Algorithms and arithmetic for the implementation of cryptographic pairings
Size: px
Start display at page:

Download "Algorithms and arithmetic for the implementation of cryptographic pairings"

Transcription

1 Cairn seminar November 29th, 2013 Algorithms and arithmetic for the implementation of cryptographic pairings Nicolas Estibals CAIRN project-team, IRISA

2 What is an elliptic curve? O N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

3 What is an elliptic curve? O Q P N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

4 What is an elliptic curve? O L P,Q Q P N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

5 What is an elliptic curve? O Q R L P,Q P N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

6 What is an elliptic curve? O V R Q R L P,Q P N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

7 What is an elliptic curve? O V R Q R L P,Q P R = P + Q N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 1 / 21

8 Elliptic Curve Cryptography Discrete Logarithm Problem (DLP) Let G be a cyclic group, P a generator, given Q G, it is supposed to be hard to compute a such that Q = [a]p N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 2 / 21

9 Elliptic Curve Cryptography Discrete Logarithm Problem (DLP) Let G be a cyclic group, P a generator, given Q G, it is supposed to be hard to compute a such that Q = [a]p Use this hard problem to design cryptographic protocols Diffie Hellman key exchange: Alice generates a secret integer a Alice sends [a]p to Bob Bob generates a secret integer b Bob sends [b]p to Alice Alice computes [a][b]p Bob computes [b][a]p They both share the same secret: [ab]p N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 2 / 21

10 What is a pairing? Pairing e(.,.) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 3 / 21

11 What is a pairing? Pairing e(.,.) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 3 / 21

12 What is a pairing? Pairing e(.,.) Cryptographic interest: Mixing two secrets without having to know them e([a]p, [b]q) = e(p, Q) ab [ a]p [ b]q e e(p, Q) ab N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 3 / 21

13 What is a pairing? Pairing e(.,.) Cryptographic interest: Mixing two secrets without having to know them e([a]p, [b]q) = e(p, Q) ab [ a]p [ b]q e e(p, Q) ab Useful for advanced protocols short signature electronic voting electronic money... N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 3 / 21

14 Example: Short signature PKI P ap Alice a Bob N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

15 Example: Short signature PKI P ap Alice a Bob N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

16 Example: Short signature PKI P ap Alice a Bob Message digest D N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

17 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

18 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

19 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

20 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

21 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D D ad N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

22 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D D ap ad P N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

23 Example: Short signature PKI P ap Alice a Bob Signature: Message digest ad D D ad ê(d, apap) ê(ad, P P) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 4 / 21

24 Security considerations DLP should be hard on all the groups involved N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 5 / 21

25 Security considerations DLP should be hard on all the groups involved Security measurement number of operations to break a cryptosystem today s recommendation: 128-bit security operations N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 5 / 21

26 Why cryptography and hardware implementations? I Growth of numeric exchanges many applications? bank services? secure firmware updates? personal communications?... many targets? embedded electronics? smart cards? smartphones? computers, servers I Security implies non-trivial computations I Need for hardware implementations CPUs may be inadequate limited resources N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 6 / 21

27 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

28 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

29 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

30 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) Different designs for the same computation optimized for latency optimized for compactness Computation time Area N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

31 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) Different designs for the same computation optimized for latency optimized for compactness Computation time Area N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

32 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) Different designs for the same computation optimized for latency optimized for compactness Computation time Area N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

33 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) Different designs for the same computation optimized for latency optimized for compactness Computation time Area N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

34 Hardware implementation Our target: Field Programmable Gate Array (FPGA) integrated circuit matrix of simple configurable logic cells programmable interconnection Performance metric time (ms) area (slices) time area product Different designs for the same computation optimized for latency optimized for compactness optimized for throughput Computation time Area N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 7 / 21

35 Contributions Fast accelerator for pairings [CHES 2009, IEEE TC 2011] Joint work with Beuchat, Detrey, Okamoto and Rodríguez-Henríquez parallel architecture pipelined subquadratic multiplier Compact design for pairings reaching 128-bit security composite extension fields [Paring 2010] hyperelliptic curves [CT-RSA 2012] Joint work with Aranha, Beuchat and Detrey Formulae for sub-quadratic multiplication [WAIFI 2012] Joint work with Barbulescu, Detrey and Zimmermann exhaustive search improved formulae for F 3 5m N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 8 / 21

36 Contributions Fast accelerator for pairings [CHES 2009, IEEE TC 2011] Joint work with Beuchat, Detrey, Okamoto and Rodríguez-Henríquez parallel architecture pipelined subquadratic multiplier Compact design for pairings reaching 128-bit security composite extension fields [Paring 2010] hyperelliptic curves [CT-RSA 2012] Joint work with Aranha, Beuchat and Detrey Formulae for sub-quadratic multiplication [WAIFI 2012] Joint work with Barbulescu, Detrey and Zimmermann exhaustive search improved formulae for F 3 5m N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 8 / 21

