The Montgomery Powering Ladder
|
|
- Horace Walsh
- 6 years ago
- Views:
Transcription
1 The Montgomery Powering Ladder Marc Joye Gemplus Card International Gémenos, France Sung-Ming Yen LCIS, National Central University Chung-Li, Taiwan yensm/ CHES 2002, San Francisco Bay, August 13 15,
2 Agenda Montgomery Powering Ladder Efficiency Analysis Security Analysis Conclusion 13/08/02 2/9
3 Agenda Montgomery Powering Ladder Efficiency Analysis Security Analysis Conclusion 13/08/02 2/9
4 Montgomery Powering Ladder Goal: given, compute in 13/08/02 3/9
5 Montgomery Powering Ladder in, compute Goal: given Key observation and define 13/08/02 3/9
6 Montgomery Powering Ladder Goal: given Key observation define, compute and in Montgomery powering ladder: 13/08/02 3/9
7 Montgomery Powering Ladder in, compute Goal: given Key observation and define Montgomery powering ladder: if if 13/08/02 3/9
8 Montgomery Powering Ladder in, compute Goal: given Key observation and define Montgomery powering ladder: if if 13/08/02 3/9
9 Montgomery Powering Ladder in, compute Goal: given Key observation and define Montgomery powering ladder: if if 13/08/02 3/9
10 Montgomery Powering Ladder in, compute Goal: given Key observation and define Montgomery powering ladder: if if if if 13/08/02 3/9
11 # Montgomery Powering Ladder The algorithm Input: Output: do downto "! for then # "$ if % ] $ else [if return 13/08/02 3/9
12 # Montgomery Powering Ladder The algorithm Input: Output: do downto "! for then # "$ if ] $ else [if return 13/08/02 3/9
13 Agenda Montgomery Powering Ladder Efficiency Analysis Security Analysis Conclusion 13/08/02 4/9
14 Efficiency Analysis Lucas chains structure 13/08/02 5/9
15 Efficiency Analysis Lucas chains structure is invariant [ ] 13/08/02 5/9
16 # Efficiency Analysis ] Lucas chains structure is invariant [ do downto "! for # then $ if ] $ else [if return 13/08/02 5/9
17 # Efficiency Analysis ] Lucas chains structure is invariant [ do downto "! for then # $ if ] $ else [if return 13/08/02 5/9
18 Efficiency Analysis Lucas chains structure is invariant [ elliptic curve over a field ] 13/08/02 5/9
19 Efficiency Analysis Lucas chains structure is invariant [ ] elliptic curve over a field computations can be carried out with -coordinate only 13/08/02 5/9
20 Efficiency Analysis Lucas chains structure is invariant [ ] elliptic curve over a field computations can be carried out with -coordinate only the -coordinates need not to be handled a lot of multiplications (in ) are saved fewer memory is required 13/08/02 5/9
21 Efficiency Analysis Lucas chains structure is invariant [ ] elliptic curve over a field computations can be carried out with -coordinate only the -coordinates need not to be handled a lot of multiplications (in ) are saved fewer memory is required similarly for full Lucas sequences computations can be carried out with the -sequence only 13/08/02 5/9
22 Efficiency Analysis Parallel computing 13/08/02 5/9
23 # # Efficiency Analysis Parallel computing simplified presentation for "! downto do if $ then % else [if $ ] return 13/08/02 5/9
24 # # Efficiency Analysis Parallel computing simplified presentation for if $ "! else [if downto then $ ] do return 13/08/02 5/9
25 # Efficiency Analysis Parallel computing simplified presentation for "! downto do return 13/08/02 5/9
26 # Efficiency Analysis Parallel computing simplified presentation for "! downto do return the 2 multiplications are independent 13/08/02 5/9
27 # Efficiency Analysis Parallel computing parallel Montgomery ladder for "! % downto do /* Processor 1 */ /* Processor 2 */ return 13/08/02 5/9
28 # Efficiency Analysis Parallel computing parallel Montgomery ladder for "! % downto do /* Processor 1 */ /* Processor 2 */ return twice faster with 2 processors 13/08/02 5/9
29 Efficiency Analysis Common-multiplicand property 13/08/02 5/9
30 # # Efficiency Analysis Common-multiplicand property (resp. ) is common to the 2 multiplications for if $ "! else [if downto then $ ] do return 13/08/02 5/9
31 # # Efficiency Analysis Common-multiplicand property (resp. ) is common to the 2 multiplications for if $ "! else [if downto then $ ] do return 13/08/02 5/9
32 Efficiency Analysis Common-multiplicand property (resp. ) is common to the 2 multiplications the CM-multiplication by Yen is applicable 13/08/02 5/9
