- och informationsvetenskap
54	Gaussian sampling in lattice-based cryptography / Le Gaussian sampling dans la cryptographie sur les réseaux euclidiens Prest, Thomas 08 December 2015 (has links) Bien que relativement récente, la cryptographie à base de réseaux euclidiens s’est distinguée sur de nombreux points, que ce soit par la richesse des constructions qu’elle permet, par sa résistance supposée à l’avènement des ordinateursquantiques ou par la rapidité dont elle fait preuve lorsqu’instanciée sur certaines classes de réseaux. Un des outils les plus puissants de la cryptographie sur les réseaux est le Gaussian sampling. À très haut niveau, il permet de prouver qu’on connaît une base particulière d’un réseau, et ce sans dévoiler la moindre information sur cette base. Il permet de réaliser une grande variété de cryptosystèmes. De manière quelque peu surprenante, on dispose de peu d’instanciations pratiques de ces schémas cryptographiques, et les algorithmes permettant d’effectuer du Gaussian sampling sont peu étudiés. Le but de cette thèse est de combler le fossé qui existe entre la théorie et la pratique du Gaussian sampling. Dans un premier temps, nous étudions et améliorons les algorithmes existants, à la fois par une analyse statistique et une approche géométrique. Puis nous exploitons les structures sous-tendant de nombreuses classes de réseaux, ce qui nous permet d’appliquer à un algorithme de Gaussian sampling les idées de la transformée de Fourier rapide, passant ainsi d’une complexité quadratique à quasilinéaire. Enfin, nous utilisons le Gaussian sampling en pratique et instancions un schéma de signature et un schéma de chiffrement basé sur l’identité. Le premierfournit des signatures qui sont les plus compactes obtenues avec les réseaux à l’heure actuelle, et le deuxième permet de chiffrer et de déchiffrer à une vitesse près de mille fois supérieure à celle obtenue en utilisant un schéma à base de couplages sur les courbes elliptiques. / Although rather recent, lattice-based cryptography has stood out on numerous points, be it by the variety of constructions that it allows, by its expected resistance to quantum computers, of by its efficiency when instantiated on some classes of lattices. One of the most powerful tools of lattice-based cryptography is Gaussian sampling. At a high level, it allows to prove the knowledge of a particular lattice basis without disclosing any information about this basis. It allows to realize a wide array of cryptosystems. Somewhat surprisingly, few practical instantiations of such schemes are realized, and the algorithms which perform Gaussian sampling are seldom studied. The goal of this thesis is to fill the gap between the theory and practice of Gaussian sampling. First, we study and improve the existing algorithms, byboth a statistical analysis and a geometrical approach. We then exploit the structures underlying many classes of lattices and apply the ideas of the fast Fourier transform to a Gaussian sampler, allowing us to reach a quasilinearcomplexity instead of quadratic. Finally, we use Gaussian sampling in practice to instantiate a signature scheme and an identity-based encryption scheme. The first one yields signatures that are the most compact currently obtained in lattice-based cryptography, and the second one allows encryption and decryption that are about one thousand times faster than those obtained with a pairing-based counterpart on elliptic curves. Cryptographie à clé publique Réseaux euclidiens Signatures numériques Chiffrement basé sur l'identité Cryptographie post-quantique Cryptographie basée sur les réseaux Gaussian sampling Algorithmes Public-key cryptography Lattices Digital signatures Identity-based encryption Post-quantum cryptography Lattice-based cryptography 005.8
55	A Side-Channel Attack on Masked and Shuffled Implementations of M-LWE and M-LWR Cryptography : A case study of Kyber and Saber / En sidokanalsattack på implementationer av M-LWE- och M-LWR-kryptografi skyddade med maskering och slumpad operationsordning : En studie av Kyber och Saber Backlund, Linus January 2023 (has links) In response to the threat of a future, large-scale, quantum computer, the American National Institute of Standards and Technology (NIST) initiated a competition for designs of quantum-resistant cryptographic primitives. In 2022, the lattice-based Module-Learning With Errors (M-LWE) scheme Kyber emerged as the winner to be standardized. The standardization procedure and development of secure implementations call for thorough evaluation and research. One of the main threats to implementations of cryptographic algorithms today is Side-Channel Analysis (SCA), which is the topic of this thesis. Previous work has presented successful power-based attacks on implementations of lattice cryptography protected by masking and even masking combined with shuffling. Shuffling makes SCA harder as the order of independent instructions is randomized, reducing the correlation between operations and power consumption. This randomization is commonly implemented by shuffling the order of the indexes used to iterate over a loop, using the modern Fisher-Yates algorithm. This work describes a new attack that defeats the shuffling countermeasure by first attacking the generation of the index permutation itself. The attack first recovers the positions of the first and last indexes, 0 and 255, and then rotates the encrypted messages using a ciphertext malleability applicable to many ring-based LWE schemes to shift two bits into the known positions from which they can be recovered. This procedure is repeated to recover full messages in 128 rotations. The attack is tested and evaluated on masked and shuffled implementations of Kyber as well as Saber, another similar finalist