37 Outline of the talk Compact design through composite extension fields Pipelined subquadratic multiplier Conclusion and Perspectives N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 9 / 21

38 An arithmetic coprocessor Register file Linear operations addition / subtraction Frobenius ( ) 3 Parallel serial multiplier D coeffs / cycle 509/D cycles / product For a supersingular elliptic curve over F Only need arithmetic operations in F implement a specialized processor Multiplication is critical separate linear operations and multiplications careful scheduling to keep multiplier busy Operation count (.) (.) 1 1 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 10 / 21

39 An arithmetic coprocessor Register file Linear operations addition / subtraction Frobenius ( ) 3 Parallel serial multiplier D coeffs / cycle 509/D cycles / product For a supersingular elliptic curve over F Only need arithmetic operations in F implement a specialized processor Multiplication is critical separate linear operations and multiplications careful scheduling to keep multiplier busy Operation count (.) (.) 1 1 Inverse is only needed once: Itoh Tsujii algorithm no need for hardware support N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 10 / 21

40 An arithmetic coprocessor Register file Linear operations addition / subtraction Frobenius ( ) 3 Parallel serial multiplier D coeffs / cycle 509/D cycles / product For a supersingular elliptic curve over F Only need arithmetic operations in F implement a specialized processor Multiplication is critical separate linear operations and multiplications careful scheduling to keep multiplier busy Operation count (.) (.) 1 1 Inverse is only needed once: Itoh Tsujii algorithm no need for hardware support Synthesis results for F 3 509: 9625 slices almost fully occupy a Virtex 6 LX 75 T (82%) computation time: 4 ms N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 10 / 21

41 Detailed architecture of the coprocessor (char. 3) c 0 c 5 c 6 A $0 $1 $2 $3 A 1 c 14 c c 17 c c c 25 c 26 c c 28 c 29 c 30 c 7 c 12 c 13 B $62 1 B c x 3 c 21 c 20 x (mod f ) x 2 x 3 x 13 x 14 (mod f ) (mod f ) (mod f ) (mod f ) DPRAM c 22 c x 3 c c 24 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 11 / 21

42 Detailed architecture of the coprocessor (char. 3) c 0 c 5 c 6 A $0 $1 $2 $3 A 1 c 14 c c 17 c c c 25 c 26 c c 28 c 29 c 30 c 7 c 12 c 13 B $62 1 B c x 3 c 21 c 20 x (mod f ) x 2 x 3 x 13 x 14 (mod f ) (mod f ) (mod f ) (mod f ) DPRAM c 22 c x 3 c c 24 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 11 / 21

43 Detailed architecture of the coprocessor (char. 3) 0 1 c 17 c c 0 c 5 c 6 A $0 $1 $2 $3 A c 14 c c 18 c c 26 c c 28 c 29 c 30 c 7 c 12 c 13 B $62 1 B c x 3 c 21 c 20 x (mod f ) x 2 x 3 x 13 x 14 (mod f ) (mod f ) (mod f ) (mod f ) DPRAM c x 3 c c c 24 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 11 / 21

44 Detailed architecture of the coprocessor (char. 3) 0 1 c 17 c c 0 c 5 c 6 A $0 $1 $2 $3 A c 14 c c 18 c c 26 c c 28 c 29 c 30 c 7 c 12 c 13 B $62 1 B c x 3 c 21 c 20 x (mod f ) x 2 x 3 x 13 x 14 (mod f ) (mod f ) (mod f ) (mod f ) DPRAM c x 3 c c c 24 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 11 / 21

45 Field of composite extension degree F Software F Hardware F 3 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 12 / 21

46 Field of composite extension degree F F Provides some arithmetic advantages smaller datapath Software F Hardware F F 3 97 F 3 F 3 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 12 / 21

47 Field of composite extension degree F F Provides some arithmetic advantages smaller datapath efficient multiplication algorithm Software F Hardware F Subquadratic multiplication F 3 97 Quadratic multiplication F 3 F 3 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 12 / 21

48 Field of composite extension degree F F Provides some arithmetic advantages smaller datapath efficient multiplication algorithm Allows supplementary attacks on the curve with limited effect on security Software F Hardware F Subquadratic multiplication F 3 97 Quadratic multiplication F 3 F 3 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 12 / 21

49 Field of composite extension degree F F Provides some arithmetic advantages smaller datapath efficient multiplication algorithm Allows supplementary attacks on the curve with limited effect on security Results 1848 slices of the same Virtex 6 LX (15%) 5.2 times smaller compute a pairing in 1.6 ms 2.5 times faster Software F Hardware F F 3 97 Subquadratic multiplication Quadratic multiplication F 3 F 3 N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 12 / 21

50 Benchmarks F Computation time [ms] Pairing implementations at 128 bits of security on Virtex Area [ 10 3 slices] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