33 Efficiency Analysis Common-multiplicand property (resp. ) is common to the 2 multiplications the CM-multiplication by Yen is applicable similar savings for more complicated groups e.g., when elliptic curve over, several multiplications (in ) are identical 13/08/02 5/9
34 Agenda Montgomery Powering Ladder Efficiency Analysis Security Analysis Conclusion 13/08/02 6/9
35 Security Analysis Side-channel attacks 13/08/02 7/9
36 Security Analysis Side-channel attacks SPA-like attacks Montgomery ladder behaves regularly whatever the scanned bit, 13/08/02 7/9
37 # Security Analysis Side-channel attacks SPA-like attacks Montgomery ladder behaves regularly whatever the scanned bit, for "! downto do return 13/08/02 7/9
38 Security Analysis Side-channel attacks SPA-like attacks Montgomery ladder behaves regularly whatever the scanned bit, SPA-resistant, provided that is indistinguishable from writing in squaring of is indistinguishable from squaring of writing in 13/08/02 7/9
39 Security Analysis Side-channel attacks SPA-like attacks Montgomery ladder behaves regularly whatever the scanned bit, SPA-resistant, provided that is indistinguishable from writing in squaring of is indistinguishable from squaring of DPA-like attacks prevented using standard blinding techniques writing in 13/08/02 7/9
40 Security Analysis Fault attacks C safe-error attacks 13/08/02 7/9
41 Security Analysis Fault attacks C safe-error attacks principle: timely induce a computational fault into the ALU for determining whether an operation is dummy (when the final result is correct), or effective (when the final result is incorrect) 13/08/02 7/9
42 Security Analysis Fault attacks C safe-error attacks principle: timely induce a computational fault into the ALU for determining whether an operation is dummy (when the final result is correct), or effective (when the final result is incorrect) this reveals bit-by-bit the value of exponent in the classical protected binary ladders: the square-and-multiply always algorithm, and its right-to-left counterpart 13/08/02 7/9
43 # Security Analysis Fault attacks C safe-error attacks there are no dummy operations (mult.) in the Montgomery ladder for "! downto do return 13/08/02 7/9
44 Security Analysis Fault attacks C safe-error attacks there are no dummy operations (mult.) in the Montgomery ladder the C safe-error model does not apply 13/08/02 7/9
45 Security Analysis Fault attacks M safe-error attacks 13/08/02 7/9
46 Security Analysis Fault attacks M safe-error attacks principle: timely induce a memory fault inside register during the evaluation of for determining whether the result is written in (when the final result is correct), or (when the final result is incorrect) 13/08/02 7/9
47 Security Analysis Fault attacks M safe-error attacks principle: timely induce a memory fault inside register during the evaluation of for determining whether the result is written in (when the final result is correct), or (when the final result is incorrect) this attack readily applies to Montgomery ladder 13/08/02 7/9
48 Security Analysis Fault attacks M safe-error attacks principle: timely induce a memory fault inside register during the evaluation of for determining whether the result is written in (when the final result is correct), or (when the final result is incorrect) this attack readily applies to Montgomery ladder BUT a slight modification makes the attack inapplicable 13/08/02 7/9
49 # Security Analysis Fault attacks M safe-error attacks original Montgomery ladder for "! downto do return 13/08/02 7/9
50 # Security Analysis Fault attacks M safe-error attacks modified Montgomery ladder for "! downto do return 13/08/02 7/9
51 # Security Analysis Fault attacks M safe-error attacks modified Montgomery ladder for "! downto do return the M safe-error model does no longer apply 13/08/02 7/9
52 Agenda Montgomery Powering Ladder Efficiency Analysis Security Analysis Conclusion 13/08/02 8/9
53 Conclusion Efficiency Lucas chains structure parallel computing common-multiplicand property 13/08/02 9/9
54 Conclusion Efficiency Lucas chains structure parallel computing common-multiplicand property Security against SPA-like attacks against C safe-error attacks against M safe-error attacks after modification 13/08/02 9/9