of the NIST competition which is based on the Module-Learning With Rounding (M-LWR) problem. Compared to the previous attack on masked and shuffled Saber, which required 61,680 traces, the 4,608 needed for this attack demonstrates a 13-fold improvement. / Som svar på hotet från en framtida, storskalig kvantdator initierade amerikanska National Institute of Standards and Technology (NIST) en tävling för design av kvantsäker kryptografi. Den gitter-baserade Module-Learning With Errors algoritmen Kyber valdes 2022 till vinnare och därmed till att standardiseras. Standardiseringsprocessen och utvecklingen av säkra implementationer manar till utvärderingar och forskning. Ett av de primära hoten mot implementationer av kryptografiska algoritmer är sidokanalsanalys, vilket är fokus i detta arbete. Tidigare attacker har genom effektanalys demonsterat lyckade attacker på implementationer av gitter-baserade algoritmer skyddade genom maskering samt maskering och slumpad ordning av operationer. Slumpad ordning av oberoende operationer gör sidokanalsanalys svårare då korrelationen till effektförbrukningen minskar. Denna slumpordning brukar vanligtiv implementeras genom att slumpmässigt permutera, med den moderna implementationen av Fisher-Yates, de index som används i en kodslinga. I detta arbete presenteras en ny attack som till först extraherar positionen av det första och det sista indexen, 0 och 255, innan de två motsvarande meddelandebitarna extraheras. Bitarna i meddelandet roteras till de kända positionerna med en metod för skiffertextmanipulation som är vanlig bland ring-baserade LWE-designer. Denna process upprepas 128 gånger för att få fram hela meddelandet. Attacken has testats och utvärderats på implementationer, skyddade genom maskering kombinerad med slumpad operationsordning, av både Kyber och en liknande NIST-finalist, Saber. Jämfört med den tidigare attacken på Saber med samma skyddsåtgärder minskar den nya metoden det antal mätningar som krävs från 61,608 till 4,608, vilket motsvarar en 13-falding förbättring. Public-key Cryptography Post-Quantum Cryptography Kyber Saber Side-Channel Attack Power Analysis Asymetrisk Kryptering Kvantsäker Kryptografi Kyber Saber Sidokanalsattack Effektanalys Elektroteknik och elektronik
56	Implantation sécurisée de protocoles cryptographiques basés sur les codes correcteurs d'erreurs / Secure implementation of cryptographic protocols based on error-correcting codes Richmond, Tania 24 October 2016 (has links) Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape / The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step Cryptographie à clé publique Cryptosystème de McEliece Codes de Goppa (classiques) Cryptographie post-quantique Attaque par canal auxiliaire (/ caché) Attaque temporelle Attaque par analyse de consommation Contre-mesure Public key cryptography McEliece cryptosystem Goppa codes Post-quantum cryptography Side-channel attacks Timing attack Power analysis attack Countermeasure
57	Securing Wireless Communication via Information-Theoretic Approaches: Innovative Schemes and Code Design Techniques Shoushtari, Morteza 21 June 2023 (has links) (PDF) Historically, wireless communication security solutions have heavily relied on computational methods, such as cryptographic algorithms implemented in the upper layers of the network stack. Although these methods have been effective, they may not always be sufficient to address all security threats. An alternative approach for achieving secure communication is the physical layer security approach, which utilizes the physical properties of the communication channel through appropriate coding and signal processing. The goal of this Ph.D. dissertation is to leverage the foundations of information-theoretic security to develop innovative and secure schemes, as well as code design techniques, that can enhance security and reliability in wireless communication networks. This dissertation includes three main phases of investigation. The first investigation analyzes the finite blocklength coding problem for the wiretap channel model which is equipped with the cache. The objective was to develop and analyze a new wiretap coding scheme that can be used for secure communication of sensitive data. Secondly, an investigation was conducted into information-theoretic security solutions for aeronautical mobile telemetry (AMT) systems. This included developing a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system, as well as examining the potential of post-quantum cryptography approaches as future secrecy solutions for AMT systems. The investigation focused on exploring code-based techniques and evaluating their feasibility for implementation. Finally, the properties of nested linear codes in the wiretap channel model have been explored. Investigation in this phase began by exploring the duality relationship between equivocation matrices of nested linear codes and their corresponding dual codes. Then a new coding algorithm to construct the optimum nested linear secrecy codes has been invented. This coding algorithm leverages the aforementioned duality relationship by starting with the worst nested linear secrecy codes from the dual space. This approach enables us to derive the optimal nested linear secrecy code more efficiently and effectively than through a brute-force search for the best nested linear secrecy codes directly. Wireless communication security information-theoretic security wiretap channel wiretap caching channel secrecy coding error-correction coding coset coding aeronautical mobile telemetry security post-quantum cryptosystems cryptographic algorithms nested linear codes duality relationship in coding theory dual codes optimum nested linear secrecy codes Engineering

Page generated in 0.0507 seconds