51 Benchmarks F Computation time [ms] [Est10] Pairing implementations at 128 bits of security on Virtex Area [ 10 3 slices] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

52 Benchmarks [Est10] F Computation time [ms] [Est10] Pairing implementations at 128 bits of security on Virtex Area [ 10 3 slices] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

53 Benchmarks [Est10] F Computation time [ms] [Est10] [FVV12] [Che+11] [GVR13] Pairing implementations at 128 bits of security on Virtex 6 [Yao+13] Area [ 10 3 slices] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

54 Benchmarks [Est10] F Computation time [ms] 3 2 [Est10] [FVV12] Pairing implementations at 128 bits of security on Virtex 6 1 [Che+11] [GVR13] [Yao+13] [AHN13] [GRD11] Area [ 10 3 slices] [AHN13] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

55 Benchmarks [Est10] F Computation time [ms] 3 2 [Ara+12] [Est10] [FVV12] Pairing implementations at 128 bits of security on Virtex 6 1 [Che+11] [GVR13] [Yao+13] [AHN13] [GRD11] Area [ 10 3 slices] [AHN13] N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 13 / 21

56 Outline of the talk Compact design through composite extension fields Pipelined subquadratic multiplier Conclusion and Perspectives N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 14 / 21

57 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

58 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A B A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

59 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A H A A L B H B B L A B A H B H X 2n + (A H B L + A L B H )X n + A L B L N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

60 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A H A A L B H B B L A B A H B H X 2n + (A H B L + A L B H )X n + A L B L ab + a b = (a + a )(b + b ) ab a b A H B H X 2n + ((A H + A L )(B H + B L ) A H B H A L B L )X n + A L B L N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

61 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A H A A L B H B B L A B A H B H X 2n + (A H B L + A L B H )X n + A L B L ab + a b = (a + a )(b + b ) ab a b A H B H X 2n + ((A H + A L )(B H + B L ) A H B H A L B L )X n + A L B L N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

62 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A H A A L B H B B L A B A H B H X 2n + (A H B L + A L B H )X n + A L B L ab + a b = (a + a )(b + b ) ab a b A H B H X 2n + ((A H + A L )(B H + B L ) A H B H A L B L )X n + A L B L N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

63 Finite field representation and Karatsuba s formula Small characteristic fields Polynomial basis representation Multiplication is critical make use of fast arithmetic Karatsuba algorithm for polynomials A H A A L B H B B L A B A H B H X 2n + (A H B L + A L B H )X n + A L B L ab + a b = (a + a )(b + b ) ab a b A B A H B H X 2n + ((A H + A L )(B H + B L ) A H B H A L B L )X n + A L B L N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 15 / 21

64 Odd even split for Karatsuba multiplication A B A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 16 / 21

65 Odd even split for Karatsuba multiplication A B A O A E B O B E A B (A O B O X 2 + A E B E ) + X (A O B E + A E B O ) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 16 / 21

66 Odd even split for Karatsuba multiplication A B A O A E B O B E A B (A O B O X 2 + A E B E ) + X (A O B E + A E B O ) ab + a b = (a + a )(b + b ) ab a b (A O B O X 2 + A E B E ) + X ((A O + A E )(B O + B E ) A O B O A E B E ) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 16 / 21

67 Odd even split for Karatsuba multiplication A B A O A E B O B E A B (A O B O X 2 + A E B E ) + X (A O B E + A E B O ) ab + a b = (a + a )(b + b ) ab a b (A O B O X 2 + A E B E ) + X ((A O + A E )(B O + B E ) A O B O A E B E ) N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 16 / 21

68 Odd even split for Karatsuba multiplication A B A O A E B O B E A B (A O B O X 2 + A E B E ) + X.(A.. O B E + A E B O ) ab + a b = (a + a )(b + b ) ab a b... (A O B O X 2 + A E B E ) + X ((A O + A E )(B O + B E ) A O B O A E B E )... A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 16 / 21

69 Multiplier architecture Karatsuba-like algorithm: split the operands compute the subproducts recompose the result Fully parallel evaluation of the subproducts A B Splitter Recomposer A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 17 / 21

70 Multiplier architecture Karatsuba-like algorithm: split the operands compute the subproducts recompose the result Fully parallel evaluation of the subproducts A B Recursive scheme eventually use different multiplication algorithms end with the quadratic paper-and-pencil algorithm Splitter Recomposer Splitter Splitter Recomposer Recomposer A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 17 / 21

71 Multiplier architecture Karatsuba-like algorithm: split the operands compute the subproducts recompose the result Fully parallel evaluation of the subproducts A B Recursive scheme eventually use different multiplication algorithms end with the quadratic paper-and-pencil algorithm Splitter Recomposer Splitter Splitter Recomposer Pipelined with the help of optional registers cut the critical path increase the frequency Recomposer A B N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 17 / 21