55 Conclusion Efficiency Lucas chains structure parallel computing common-multiplicand property Security against SPA-like attacks against C safe-error attacks against M safe-error attacks after modification Montgomery ladder is well suited for efficient and secure exponentiation (in ) in constrained devices 13/08/02 9/9
A Scalable and High Performance Elliptic Curve Processor with Resistance to Timing Attacks
A Scalable and High Performance Elliptic Curve Processor with Resistance to Timing Attacks Alireza Hodjat, David D. Hwang, Ingrid Verbauwhede, University of California, Los Angeles Katholieke Universiteit
More informationMemory Address Side-Channel Analysis on Exponentiation
Memory Address Side-Channel Analysis on Exponentiation Chien-Ning Chen Physical Analysis & Cryptographic Engineering (PACE) Nanyang Technological University, Singapore chienning@ntu.edu.sg Abstract. Side-channel
More informationHighly secure cryptographic computations against side-channel attacks
University of Windsor Scholarship at UWindsor Electronic Theses and Dissertations 2013 Highly secure cryptographic computations against side-channel attacks Yiruo He Follow this and additional works at:
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationUniversal Exponentiation Algorithm
Published in Ç. K. Koç, D. Naccache, and C. Paar, Eds., Cryptographic Hardware and Embedded Systems CHES 2001, vol. 2162 of Lecture Notes in Computer Science, pp. 300 308, Springer-Verlag, 2001. Universal
More informationRight-to-Left or Left-to-Right Exponentiation?
Right-to-Left or Left-to-Right Exponentiation? Colin D. Walter Information Security Group, Royal Holloway, University of London Colin.Walter@rhul.ac.uk Abstract. The most recent left-to-right and right-to-left
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationSPA resistant left-to-right integer recodings
SPA resistant left-to-right integer recodings Nicolas Thériault Department of Combinatorics and Optimization, University of Waterloo Abstract. We present two left-to-right integer recodings which can be
More informationNEW MODIFIED LEFT-TO-RIGHT RADIX-R REPRESENTATION FOR INTEGERS. Arash Eghdamian 1*, Azman Samsudin 1
International Journal of Technology (2017) 3: 519-527 ISSN 2086-9614 IJTech 2017 NEW MODIFIED LEFT-TO-RIGHT RADIX-R REPRESENTATION FOR INTEGERS Arash Eghdamian 1*, Azman Samsudin 1 1 School of Computer
More informationScalar Blinding on Elliptic Curves with Special Structure
Scalar Blinding on Elliptic Curves with Special Structure Scott Fluhrer Cisco Systems August 11, 2015 1 Abstract This paper shows how scalar blinding can provide protection against side channel attacks
More informationComputers and Mathematics with Applications
Computers and Mathematics with Applications 57 (009) 1494 1501 Contents lists available at ScienceDirect Computers and Mathematics with Applications journal homepage: www.elsevier.com/locate/camwa A low-complexity
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationEfficient Algorithms and Architectures for Double Point Multiplication on Elliptic Curves
Efficient Algorithms and Architectures for Double Point Multiplication on Elliptic Curves Reza Azarderahsh Rochester Institute of Technology rxaeec@rit.edu Koray Karabina Florida Atlantic University arabina@fau.edu
More informationRedundant Modular Reduction Algorithms
Redundant Modular Reduction Algorithms Vincent Dupaquis and Alexandre Venelli Inside Secure Avenue Victoire, 13790 Rousset, France {vdupaquis,avenelli}@insidefr.com Abstract. We present modular reduction
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationFast Multiplication on Elliptic Curves over GF (2 m ) without Precomputation
Fast Multiplication on Elliptic Curves over GF (2 m ) without Precomputation Julio López 1 and Ricardo Dahab 2 1 Department of Combinatorics & Optimization University of Waterloo, Waterloo, Ontario N2L
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationEfficient Countermeasures against RP SPA. Author(s)Mamiya, Hideyo; Miyaji, Atsuko; Mori. Lecture Notes in Computer Science,
JAIST Reposi https://dspace.j Title Efficient Countermeasures against RP SPA Author(s)Mamiya, Hideyo; Miyaji, Atsuko; Mori Citation Lecture Notes in Computer Science, 3 343-356 Issue Date 2004 Type Journal