72 Multiplier architecture Karatsuba-like algorithm: split the operands compute the subproducts recompose the result Fully parallel evaluation of the subproducts A B Recursive scheme eventually use different multiplication algorithms end with the quadratic paper-and-pencil algorithm Splitter Recomposer Splitter Splitter Recomposer Pipelined with the help of optional registers cut the critical path increase the frequency Generated VHDL code work for all small-characteristic fields compare different recursions configurable pipeline depth Recomposer N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 17 / 21 A B

73 Outline of the talk Compact design through composite extension fields Pipelined subquadratic multiplier Conclusion and Perspectives N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 18 / 21

74 Conclusion Hardware implementations of pairing N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 19 / 21

75 Conclusion Hardware implementations of pairing General method for cryptographic implementations study mathematical structures fix parameters thanks to cryptanalysis algorithmic optimizations choose the right arithmetic representation implement different hardware accelerators N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 19 / 21

76 Perspectives Lower-level architecture FPGA is a good prototyping platform but with limited uses in real-life devices develop skills in ASIC designs power consumption awareness N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 20 / 21

77 Perspectives Lower-level architecture FPGA is a good prototyping platform but with limited uses in real-life devices develop skills in ASIC designs power consumption awareness Integrate side-channel counter-measures side-channel attacks are very effective threats embedded systems need to be protected N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 20 / 21

78 Perspectives Lower-level architecture FPGA is a good prototyping platform but with limited uses in real-life devices develop skills in ASIC designs power consumption awareness Integrate side-channel counter-measures side-channel attacks are very effective threats embedded systems need to be protected Use this method on different cryptographic primitives scalar multiplication on hyperelliptic curves lattice-based cryptography N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 20 / 21

79 Thank you for your attention! Questions? N. Estibals Algorithms and arithmetic for the implementation of cryptographic pairings 21 / 21

Similar documents

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 9 Elliptic Curve Cryptography ver. February 2nd, 2015 These slides were prepared by Tim Güneysu, Christof Paar

More information

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields Santosh Ghosh, Dipanwita Roy Chowdhury, and Abhijit Das Computer Science and Engineering

More information

HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS

HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS Debdeep Mukhopadhyay Dept. of Computer Science and Engg. IIT Kharagpur 3/6/2010 NTT Labs, Japan 1 Outline Elliptic Curve Cryptography

More information

FPGA Accelerated Tate Pairing Cryptosystems over Binary Fields

FPGA Accelerated Tate Pairing Cryptosystems over Binary Fields FPGA Accelerated ate Pairing Cryptosystems over Binary Fields Chang Shu, Soonhak Kwon, and Kris Gaj Dept. of ECE, George Mason University Fairfax VA, USA Dept. of Mathematics, Sungkyukwan University Suwon,

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA

More information

My 2 hours today: 1. Efficient arithmetic in finite fields minute break 3. Elliptic curves. My 2 hours tomorrow:

My 2 hours today: 1. Efficient arithmetic in finite fields minute break 3. Elliptic curves. My 2 hours tomorrow: My 2 hours today: 1. Efficient arithmetic in finite fields 2. 10-minute break 3. Elliptic curves My 2 hours tomorrow: 4. Efficient arithmetic on elliptic curves 5. 10-minute break 6. Choosing curves Efficient

More information

Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves

Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves Nicolas Estibals Équipe-projet CARAMEL, LORIA, Nancy Université / CNRS / INRIA Campus Scientifique, BP 239 54506

More information

8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers

8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers CERG @ GMU http://cryptography.gmu.edu Introduction to Post-Quantum Cryptography 10 PhD students 3 MS students Features Required from Today s Ciphers Secret-key (Symmetric) Ciphers STRENGTH PERFORMANCE

More information

Introduction to Post-Quantum Cryptography

Introduction to Post-Quantum Cryptography Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY

More information

Introduction to Post-Quantum Cryptography

Introduction to Post-Quantum Cryptography Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students 1 Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY

More information

Chapter 9. Public Key Cryptography, RSA And Key Management

Chapter 9. Public Key Cryptography, RSA And Key Management Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on

More information

ECC1 Core. Elliptic Curve Point Multiply and Verify Core. General Description. Key Features. Applications. Symbol

ECC1 Core. Elliptic Curve Point Multiply and Verify Core. General Description. Key Features. Applications. Symbol General Description Key Features Elliptic Curve Cryptography (ECC) is a public-key cryptographic technology that uses the mathematics of so called elliptic curves and it is a part of the Suite B of cryptographic

More information

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a

More information

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7 Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:

More information

A High-Speed FPGA Implementation of an RSD- Based ECC Processor

A High-Speed FPGA Implementation of an RSD- Based ECC Processor A High-Speed FPGA Implementation of an RSD- Based ECC Processor Abstract: In this paper, an exportable application-specific instruction-set elliptic curve cryptography processor based on redundant signed

More information

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that

More information

Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves

Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves Compact hardware for computing the Tate pairing over 128-bit-security supersingular curves Nicolas Estibals To cite this version: Nicolas Estibals. Compact hardware for computing the Tate pairing over

More information

An FPGA-based programmable processor for bilinear pairings

An FPGA-based programmable processor for bilinear pairings An FPGA-based programmable processor for bilinear pairings Eduardo Cuevas-Farfán 1, Miguel Morales-Sandoval 2, and René Cumplido 3 1 Intel Corporation, Guadalajara Mexico, 45019 2 CINVESTAV Tamaulipas,

More information

High-Performance Integer Factoring with Reconfigurable Devices

High-Performance Integer Factoring with Reconfigurable Devices FPL 2010, Milan, August 31st September 2nd, 2010 High-Performance Integer Factoring with Reconfigurable Devices Ralf Zimmermann, Tim Güneysu, Christof Paar Horst Görtz Institute for IT-Security Ruhr-University

More information

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography

More information

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms Yulin Ou yulin_ou@umail.ucsb.edu Department of Electrical and Computer Engineering University of California Santa Barbara June

More information

Key Management and Distribution

Key Management and Distribution CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would

More information

Abhijith Chandrashekar and Dushyant Maheshwary

Abhijith Chandrashekar and Dushyant Maheshwary By Abhijith Chandrashekar and Dushyant Maheshwary Introduction What are Elliptic Curves? Curve with standard form y 2 = x 3 + ax + b a, b ϵ R Characteristics of Elliptic Curve Forms an abelian group Symmetric

More information

Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields

Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields Reconfigurable Computing Approach for Tate Pairing Cryptosystems over Binary Fields Chang Shu, Soonhak Kwon, and Kris Gaj Abstract Tate pairing based cryptosystems have recently emerged as an alternative

More information

High-Performance Modular Multiplication on the Cell Broadband Engine

High-Performance Modular Multiplication on the Cell Broadband Engine High-Performance Modular Multiplication on the Cell Broadband Engine Joppe W. Bos Laboratory for Cryptologic Algorithms EPFL, Lausanne, Switzerland joppe.bos@epfl.ch 1 / 21 Outline Motivation and previous

More information

An IBE Scheme to Exchange Authenticated Secret Keys

An IBE Scheme to Exchange Authenticated Secret Keys An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária

More information

Elliptic Curve Public Key Cryptography

Elliptic Curve Public Key Cryptography Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key

More information

Notes for Lecture 14

Notes for Lecture 14 COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e

More information

reasonable to store in a software implementation, it is likely to be a signicant burden in a low-cost hardware implementation. We describe in this pap

reasonable to store in a software implementation, it is likely to be a signicant burden in a low-cost hardware implementation. We describe in this pap Storage-Ecient Finite Field Basis Conversion Burton S. Kaliski Jr. 1 and Yiqun Lisa Yin 2 RSA Laboratories 1 20 Crosby Drive, Bedford, MA 01730. burt@rsa.com 2 2955 Campus Drive, San Mateo, CA 94402. yiqun@rsa.com

More information

Parallelizing Cryptography. Gordon Werner Samantha Kenyon

Parallelizing Cryptography. Gordon Werner Samantha Kenyon Parallelizing Cryptography Gordon Werner Samantha Kenyon Outline Security requirements Cryptographic Primitives Block Cipher Parallelization of current Standards AES RSA Elliptic Curve Cryptographic Attacks

More information

FPGA Implementation of a Microcoded Elliptic Curve. Cryptographic Processor. K.H. Leung, K.W. Ma, W.K. Wong and P.H.W. Leong

FPGA Implementation of a Microcoded Elliptic Curve. Cryptographic Processor. K.H. Leung, K.W. Ma, W.K. Wong and P.H.W. Leong FPGA Implementation of a Microcoded Elliptic Curve Cryptographic Processor K.H. Leung, K.W. Ma, W.K. Wong and P.H.W. Leong fkhleung,kwma,wkwong1,phwlg@cse.cuhk.edu.hk Department of Computer Science and

More information

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco

More information

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange.