More informationState-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures
State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures Junfeng Fan,XuGuo, Elke De Mulder, Patrick Schaumont, Bart Preneel and Ingrid Verbauwhede Katholieke
More informationRSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS. John W. Barron, Captain, USAF AFIT/GE/ENG/12-02
RSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS John W. Barron, Captain, USAF AFIT/GE/ENG/12-02 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson
More informationAn Efficient Elliptic Curve Cryptography Arithmetic Using Nikhilam Multiplication
The International Journal Of Engineering And Science (IJES) Volume 4 Issue 4 Pages PP.45-50 2015 ISSN (e): 2319 1813 ISSN (p): 2319 1805 An Efficient Elliptic Curve Cryptography Arithmetic Using Nikhilam
More informationSecure Elliptic Curve Exponentiation ZRA, DPA, and SPA. Author(s)MAMIYA, Hideyo; MIYAJI, Atsuko; MORI
JAIST Reposi https://dspace.j Title Secure Elliptic Curve Exponentiation ZRA, DPA, and SPA Author(s)MAMIYA, Hideyo; MIYAJI, Atsuko; MORI Citation IEICE TRANSACTIONS on Fundamentals o Electronics, Communications
More informationApplying TVLA to Public Key Cryptographic Algorithms. Michael Tunstall Gilbert Goodwill
Applying TVLA to Public Key Cryptographic Algorithms Michael Tunstall Gilbert Goodwill Introduction Test Vector Leakage Assessment (TVLA) was proposed in 2012 Efficient in evaluating the presence of leakage
More informationTailoring the 32-Bit ALU to MIPS
Tailoring the 32-Bit ALU to MIPS MIPS ALU extensions Overflow detection: Carry into MSB XOR Carry out of MSB Branch instructions Shift instructions Slt instruction Immediate instructions ALU performance
More informationSecuring Elliptic Curve Point Multiplication against Side-Channel Attacks
Main text appears in G. I. Davida, Y. Frankel (Eds.): Information Security ISC 2001, Springer-Verlag LNCS 2200, pp. 324 334, ISBN 3-540-42662-0. Addendum Efficiency Improvement added 2001-08-27/2001-08-29.
More informationEfficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Gemalto, 6 rue de la Verrerie, 92197 Meudon Cedex, France blandine.debraize@gemalto.com Abstract.
More informationEfficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Gemalto, 6 rue de la Verrerie, 92197 Meudon Cedex, France blandine.debraize@gemalto.com Abstract.
More informationCS 64 Week 1 Lecture 1. Kyle Dewey
CS 64 Week 1 Lecture 1 Kyle Dewey Overview Bitwise operation wrap-up Two s complement Addition Subtraction Multiplication (if time) Bitwise Operation Wrap-up Shift Left Move all the bits N positions to
More informationECE 30 Introduction to Computer Engineering
ECE 30 Introduction to Computer Engineering Study Problems, Set #6 Spring 2015 1. With x = 1111 1111 1111 1111 1011 0011 0101 0011 2 and y = 0000 0000 0000 0000 0000 0010 1101 0111 2 representing two s
More informationFault Attacks on Public Keys
Fault Attacks on Public Keys Ce cile Canovas and Alexandre Berzati CEA-LETI Minatec et Universite de Versailles 5 Juin 2009 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms 4 ECDLP-based
More informationMy 2 hours today: 1. Efficient arithmetic in finite fields minute break 3. Elliptic curves. My 2 hours tomorrow:
My 2 hours today: 1. Efficient arithmetic in finite fields 2. 10-minute break 3. Elliptic curves My 2 hours tomorrow: 4. Efficient arithmetic on elliptic curves 5. 10-minute break 6. Choosing curves Efficient
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Attacking Cryptographic Schemes Cryptanalysis Find mathematical weaknesses in constructions
More informationSome Security Aspects of the MIST Randomized Exponentiation Algorithm
Some Security Aspects of the MIST Randomized Exponentiation Algorithm Colin D. Walter Comodo Research Laboratory 10 Hey Street, Bradford, BD7 1DQ, UK colin.walter@comodo.net Abstract. The Mist exponentiation
More informationPower Analysis Attacks of Modular Exponentiation in Smartcards
Power Analysis Attacks of Modular Exponentiation in Smartcards Thomas S. Messerges 1, Ezzy A. Dabbish 1, Robert H. Sloan 2,3 1 Motorola Labs, Motorola 1301 E. Algonquin Road, Room 2712, Schaumburg, IL
More informationHi. I m a three. I m always a three. I never ever change. That s why I m a constant.