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. Hwajeong Seo (Hansung University), Zhe Liu (Nanjing University of Aeronautics and Astronautics),

More information

Other Topics in Cryptography. Truong Tuan Anh

Other Topics in Cryptography. Truong Tuan Anh Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem

More information

Public Key Algorithms

Public Key Algorithms Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular

More information

Channel Coding and Cryptography Part II: Introduction to Cryptography

Channel Coding and Cryptography Part II: Introduction to Cryptography Channel Coding and Cryptography Part II: Introduction to Cryptography Prof. Dr.-Ing. habil. Andreas Ahrens Communications Signal Processing Group, University of Technology, Business and Design Email: andreas.ahrens@hs-wismar.de

More information

ECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31

ECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31 ECC Elliptic Curve Cryptography Foundations of Cryptography - ECC pp. 1 / 31 Elliptic Curve an elliptic curve E is a smooth, projective, algebraic curve defined by the following equation: y 2 3 2 a xy

More information

Elliptic Curves over Prime and Binary Fields in Cryptography

Elliptic Curves over Prime and Binary Fields in Cryptography Elliptic Curves over Prime and Binary Fields in Cryptography Authors Dana Neustadter (danan@ellipticsemi.com) Tom St Denis (tstdenis@ellipticsemi.com) Copyright 2008 Elliptic Semiconductor Inc. Elliptic

More information

Key Exchange. Secure Software Systems

Key Exchange. Secure Software Systems 1 Key Exchange 2 Challenge Exchanging Keys &!"#h%&'() & & 1 2 6(6 1) 2 15! $ The more parties in communication, the more keys that need to be securely exchanged " # Do we have to use out-of-band methods?

More information

Novel Approach Design of Elliptic curve Cryptography Implementation in VLSI

Novel Approach Design of Elliptic curve Cryptography Implementation in VLSI Novel Approach Design of Elliptic curve Cryptography Implementation in VLSI V. CHANDRASEKARAN Department of Electronics and Communication Engineering Central Polytechnic College Chennai 113, INDIA N.NAGARAJAN

More information

Improvement of recently proposed Remote User Authentication Schemes

Improvement of recently proposed Remote User Authentication Schemes Improvement of recently proposed Remote User Authentication Schemes Guanfei Fang and Genxun Huang Science Institute of Information Engineering University, Zhengzhou, 450002, P.R.China feifgf@163.com Abstract

More information

Public Key Cryptography

Public Key Cryptography graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,

More information

High Speed Systolic Montgomery Modular Multipliers for RSA Cryptosystems

High Speed Systolic Montgomery Modular Multipliers for RSA Cryptosystems High Speed Systolic Montgomery Modular Multipliers for RSA Cryptosystems RAVI KUMAR SATZODA, CHIP-HONG CHANG and CHING-CHUEN JONG Centre for High Performance Embedded Systems Nanyang Technological University

More information

Key Management and Elliptic Curves

Key Management and Elliptic Curves Key Management and Elliptic Curves Key Management Distribution of ublic Keys ublic-key Distribution of Secret Keys Diffie-Hellman Key Echange Elliptic Curves Mathematical foundations Elliptic curves over

More information

Post-Quantum Cryptography A Collective Challenge

Post-Quantum Cryptography A Collective Challenge Post-Quantum Cryptography A Collective Challenge Christophe Petit University of Oxford Mathematical Institute Christophe Petit -Oxford Crypto Day 1 Cryptography is very useful Cryptography is the science

More information

High-Performance Cryptography in Software

High-Performance Cryptography in Software High-Performance Cryptography in Software Peter Schwabe Research Center for Information Technology Innovation Academia Sinica September 3, 2012 ECRYPT Summer School: Challenges in Security Engineering

More information

Public Key Algorithms

Public Key Algorithms CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and

More information

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature

More information

Computer Security 3/23/18

Computer Security 3/23/18 s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks

More information

A Scalable and High Performance Elliptic Curve Processor with Resistance to Timing Attacks

A Scalable and High Performance Elliptic Curve Processor with Resistance to Timing Attacks A Scalable and High Performance Elliptic Curve Processor with Resistance to Timing Attacks Alireza Hodjat, David D. Hwang, Ingrid Verbauwhede, University of California, Los Angeles Katholieke Universiteit

More information

Public Key Cryptography and RSA

Public Key Cryptography and RSA Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange

More information

Outline. Fast Inversion Architectures over GF(2 233 ) using pre-com puted Exponentiation Matrices. SCD Nov , 2011.

Outline. Fast Inversion Architectures over GF(2 233 ) using pre-com puted Exponentiation Matrices. SCD Nov , 2011. Outline Introduction Inversion over Binary fields GF(2^m) Multiplication over GF(2^m)/F(x) fields Fast architectures based on pre-computed matrices Results and conclusions SCD2011 - Nov. 17-18, 2011. Murcia

More information

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication

More information

Provably Secure and Efficient Cryptography

Provably Secure and Efficient Cryptography Provably Secure and Efficient Cryptography Tsuyoshi TAKAGI TU Darmstadt ttakagi@cdc.informatik.tu-darmstadt.de http://www.informatik.tu-darmstadt.de/ti/ Contents Overview NICE Cryptosystem Provable Security

More information

Design and Evaluation of FPGA Based Hardware Accelerator for Elliptic Curve Cryptography Scalar Multiplication

Design and Evaluation of FPGA Based Hardware Accelerator for Elliptic Curve Cryptography Scalar Multiplication Design and Evaluation of FPGA Based Hardware Accelerator for Elliptic Curve Cryptography Scalar Multiplication Department of Electrical and Computer Engineering Tennessee Technological University Cookeville,

More information

ECE 646 Cryptography and Computer Network Security. Course web page: Kris Gaj Research and teaching interests: Contact: ECE web page Courses ECE 646

ECE 646 Cryptography and Computer Network Security. Course web page: Kris Gaj Research and teaching interests: Contact: ECE web page Courses ECE 646 646 Cryptography and Computer Network Security Course web page: web page Courses 646 Kris Gaj Research and teaching interests: cryptography network security computer arithmetic FPGA & ASIC design and testing

More information

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital

More information

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages. Telling Secrets Secret Writing Through the Ages William Turner Department of Mathematics & Computer Science Wabash College Crawfordsville, IN 47933 Tuesday 4 February 2014 W. J. Turner Telling Secrets

More information

An Algorithm and Hardware Architecture for Integrated Modular Division and Multiplication in GF (p) and GF (2 n )

An Algorithm and Hardware Architecture for Integrated Modular Division and Multiplication in GF (p) and GF (2 n ) An Algorithm and Hardware Architecture for Integrated Modular Division and Multiplication in GF (p) and GF (2 n ) Lo ai A. Tawalbeh and Alexandre F. Tenca School of Electrical Engineering and Computer

More information

Overview. Public Key Algorithms I

Overview. Public Key Algorithms I Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State

More information

A New Attack with Side Channel Leakage during Exponent Recoding Computations

A New Attack with Side Channel Leakage during Exponent Recoding Computations A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp

More information

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest 1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published

More information

Kris Gaj Research and teaching interests: ECE 646 Cryptography and Computer Network Security. Course web page: Contact: ECE 646

Kris Gaj Research and teaching interests: ECE 646 Cryptography and Computer Network Security. Course web page: Contact: ECE 646 646 and Computer Network Security Course web page: web page Courses 646 Kris Gaj Research and teaching interests: cryptography network security computer arithmetic FPGA & ASIC design and testing Contact:

More information

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh 18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange Online Cryptography Course Basic key exchange Trusted 3 rd parties Key management Problem: n users. Storing mutual secret keys is difficult

More information

ISSN Vol.08,Issue.12, September-2016, Pages:

ISSN Vol.08,Issue.12, September-2016, Pages: ISSN 2348 2370 Vol.08,Issue.12, September-2016, Pages:2273-2277 www.ijatir.org G. DIVYA JYOTHI REDDY 1, V. ROOPA REDDY 2 1 PG Scholar, Dept of ECE, TKR Engineering College, Hyderabad, TS, India, E-mail:

More information

Diffie-Hellman. Part 1 Cryptography 136

Diffie-Hellman. Part 1 Cryptography 136 Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for

More information

RSA. Public Key CryptoSystem

RSA. Public Key CryptoSystem RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting

More information

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign

More information

NEON: Faster Elliptic Curve Scalar Multiplications on ARM Processors

NEON: Faster Elliptic Curve Scalar Multiplications on ARM Processors Four NEON: Faster Elliptic Curve Scalar Multiplications on ARM Processors Selected Areas in Cryptography (SAC 2016) St. Johns, Canada Patrick Longa Microsoft Research Next-generation elliptic curves Recent

More information

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography

More information

Elliptic vs. hyperelliptic, part 1. D. J. Bernstein

Elliptic vs. hyperelliptic, part 1. D. J. Bernstein Elliptic vs. hyperelliptic, part 1 D. J. Bernstein Goal: Protect all Internet packets against forgery, eavesdropping. We aren t anywhere near the goal. Most Internet packets have little or no protection.

More information

Volume 5, Issue 5 OCT 2016

Volume 5, Issue 5 OCT 2016 DESIGN AND IMPLEMENTATION OF REDUNDANT BASIS HIGH SPEED FINITE FIELD MULTIPLIERS Vakkalakula Bharathsreenivasulu 1 G.Divya Praneetha 2 1 PG Scholar, Dept of VLSI & ES, G.Pullareddy Eng College,kurnool

More information

This is a repository copy of High Speed and Low Latency ECC Implementation over GF(2m) on FPGA.