Lesson 1-1: 1 1: Evaluating Expressions Hi. I m a three. I m always a three. I never ever change. That s why I m a constant. 3 Real life changes, though. So to talk about real life, math needs things that
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationA New Double Point Multiplication Algorithm and Its Application to Binary Elliptic Curves with Endomorphisms
2614 IEEE TRANSACTIONS ON COMPUTERS, VOL. 63, NO. 10, OCTOBER 2014 A New Double Point Multiplication Algorithm Its Application to Binary Elliptic Curves with Endomorphisms Reza Azarderakhsh Koray Karabina
More informationThe Absolute Value Symbol
Section 1 3: Absolute Value and Powers The Absolute Value Symbol The symbol for absolute value is a pair of vertical lines. These absolute value brackets act like the parenthesis that we use in order of
More informationHigh-Performance Integer Factoring with Reconfigurable Devices
FPL 2010, Milan, August 31st September 2nd, 2010 High-Performance Integer Factoring with Reconfigurable Devices Ralf Zimmermann, Tim Güneysu, Christof Paar Horst Görtz Institute for IT-Security Ruhr-University
More informationSliding Windows Succumbs to Big Mac Attack
Sliding Windows Succumbs to Big Mac Attack Colin D. Walter Department of Computation, UMIST PO Box 88, Manchester M60 1QD, UK www.co.umist.ac.uk Abstract. Sliding Windows is a general technique for obtaining
More information3.1 Using Exponents to Describe Numbers
.1 Using to Describe Numbers Represent repeated multiplication with exponents Describe how powers represent repeated multiplication Demonstrate the difference between the exponent and the base by building
More informationError Detection and Recovery for Transient Faults in Elliptic Curve Cryptosystems
Error Detection and Recovery for Transient Faults in Elliptic Curve Cryptosystems Abdulaziz Alkhoraidly and M. Anwar Hasan Department of Electrical and Computer Engineering University of Waterloo January
More informationGeneric Cryptanalysis of Combined Countermeasures with Randomized BSD Representations
Generic Cryptanalysis of Combined Countermeasures with Randomized BSD Representations Tae Hyun Kim 1, Dong-Guk Han 2, Katsuyuki Okeya 3, and Jongin Lim 1 1 Center for Information and Security Technologies(CIST),
More informationChapter 10 - Computer Arithmetic
Chapter 10 - Computer Arithmetic Luis Tarrataca luis.tarrataca@gmail.com CEFET-RJ L. Tarrataca Chapter 10 - Computer Arithmetic 1 / 126 1 Motivation 2 Arithmetic and Logic Unit 3 Integer representation
More informationElliptic vs. hyperelliptic, part 1. D. J. Bernstein
Elliptic vs. hyperelliptic, part 1 D. J. Bernstein Goal: Protect all Internet packets against forgery, eavesdropping. We aren t anywhere near the goal. Most Internet packets have little or no protection.
More informationComparison of Simple Power Analysis Attack Resistant Algorithms for an Elliptic Curve Cryptosystem
Comparison of Simple Power Analysis Attack Resistant Algorithms for an Elliptic Curve Cryptosystem Andrew Byrne, Nicolas Meloni, Arnaud Tisserand, Emanuel Popovici, William Marnane To cite this version:
More informationAn Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost
An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost Junfeng Fan and Ingrid Verbauwhede Katholieke Universiteit Leuven, ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001
More informationUsing Templates to Distinguish Multiplications from Squaring Operations
Using Templates to Distinguish Multiplications from Squaring Operations Neil Hanley 1, Michael Tunstall 2, and William P. Marnane 1 1 Claude Shannon Institute for Discrete Mathematics, Coding and Cryptography,
More informationProvably Secure and Efficient Cryptography
Provably Secure and Efficient Cryptography Tsuyoshi TAKAGI TU Darmstadt ttakagi@cdc.informatik.tu-darmstadt.de http://www.informatik.tu-darmstadt.de/ti/ Contents Overview NICE Cryptosystem Provable Security
More information(Refer Slide Time 04:53)
Programming and Data Structure Dr.P.P.Chakraborty Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture 26 Algorithm Design -1 Having made a preliminary study
More informationPower Analysis Attacks on ECC: A Major Security Threat
Power Analysis Attacks on ECC: A Major Security Threat Hilal Houssain, Mohamad Badra LIMOS Laboratory CNRS France Turki F. Al-Somani, Senior Member, IEEE Computer Engineering Department Umm Al-Qura University
More informationArithmetic Circuits. Design of Digital Circuits 2014 Srdjan Capkun Frank K. Gürkaynak.
Arithmetic Circuits Design of Digital Circuits 2014 Srdjan Capkun Frank K. Gürkaynak http://www.syssec.ethz.ch/education/digitaltechnik_14 Adapted from Digital Design and Computer Architecture, David Money
More informationNEON: Faster Elliptic Curve Scalar Multiplications on ARM Processors
Four NEON: Faster Elliptic Curve Scalar Multiplications on ARM Processors Selected Areas in Cryptography (SAC 2016) St. Johns, Canada Patrick Longa Microsoft Research Next-generation elliptic curves Recent
More informationcarry in carry 1101 carry carry
Chapter Binary arithmetic Arithmetic is the process of applying a mathematical operator (such as negation or addition) to one or more operands (the values being operated upon). Binary arithmetic works
More informationImproving and Extending the Lim/Lee Exponentiation Algorithm
Improving and Extending the Lim/Lee Exponentiation Algorithm Biljana Cubaleska 1, Andreas Rieke 2, and Thomas Hermann 3 1 FernUniversität Hagen, Department of communication systems Feithstr. 142, 58084
More informationPoint Compression and Coordinate Recovery for Edwards Curves over Finite Field
DOI: 10.2478/awutm-2014-0014 Analele Universităţii de Vest, Timişoara Seria Matematică Informatică LII, 2, (2014), 111 125 Point Compression and Coordinate Recovery for Edwards Curves over Finite Field
More informationCollision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA
Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007) September 2007 Guerric Meurice de Dormale*, Philippe Bulens,
More informationA Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks
A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier, François-Xavier Standaert: Université catholique de Louvain Yuanyuan Zhou:
More informationElliptic Curve Cryptoprocessor with Hierarchical Security
Elliptic Curve Cryptoprocessor with Hierarchical Security ALAAELDIN AMIN, Computer Engineering Department King Fahd University of Petroleum & Minerals Dhahran, 31261, Saudi Arabia amindin@kfupm.edu.sa
More informationComparison of Algorithms for Elliptic Curve Cryptography over Finite Fields of GF(2 m )
Comparison of Algorithms for Elliptic Curve Cryptography over Finite Fields of GF( m ) The IASTED International Conference on Communication, Network, and Information Security CNIS 003, December -1, 003
More informationAuthenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem
Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem Li-Chin Huang and Min-Shiang Hwang 1 Department of Computer Science and Engineering,
More informationAn Efficient Parallel CMM-CSD Modular Exponentiation Algorithm by Using a New Modified Modular Multiplication Algorithm
5 th SASTech 0, Khavaran Higher-education Institute, Mashhad, Iran. May -4. An Efficient Parallel CMM-CSD Modular Exponentiation Algorithm by Using a New Modified Modular Multiplication Algorithm Abdalhossein
More informationA New Modified CMM Modular Exponentiation Algorithm
International Journal of Intelligent Computing Research (IJICR), Volume, Issue 3, September A New odified C odular xponentiation Algorithm Abdalhossein Rezai Semnan University, Semnan, Iran Parviz Keshavarzi
More informationBlind Signature Scheme Based on Elliptic Curve Cryptography
Blind Signature Scheme Based on Elliptic Curve Cryptography Chwei-Shyong Tsai Min-Shiang Hwang Pei-Chen Sung Department of Management Information System, National Chung Hsing University 250 Kuo Kuang Road.,
More informationHybrid STT CMOS Designs for Reverse engineering Prevention
Hybrid STT CMOS Designs for Reverse engineering Prevention Theodore Winograd George Mason University Hassan Salmani* Howard University Hamid Mahmoodi San Francisco State University Kris Gaj George Mason
More informationTemplate Attacks on ECDSA
Template Attacks on ECDSA Marcel Medwed 1 and Elisabeth Oswald 1,2 1 University of Bristol, Computer Science Department, Merchant Venturers Building, Woodland Road, BS8 1UB, Bristol, UK 2 Graz University
More informationBipartite Modular Multiplication
Bipartite Modular Multiplication Marcelo E. Kaihara and Naofumi Takagi Department of Information Engineering, Nagoya University, Nagoya, 464-8603, Japan {mkaihara, ntakagi}@takagi.nuie.nagoya-u.ac.jp Abstract.
More informationTemplate Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls
Template Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls Sarani Bhattacharya 1, Clementine Maurice 2, Shivam Bhasin 3, and Debdeep Mukhopadhyay 1,3 Indian Institute of Technology
More informationProject 2: How Parentheses and the Order of Operations Impose Structure on Expressions
MAT 51 Wladis Project 2: How Parentheses and the Order of Operations Impose Structure on Expressions Parentheses show us how things should be grouped together. The sole purpose of parentheses in algebraic
More informationPublic Key Perturbation of Randomized RSA Implementations
Public Key Perturbation of Randomized RSA Implementations Alexandre Berzati 1,2, Cécile Canovas-Dumas 1, Louis Goubin 2 1 CEA-LETI/MINATEC, 17 rue des Martyrs, 38054 Grenoble Cedex 9, France, {alexandre.berzati,cecile.canovas}@cea.fr
More information9 Multiplication and Division
9 Multiplication and Division Multiplication is done by doing shifts and additions. Multiplying two (unsigned) numbers of n bits each results in a product of 2n bits. Example: 0110 x 0011 (6x3) At start,
More informationSide-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck
Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck What is RSA? As we all know, RSA (Rivest Shamir Adleman) is a really secure algorithm for public-key cryptography.
More informationRandomized Addition-Subtraction Chains as a Countermeasure against Power Attacks
Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks Elisabeth Oswald and Manfred Aigner Institute for Applied Information Processing and Communications Graz University of Technology,
More informationParallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks
Main text appears in A. H. Chan, V. Gligor (Eds.): Information Security ISC 2002, Springer-Verlag LNCS 2433, pp. 402 413, ISBN 3-540-44270-7. Notes added 2002-10-16. Parallelizale Elliptic Curve Point
More informationFaster Interleaved Modular Multiplier Based on Sign Detection
Faster Interleaved Modular Multiplier Based on Sign Detection Mohamed A. Nassar, and Layla A. A. El-Sayed Department of Computer and Systems Engineering, Alexandria University, Alexandria, Egypt eng.mohamedatif@gmail.com,
More informationPhysics 306 Computing Lab 5: A Little Bit of This, A Little Bit of That
Physics 306 Computing Lab 5: A Little Bit of This, A Little Bit of That 1. Introduction You have seen situations in which the way numbers are stored in a computer affects a program. For example, in the
More informationKeynote: White-Box Cryptography
Keynote: White-Box Cryptography Matthieu Rivain PHIIC Workshop, 4 Oct 2016 Outline Context: white-box crypto: big trend in the industry cryptographic obfuscation: big trend in the scientific literature
More informationControlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
More informationOn Boolean and Arithmetic Masking against Differential Power Analysis
On Boolean and Arithmetic Masking against Differential Power Analysis [Published in Ç.K. Koç and C. Paar, Eds., Cryptographic Hardware and Embedded Systems CHES 2000, vol. 1965 of Lecture Notes in Computer
More informationCSC 1700 Analysis of Algorithms: Heaps
CSC 1700 Analysis of Algorithms: Heaps Professor Henry Carter Fall 2016 Recap Transform-and-conquer preprocesses a problem to make it simpler/more familiar Three types: Instance simplification Representation
More informationA Template Attack on Elliptic Curves using Classification methods
Technische Universiteit Eindhoven Master Thesis A Template Attack on Elliptic Curves using Classification methods Author: Elif Özgen Supervisors: Lejla Batina Berry Schoenmakers A thesis submitted in fulfillment
More informationChapter 3: Arithmetic for Computers
Chapter 3: Arithmetic for Computers Objectives Signed and Unsigned Numbers Addition and Subtraction Multiplication and Division Floating Point Computer Architecture CS 35101-002 2 The Binary Numbering
More informationControl Unit: Binary Multiplier. Arturo Díaz-Pérez Departamento de Computación Laboratorio de Tecnologías de Información CINVESTAV-IPN
Control Unit: Binary Multiplier Arturo Díaz-Pérez Departamento de Computación Laboratorio de Tecnologías de Información CINVESTAV-IPN Example: Binary Multiplier Two versions Hardwired control Microprogrammed
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationDynamic Programming. Outline and Reading. Computing Fibonacci
Dynamic Programming Dynamic Programming version 1.2 1 Outline and Reading Matrix Chain-Product ( 5.3.1) The General Technique ( 5.3.2) -1 Knapsac Problem ( 5.3.3) Dynamic Programming version 1.2 2 Computing
More informationSide-Channel Cryptanalysis. Joseph Bonneau Security Group
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored
More informationSoftware Engineering Aspects of Elliptic Curve Cryptography. Joppe W. Bos Real World Crypto 2017
Software Engineering Aspects of Elliptic Curve Cryptography Joppe W. Bos Real World Crypto 2017 1. NXP Semiconductors Operations in > 35 countries, more than 130 facilities 45,000 employees Research &
More informationDifferential Fault Analysis on AES Key Schedule and Some Countermeasures
Differential Fault Analysis on AES Key Schedule and Some Countermeasures Chien-Ning Chen and Sung-Ming Yen Laboratory of Cryptography and Information Security (LCIS) Dept of Computer Science and Information
More informationECE260: Fundamentals of Computer Engineering
Arithmetic for Computers James Moscola Dept. of Engineering & Computer Science York College of Pennsylvania Based on Computer Organization and Design, 5th Edition by Patterson & Hennessy Arithmetic for
More informationFlexible Hardware Design for RSA and Elliptic Curve Cryptosystems
Flexible Hardware Design for RSA and Elliptic Curve Cryptosystems Lejla Batina 1, Geeke Bruin-Muurling, and Sıddıka Berna Örs1 1 Katholieke Universiteit Leuven, ESAT/COSIC, Kasteelpark Arenberg 10, B-3001
More informationData Representation Type of Data Representation Integers Bits Unsigned 2 s Comp Excess 7 Excess 8
Data Representation At its most basic level, all digital information must reduce to 0s and 1s, which can be discussed as binary, octal, or hex data. There s no practical limit on how it can be interpreted
More informationMATH Ms. Becker
MATH 1-23-17 Ms. Becker Warm-Up: Write down 2 goals you wish to complete in Unit 5. (Area and Volume) When finished, either prepare yourself to correct your test or prepare yourself for taking notes. Agenda:
More informationCharacteristics of Exponential Functions
Math Objectives Students will identify the characteristics of exponential functions of the form f(x) = b x, where b > 1. Students will identify the characteristics of exponential functions of the form
More informationLECTURE 1 WORM ALGORITHM FOR CLASSICAL STATISTICAL MODELS I
LECTURE 1 WORM ALGORITHM FOR CLASSICAL STATISTICAL MODELS I LECTURE 1 WORM ALGORITHM FOR CLASSICAL STATISTICAL MODELS I General idea of extended configuration space; Illustration for closed loops. LECTURE
More informationClustering Algorithms for Non-Profiled Single-Execution Attacks on Exponentiations
Clustering Algorithms for Non-Profiled Single-Execution Attacks on Exponentiations Johann Heyszl 1, Andreas Ibing 2, Stefan Mangard 3, Fabrizio De Santis 2,4, and Georg Sigl 2 1 Fraunhofer Institute AISEC,
More informationA New Type of Timing Attack: Application to GPS
A New Type of Timing Attack: Application to GPS Julien Cathalo, François Koeune and Jean-Jacques Quisquater Université catholique de Louvain Place du Levant 3 1348 Louvain-la-Neuve, Belgium {cathalo,fkoeune,q}@dice.ucl.ac.be
More informationHardware for Collision Search on Elliptic Curve over GF(2 m )
Hardware for Collision Search on Elliptic Curve over GF(2 m ) Philippe Bulens (S), Guerric Meurice de Dormale and Jean-Jacques Quisquater {bulens, gmeurice, quisquater}@dice.ucl.ac.be UCL Crypto Group
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationLecture 13: Divide and Conquer (1997) Steven Skiena. skiena
Lecture 13: Divide and Conquer (1997) Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 11794 4400 http://www.cs.sunysb.edu/ skiena Problem Solving Techniques Most
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More information