This is a repository copy of High Speed and Low Latency ECC Implementation over GF(2m) on FPGA. This is a repository copy of High Speed and Low Latency ECC Implementation over GF(2m) on FPGA. White Rose Research Online URL for this paper: http://eprints.whiterose.ac.uk/99476/ Version: Accepted Version

More information

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography

More information

Chapter 9 Public Key Cryptography. WANG YANG

Chapter 9 Public Key Cryptography. WANG YANG Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext

More information

COMPUTER & NETWORK SECURITY

COMPUTER & NETWORK SECURITY COMPUTER & NETWORK SECURITY Lecture 7: Key Management CRYPTOBULLETIN: IN THE LAST WEEK OpenSSL Patch to Plug Severe Security Holes http://krebsonsecurity.com/2015/03/openssl patch to plug severe security

More information

Scalable Montgomery Multiplication Algorithm

Scalable Montgomery Multiplication Algorithm 1 Scalable Montgomery Multiplication Algorithm Brock J. Prince Department of Electrical & Computer Engineering, Oregon State University, Corvallis, Oregon 97331 E-mail: princebr@engr.orst.edu May 29, 2002

More information

Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings

Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings International Journal of Network Security, Vol.5, No.3, PP.283 287, Nov. 2007 283 Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings Rongxing Lu and Zhenfu Cao (Corresponding

More information

Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA

Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007) September 2007 Guerric Meurice de Dormale*, Philippe Bulens,

More information

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography 1 Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm

More information

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm

More information

TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.

TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. vii TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATION iii xii xiv xvii 1 INTRODUCTION 1 1.1 GENERAL 1 1.2 TYPES OF WIRELESS COMMUNICATION

More information

Pipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications

Pipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications , Vol 7(4S), 34 39, April 204 ISSN (Print): 0974-6846 ISSN (Online) : 0974-5645 Pipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications B. Vignesh *, K. P. Sridhar

More information

Public-key encipherment concept

Public-key encipherment concept Date: onday, October 21, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on Public Key Cryptography Public-key encipherment concept Each user in a secure communication

More information

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d) Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography CMU Computer Club Talk Series Spring 2015 Elliptic Curve Cryptography We would like to thank Green Hills Software for sponsoring this talk series Green Hills make the world's highest performing compilers,

More information

Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography

Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography Reza Azarderakhsh Department of Computer and Electrical Engineering and Computer Science Florida Atlantic University

More information

Part VI. Public-key cryptography

Part VI. Public-key cryptography Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel

More information

Introduction to Elliptic Curve Cryptography

Introduction to Elliptic Curve Cryptography A short and pleasant Introduction to Elliptic Curve Cryptography Written by Florian Rienhardt peanut.@.bitnuts.de Abstract This is a very basic and simplified introduction into elliptic curve cryptography.

More information

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Name : TU/e student number : Exercise 1 2 3 4 5 6 total points Notes: Please hand in this sheet at the end of the exam.

More information

An Efficient Elliptic Curve Cryptography Arithmetic Using Nikhilam Multiplication

An Efficient Elliptic Curve Cryptography Arithmetic Using Nikhilam Multiplication The International Journal Of Engineering And Science (IJES) Volume 4 Issue 4 Pages PP.45-50 2015 ISSN (e): 2319 1813 ISSN (p): 2319 1805 An Efficient Elliptic Curve Cryptography Arithmetic Using Nikhilam

More information

A practical integrated device for lowoverhead, secure communications.

A practical integrated device for lowoverhead, secure communications. A practical integrated device for lowoverhead, secure communications. Gord Allan Matt Lewis Design Goals Versatility Mobility Security -can be used in a range of devices -compatibility, low/no infrastructure

More information

Application of Number Theory to Cryptology

Application of Number Theory to Cryptology Application of Number Theory to Cryptology Atsuko Miyaji, Dr of Sci. Professor Japan Advanced Institute Science & Technology miyaji@jaist.ac.jp Outline There are many application with using cryptology.

More information

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass

More information

An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm

An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, Tarek El-Ghazawi 1 1 The George Washington University, Washington, D.C., U.S.A.

More information

A Thesis for the Degree of Master of Science. Provably Secure Threshold Blind Signature Scheme Using Pairings

A Thesis for the Degree of Master of Science. Provably Secure Threshold Blind Signature Scheme Using Pairings A Thesis for the Degree of Master of Science Provably Secure Threshold Blind Signature Scheme Using Pairings Vo Duc Liem School of Engineering Information and Communications University 2003 Provably Secure

More information

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Introduction to Cryptography and Security Mechanisms. Abdul Hameed Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the

More information

ECDLP course ECC2K-130. Daniel J. Bernstein University of Illinois at Chicago. Tanja Lange Technische Universiteit Eindhoven

ECDLP course ECC2K-130. Daniel J. Bernstein University of Illinois at Chicago. Tanja Lange Technische Universiteit Eindhoven ECDLP course ECC2K-130 Daniel J. Bernstein University of Illinois at Chicago Tanja Lange Technische Universiteit Eindhoven The target: ECC2K-130 1997: Certicom announces several elliptic-curve challenges.

More information

A High-Speed FPGA Implementation of an RSD-Based ECC Processor

A High-Speed FPGA Implementation of an RSD-Based ECC Processor RESEARCH ARTICLE International Journal of Engineering and Techniques - Volume 4 Issue 1, Jan Feb 2018 A High-Speed FPGA Implementation of an RSD-Based ECC Processor 1 K Durga Prasad, 2 M.Suresh kumar 1

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback