Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs
Size: px
Start display at page:

Download "Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs"

Transcription

1 Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs Tobias Oder and Tim Güneysu Ruhr-University Bochum Latincrypt

2 Public-Key Crypto and Long-Term Security 2

3 Lattice-Based Cryptography Five main branches of post-quantum crypto: Code-based Lattice-based Hash-based Multivariate-quadratic Supersingular elliptic curve isogenies 3

4 Standard Lattices vs Ideal Lattices Ring or ideal lattices smaller parameters faster implementations smaller implementations But less trust in security due to structure! Ideal: polynomial multiplication Standard: matrix-vector multiplication Module lattices somewhere inbetween 4

5 Learning with Errors Given A and b = As Task: Find s Easy to solve 5

6 Learning with Errors Given A and b = As Task: Find s Easy to solve Given A and b = As + e Task: Find s Hard problem 6

7 A New Hope - Simple Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation (2016), 7

8 A New Hope 8

9 Challenges for HW Implementation Implementation for Xilinx Aritx-7 FPGA NTT for polynomial multiplication in O(n log n) Binomial sampler to generate error polynomials SHAKE-128 for Parse Optimize for low-area footage, but maintain a decent performance 9

10 Our Design - Server 10

11 Our Design - Client 11

12 Sever-side Operations I 12

13 Client-side Operations 13

14 Sever-side Operations II 14

15 Comparison We compare our results with Thomas Pöppelmann and Tim Güneysu: Towards practical latticebased public-key encryption, SAC 2013 Sujoy Sinha Roy and Frederik Vercauteren and Nele Mentens and Donald Donglong Chen and Ingrid Verbauwhede: Compact Ring- LWE based cryptoprocessor, CHES 2014 Po-Chun Kuo and Wen-Ding Li and Yu-Wei Chen and Yuan-Che Hsu and Bo-Yuan Peng and Chen-Mou Cheng and Bo-Yin Yang: Post-Quantum Key Exchange on FPGAs, eprint,

16 Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1, Pöppelmann et al. R-LWE Encrypt 5,595 4, Kuo et al. NewHope 12,340 6, Our (server) NewHope Simple 5,142 4, Our (client) NewHope Simple 4,498 4,

17 Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1, Pöppelmann et al. R-LWE Encrypt 5,595 4, Kuo et al. NewHope 12,340 6, Our (server) NewHope Simple 5,142 4, Our (client) NewHope Simple 4,498 4,

18 Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1, Pöppelmann et al. R-LWE Encrypt 5,595 4, Kuo et al. NewHope 12,340 6, Our (server) NewHope Simple 5,142 4, Our (client) NewHope Simple 4,498 4,

19 Resource consumption Implementation Scheme LUTs FFs BRAMs DSPs Roy et al. R-LWE Encrypt 1, Pöppelmann et al. R-LWE Encrypt 5,595 4, Kuo et al. NewHope 12,340 6, Our (server) NewHope Simple 5,142 4, Our (client) NewHope Simple 4,498 4,

20 Performance results Implementation Scheme Frequency Cycles µs/operation Roy et al. (Enc) R-LWE Encrypt 278 MHz 13, Roy et al. (Dec) R-LWE Encrypt 278 MHz 5, Pöppelmann et al. (Enc) R-LWE Encrypt 251 MHz 13, Pöppelmann et al. (Dec) R-LWE Encrypt 251 MHz 8, Kuo et al. (server) NewHope 114 MHz 11, Kuo et al. (client) NewHope 114 MHz 11, Our (server) NewHope Simple 125 MHz 171,124 1,369 Our (client) NewHope Simple 117 MHz 179,292 1,532 20

21 Performance results Implementation Scheme Frequency Cycles µs/operation Roy et al. (Enc) R-LWE Encrypt 278 MHz 13, Roy et al. (Dec) R-LWE Encrypt 278 MHz 5, Pöppelmann et al. (Enc) R-LWE Encrypt 251 MHz 13, Pöppelmann et al. (Dec) R-LWE Encrypt 251 MHz 8, Kuo et al. (server) NewHope 114 MHz 11, Kuo et al. (client) NewHope 114 MHz 11, Our (server) NewHope Simple 125 MHz 171,124 1,369 Our (client) NewHope Simple 117 MHz 179,292 1,532 21

22 Comparison What makes our numbers worse than those of R-LWE implementations? Parameter sizes More components Key generation On-the-fly generation of a Security level 22

23 Conclusions NewHope-Simple is well suited for implementations on constrained devices Low area footprint Practical performance VHDL source code will be made available for verification soon: Our implementation is constant time DPA-resistant implementation is future work 23

24 Thank You For Your Attention! Any Questions?

Similar documents

Standard Lattice-Based Key Encapsulation on Embedded Devices

Standard Lattice-Based Key Encapsulation on Embedded Devices Standard Lattice-Based Key Encapsulation on Embedded Devices James Howe 1, Tobias Oder 2, Markus Krausz 2, and Tim Güneysu 2,3 1 Department of Computer Science, University of Bristol, UK james.howe@bristol.ac.uk

More information

SAFEcrypto: Secure Architectures of Future Emerging cryptography

SAFEcrypto: Secure Architectures of Future Emerging cryptography SAFEcrypto: Secure Architectures of Future Emerging cryptography Ciara Rafferty Queen s University Belfast 20 September 2016 This project has received funding from the European Union H2020 research and

More information

Additively Homomorphic ring-lwe Masking

Additively Homomorphic ring-lwe Masking Additively Homomorphic ring-lwe Masking Oscar Reparaz, Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren and Ingrid Verbauwhede COSIC/KU Leuven and iminds Kasteelpark Arenberg 10, B-3001 Leuven, Belgium

More information

Vectorized implementations of post-quantum crypto

Vectorized implementations of post-quantum crypto Vectorized implementations of post-quantum crypto Peter Schwabe January 12, 2015 DIMACS Workshop on the Mathematics of Post-Quantum Cryptography The multicore revolution Until early years 2000 each new

More information

Optimizing Post-Quantum Cryptographic Algorithms for Modern and Future Processor Architectures

Optimizing Post-Quantum Cryptographic Algorithms for Modern and Future Processor Architectures Post-quantum cryptography for long-term security PQCRYPTO ICT-645622 PQCrypto Review Meeting / Workshop, Utrecht, the Netherlands, June 28, 2016 Optimizing Post-Quantum Cryptographic Algorithms for Modern

More information

High Precision Discrete Gaussian Sampling on FPGAs

High Precision Discrete Gaussian Sampling on FPGAs High Precision Discrete Gaussian Sampling on FPGAs Sujoy Sinha Roy, Frederik Vercauteren and Ingrid Verbauwhede ESAT/SCD-COSIC and iminds, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium

More information

Post-Quantum Cryptography. Dr. Thomas Pöppelmann Infineon Technologies AG

Post-Quantum Cryptography. Dr. Thomas Pöppelmann Infineon Technologies AG Post-Quantum Cryptography Dr. Thomas Pöppelmann Infineon Technologies AG Agenda 1 Introduction 2 Post-Quantum Cryptography 3 Lattice-Based Cryptography 4 Hash- and Code-Based Cryptography 5 Outlook 2 Agenda

More information

ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC Design in GF(p)

ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC Design in GF(p) ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC Design in GF(p) Debapriya Basu Roy, Poulami Das and Debdeep Mukhopadhyay June 19, 2015 Debapriya Basu Roy ECC on Your Fingertips

More information

Hiding Higher-Order Leakages in Hardware

Hiding Higher-Order Leakages in Hardware Hiding Higher-Order Leakages in Hardware 21. May 2015 Ruhr-Universität Bochum Acknowledgement Pascal Sasdrich Tobias Schneider Alexander Wild 2 Story? Threshold Implementation should be explained? 1 st

More information

Efficient Implementation of Ring-LWE Encryption on High-end IoT Platform

Efficient Implementation of Ring-LWE Encryption on High-end IoT Platform Efficient Implementation of Ring-LWE Encryption on High-end IoT Platform Zhe Liu 1,2 Reza Azarderakhsh 3 Howon Kim 4 Hwajeong Seo 5 1 College of Computer Science and Technology, Nanjing University of Aeronautics

More information

Advances in Implementations of Code-based Cryptography on Embedded Systems

Advances in Implementations of Code-based Cryptography on Embedded Systems Advances in Implementations of Code-based Cryptography on Embedded Systems Worcester Polytechnic Institute (WPI) September 25, 2013 Tim Güneysu (joint work with Ingo von Maurich and Stefan Heyse) Horst

More information

Post-Quantum Cryptography

Post-Quantum Cryptography Post-Quantum Cryptography Professor Máire O Neill www.csit.qub.ac.uk CSIT is a Research Centre of the ECIT Institute 1 Rationale What happens if/when quantum computers become a reality? Commonly used Public-key

More information

High Precision Discrete Gaussian Sampling on FPGAs

High Precision Discrete Gaussian Sampling on FPGAs High Precision Discrete Gaussian Sampling on FPGAs Sujoy Sinha Roy (B), Frederik Vercauteren, and Ingrid Verbauwhede ESAT/COSIC and iminds, KU Leuven, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium

More information

Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018

Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT is a Research Centre of the ECIT Institute @CSIT_QUB Overview 1. Introduction

More information

Post-Quantum Cryptography A Collective Challenge

Post-Quantum Cryptography A Collective Challenge Post-Quantum Cryptography A Collective Challenge Christophe Petit University of Oxford Mathematical Institute Christophe Petit -Oxford Crypto Day 1 Cryptography is very useful Cryptography is the science

More information

HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS

HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS Debdeep Mukhopadhyay Dept. of Computer Science and Engg. IIT Kharagpur 3/6/2010 NTT Labs, Japan 1 Outline Elliptic Curve Cryptography

More information

Introduction to Post-Quantum Cryptography

Introduction to Post-Quantum Cryptography Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY

More information

Introduction to Post-Quantum Cryptography

Introduction to Post-Quantum Cryptography Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students 1 Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY

More information

A Implementing QC-MDPC McEliece Encryption

A Implementing QC-MDPC McEliece Encryption A Implementing QC-MDPC McEliece Encryption INGO VON MAURICH, Ruhr-Universität Bochum TOBIAS ODER, Ruhr-Universität Bochum TIM GÜNEYSU, Ruhr-Universität Bochum With respect to performance, asymmetric code-based

More information

Lightweight Code-based Cryptography: QC-MDPC McEliece Encryption on Reconfigurable Devices

Lightweight Code-based Cryptography: QC-MDPC McEliece Encryption on Reconfigurable Devices Lightweight Code-based Cryptography: QC-MDPC McEliece Encryption on Reconfigurable Devices Ingo von Maurich HGI, Ruhr-Universität Bochum Germany ingo.vonmaurich@rub.de Tim Güneysu HGI, Ruhr-Universität

More information

8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers

8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers CERG @ GMU http://cryptography.gmu.edu Introduction to Post-Quantum Cryptography 10 PhD students 3 MS students Features Required from Today s Ciphers Secret-key (Symmetric) Ciphers STRENGTH PERFORMANCE

More information

Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?

Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches

More information

SAFEcrypto: Secure Architectures of Future Emerging cryptography

SAFEcrypto: Secure Architectures of Future Emerging cryptography SAFEcrypto: Secure Architectures of Future Emerging cryptography Máire O Neill Queen s University Belfast This project has received funding from the European Union H2020 research and innovation programme

More information

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange.

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. Hwajeong Seo (Hansung University), Zhe Liu (Nanjing University of Aeronautics and Astronautics),

More information

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields

High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields High Speed Cryptoprocessor for η T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields Santosh Ghosh, Dipanwita Roy Chowdhury, and Abhijit Das Computer Science and Engineering

More information

Efficient Software Implementation of Ring-LWE Encryption on IoT Processors

Efficient Software Implementation of Ring-LWE Encryption on IoT Processors IEEE TRANSACTIONS ON COMPUTERS L A TEX CLASS FILES, VOL., NO., 2017 1 Efficient Software Implementation of Ring-LWE Encryption on IoT Processors Zhe Liu, Member, IEEE, Reza Azarderakhsh, Member, IEEE,

More information

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum

More information

Ultra-Lightweight Cryptography

Ultra-Lightweight Cryptography Ultra-Lightweight Cryptography F.-X. Standaert UCL Crypto Group European brokerage event, Cryptography Paris, September 2016 Outline Introduction Symmetric cryptography Hardware implementations Software

More information

Preparing for post-quantum and hybrid cryptography on the Internet

Preparing for post-quantum and hybrid cryptography on the Internet Preparing for post-quantum and hybrid cryptography on the Internet Douglas Stebila Concordia March 15, 2017 Concordia 2017-03-16 Preparing for post-quantum and hybrid cryptography on the Internet 2 Acknowledgements

More information

AtLast: Another Three-party Lattice-based PAKE Scheme

AtLast: Another Three-party Lattice-based PAKE Scheme Copyright c 2018 The Institute of Electronics, Information and Communication Engineers SCIS 2018 2018 Symposium on Cryptography and Information Security Niigata, Japan, Jan. 23-26, 2018 The Institute of

More information

Recommendation to Protect Your Data in the Future

Recommendation to Protect Your Data in the Future Recommendation to Protect Your Data in the Future Prof. Dr.-Ing. Tim Güneysu Arbeitsgruppe Technische Informatik / IT-Sicherheit (CEITS) LEARNTEC Karlsruhe 27.01.2016 Long-Term Security in the Real World

More information

A note on the implementation of the Number Theoretic Transform

A note on the implementation of the Number Theoretic Transform A note on the implementation of the Number Theoretic Transform Michael Scott MIRACL.com mike.scott@miracl.com Abstract. The Number Theoretic Transform (NTT) is a time critical function required by many

More information

Breaking ECC2K-130 on Cell processors and GPUs

Breaking ECC2K-130 on Cell processors and GPUs Breaking ECC2K-130 on Cell processors and GPUs Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier van Damme, Giacomo de Meulenaer,

More information

Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography

Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography Reza Azarderakhsh Department of Computer and Electrical Engineering and Computer Science Florida Atlantic University

More information

High-Performance Integer Factoring with Reconfigurable Devices

High-Performance Integer Factoring with Reconfigurable Devices FPL 2010, Milan, August 31st September 2nd, 2010 High-Performance Integer Factoring with Reconfigurable Devices Ralf Zimmermann, Tim Güneysu, Christof Paar Horst Görtz Institute for IT-Security Ruhr-University

More information

Type-II optimal polynomial bases. D. J. Bernstein University of Illinois at Chicago. Joint work with: Tanja Lange Technische Universiteit Eindhoven

Type-II optimal polynomial bases. D. J. Bernstein University of Illinois at Chicago. Joint work with: Tanja Lange Technische Universiteit Eindhoven Type-II optimal polynomial bases D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja Lange Technische Universiteit Eindhoven Bigger project: Breaking ECC2K-130. Daniel V. Bailey,

More information

Practical Implementation of Lattice-based cryptography

Practical Implementation of Lattice-based cryptography Practical Implementation of Lattice-based cryptography Máire O Neill Queen s University Belfast This project has received funding from the European Union H2020 research and innovation programme under grant

More information

Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates

Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Kris Gaj, Rabia Shahid, Malik Umar Sharif, and Marcin Rogawski George Mason University U.S.A. Co-Authors Rabia Shahid Malik

More information

Evaluating the Duplication of Dual-Rail Logics on FPGAs

Evaluating the Duplication of Dual-Rail Logics on FPGAs Horst Görtz Institute for IT-Security Evaluating the Duplication of Dual-Rail Logics on FPGAs Alexander Wild, Amir Moradi, Tim Güneysu April 13. 2015 Motivation Dual-rail precharge logic 1 Motivation Dual-rail

More information

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sören Rinne, Thomas Eisenbarth, and Christof Paar Horst Görtz Institute for IT Security Ruhr-Universität Bochum,

More information

A Implementing Curve25519 for Side-Channel-Protected Elliptic Curve Cryptography

A Implementing Curve25519 for Side-Channel-Protected Elliptic Curve Cryptography A Implementing Curve25519 for Side-Channel-Protected Elliptic Curve Cryptography PASCAL SASDRICH, Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany TIM GÜNEYSU, Horst Görtz Institute

More information

NIST Post- Quantum Cryptography Standardiza9on

NIST Post- Quantum Cryptography Standardiza9on NIST Post- Quantum Cryptography Standardiza9on Lily Chen Cryptographic Technology Group Computer Security Division, Informa9on Technology Lab Na9onal Ins9tute of Standards and Technology (NIST) NIST Crypto

More information

Lattice-Based Cryptography

Lattice-Based Cryptography Lattice-Based Cryptography Huijing Gong 9/24/2018 Slides courtesy of Dana Dachman-Soled, Valeria Nikolaenko, Chris Peikert, and Oded Regev Traditional Crypto Assumptions Recall Traditional Crypto Assumptions

More information

Memory-Constrained Implementation of Lattice-based Encryption Scheme on the Standard Java Card Platform

Memory-Constrained Implementation of Lattice-based Encryption Scheme on the Standard Java Card Platform Memory-Constrained Implementation of Lattice-based Encryption Scheme on the Standard Java Card Platform Ye Yuan 1, Kazuhide Fukushima 2 Junting Xiao 1, Shinsaku Kiyomoto 2, and Tsuyoshi Takagi 3,4 1 Graduate

More information

COPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS. Ben Johnstone

COPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS. Ben Johnstone COPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS Ben Johnstone Overview Goals Architecture DES Performance Conclusion What is COPACOBANA? Cost Optimized Parallel Code Breaker History Developed at

More information

Breaking ECC2K-130. May 20, Oberseminar Computer Security, COSEC group, B-IT, Bonn

Breaking ECC2K-130. May 20, Oberseminar Computer Security, COSEC group, B-IT, Bonn Breaking ECC2K-130 Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier van Damme, Giacomo de Meulenaer, Luis Julian Dominguez Perez,

More information

Post-Quantum Secure Remote Password Protocol from RLWE Problem

Post-Quantum Secure Remote Password Protocol from RLWE Problem Post-Quantum Secure Remote Password Protocol from RLWE Problem Xinwei Gao 1, Jintai Ding 2, Jiqiang Liu 1, and Lin Li 1 1 Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing

More information

The State of Post- Quantum Cryptography. Presented by the Quantum Safe Security Working Group

The State of Post- Quantum Cryptography. Presented by the Quantum Safe Security Working Group The State of Post- Quantum Cryptography Presented by the Quantum Safe Security Working Group 2018 Cloud Security Alliance All Rights Reserved. You may download, store, display on your computer, view, print,

More information

The libpqcrypto software library for post-quantum cryptography

The libpqcrypto software library for post-quantum cryptography The libpqcrypto software library for post-quantum cryptography and many contributors Context Redesigning crypto for security New requirements for crypto software engineering to avoid real-world crypto

More information

DNNBuilder: an Automated Tool for Building High-Performance DNN Hardware Accelerators for FPGAs

DNNBuilder: an Automated Tool for Building High-Performance DNN Hardware Accelerators for FPGAs IBM Research AI Systems Day DNNBuilder: an Automated Tool for Building High-Performance DNN Hardware Accelerators for FPGAs Xiaofan Zhang 1, Junsong Wang 2, Chao Zhu 2, Yonghua Lin 2, Jinjun Xiong 3, Wen-mei

More information

Table of Contents. Preface... vii Abstract... vii Kurzfassung... x Acknowledgements... xiii. I The Preliminaries 1

Table of Contents. Preface... vii Abstract... vii Kurzfassung... x Acknowledgements... xiii. I The Preliminaries 1 Preface............................................ vii Abstract............................................ vii Kurzfassung.......................................... x Acknowledgements......................................

More information

The transition to post-quantum cryptography. Peter Schwabe February 19, 2018

The transition to post-quantum cryptography. Peter Schwabe February 19, 2018 The transition to post-quantum cryptography Peter Schwabe peter@cryptojedi.org https://cryptojedi.org February 19, 2018 About me Assistant professor at Radboud University Working on high-speed high-security

More information

Algorithms and arithmetic for the implementation of cryptographic pairings

Algorithms and arithmetic for the implementation of cryptographic pairings Cairn seminar November 29th, 2013 Algorithms and arithmetic for the implementation of cryptographic pairings Nicolas Estibals CAIRN project-team, IRISA Nicolas.Estibals@irisa.fr What is an elliptic curve?

More information

Preparing for post-quantum cryptography in TLS

Preparing for post-quantum cryptography in TLS Preparing for post-quantum cryptography in TLS Douglas Stebila Funding acknowledgements: TLS:DIV workshop April 30, 2017 TLS:DIV 2017-04-30 Preparing for post-quantum cryptography in TLS Douglas Stebila

More information

Introduction to Public-Key Cryptography

Introduction to Public-Key Cryptography Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography

More information

Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA

Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007) September 2007 Guerric Meurice de Dormale*, Philippe Bulens,

More information

Lecture 10. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x

Lecture 10. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x Lecture 10 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm

More information

Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer

Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer Implementation of Elliptic Curve Cryptosystems over GF(2 n ) in Optimal Normal Basis on a Reconfigurable Computer Sashisu Bajracharya, Chang Shu, Kris Gaj George Mason University Tarek El-Ghazawi The George

More information

Encrypted Data Deduplication in Cloud Storage

Encrypted Data Deduplication in Cloud Storage Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline

More information

Breaking the Bitstream Decryption of FPGAs

Breaking the Bitstream Decryption of FPGAs Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi

More information

An Investigation of Sources of Randomness Within Discrete Gaussian Sampling

An Investigation of Sources of Randomness Within Discrete Gaussian Sampling An Investigation of Sources of Randomness Within Discrete Gaussian Sampling Séamus Brannigan 1, Neil Smyth 1, Tobias Oder 2, Felipe Valencia 3, Elizabeth O Sullivan 1, Tim Güneysu 4 and Francesco Regazzoni

More information

Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs

Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs Roel Maes 1, Pim Tuyls 1,2, Ingrid Verbauwhede 1 1. COSIC, K.U.Leuven and IBBT 2. Intrinsic-ID, Eindhoven Workshop on

More information

QUANTUM SAFE PKI TRANSITIONS

QUANTUM SAFE PKI TRANSITIONS QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver

More information

Closing the Gap in RFC 7748: Implementing Curve448 in Hardware

Closing the Gap in RFC 7748: Implementing Curve448 in Hardware Closing the Gap in RFC 7748: Implementing Curve448 in Hardware Pascal Sasdrich 1, Tim Güneysu 2 1 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany pascal.sasdrich@rub.de 2 University

More information

Efficient Multivariate Ring Signature Schemes

Efficient Multivariate Ring Signature Schemes Efficient Multivariate Ring Signature Schemes Mohamed Saied Emam Mohamed 1, Albrecht Petzoldt 2 mohamed@cdc.informatik.tu-darmstadt.de, albrecht.petzoldt@nist.gov 1 Technische Universität Darmstadt, Germany

More information

A note on CCA2-protected McEliece cryptosystem with a systematic public key

A note on CCA2-protected McEliece cryptosystem with a systematic public key A note on CCA2-protected McEliece cryptosystem with a systematic public key Pavol Zajac UIM FEI STU, Ilkovicova 3, 81219 Bratislava, Slovakia pavol.zajac@stuba.sk Abstract. We show that the plaintext of

More information

WE human beings harbor an obvious need for security

WE human beings harbor an obvious need for security 1 Postquantum SSL/TLS for embedded systems Yun-An Chang, Ming-Shing Chen, Jong-shian Wu, Bo-Yin Yang, Department of Electrical Engineering, National Taiwan University, Taiwan Institute of Information Science,

More information

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography 1 Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm

More information

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x

Lecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm

More information

All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen

All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen More AES software implementations? AES on AVR [OBSC10] AES on SPARC [BS08] AES on PowerPC [BS08] AES on NVIDIA GPU [OBSC10] AES on

More information

Fast Hardware Architectures for Supersingular Isogeny Die-Hellman Key Exchange on FPGA

Fast Hardware Architectures for Supersingular Isogeny Die-Hellman Key Exchange on FPGA Fast Hardware Architectures for Supersingular Isogeny Die-Hellman Key Exchange on FPGA Brian Koziel 1, Reza Azarderakhsh 2, and Mehran Mozaari-Kermani 3 1 Texas Instruments, kozielbrian@gmail.com. 2 CEECS

More information

The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array. By Paul Kohlbrenner November 20, 2003

The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array. By Paul Kohlbrenner November 20, 2003 The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array By Paul Kohlbrenner November 20, 2003 Presentation Organization 1. Thesis goal 2. The need for random bits in

More information

Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS)

Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Viet Dang and Kris Gaj ECE Department George Mason University Fairfax, VA, USA Introduction to DAGS The

More information

Hardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051 µp

Hardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051 µp Hardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051 µp Lejla Batina, David Hwang, Alireza Hodjat, Bart Preneel and Ingrid Verbauwhede Outline Introduction and Motivation

More information

An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm

An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, Tarek El-Ghazawi 1 1 The George Washington University, Washington, D.C., U.S.A.

More information

Applicability of Public Key Infrastructures in Wireless Sensor Networks

Applicability of Public Key Infrastructures in Wireless Sensor Networks Applicability of Public Key Infrastructures in Wireless Sensor Networks Rodrigo Roman and Cristina Alcaraz Computer Science Department, University of Malaga, Spain {roman,alcaraz}@lcc.uma.es Abstract.

More information

Sowing Seeds Protocol based Key Distribution for Wireless Sensor Network

Sowing Seeds Protocol based Key Distribution for Wireless Sensor Network Sowing Seeds Protocol based Key Distribution for Wireless Sensor Network Saif Al-Alak Department of Computer Science, College of Science for Women, University of Babylon, Iraq. Abstract Wireless Sensor

More information

Interfacing a High Speed Crypto Accelerator to an Embedded CPU

Interfacing a High Speed Crypto Accelerator to an Embedded CPU Interfacing a High Speed Crypto Accelerator to an Embedded CPU Alireza Hodjat ahodjat @ee.ucla.edu Electrical Engineering Department University of California, Los Angeles Ingrid Verbauwhede ingrid @ee.ucla.edu

More information

White-Box Cryptography

White-Box Cryptography Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box

More information

PRESENT An Ultra-Lightweight Block Cipher

PRESENT An Ultra-Lightweight Block Cipher PRESENT An Ultra-Lightweight Block Cipher A. Bogdanov1, L. R. Knudsen3, G. Leander1, C. Paar1, A. Poschmann1, M. J. B. Robshaw2, Y. Seurin2, C. Vikkelsoe3 1 Ruhr-Universität Bochum 2 Technical University

More information

Part 4b Applications. Douglas Stebila. Funding acknowledgements:

Part 4b Applications. Douglas Stebila. Funding acknowledgements: Part 4b Applications Douglas Stebila SAC Summer School Université d'ottawa August 14, 2017 https://www.douglas.stebila.ca/research/presentations Funding acknowledgements: SAC Summer School 2017-08-14 Post-Quantum

More information

NIST Post-Quantum Cryptography- A Hardware Evaluation Study

NIST Post-Quantum Cryptography- A Hardware Evaluation Study NIST Post-Quantum Cryptography- A Hardware Evaluation Study Kanad Basu 1, Deepraj Soni 1, Mohammed Nabeel 2 and Ramesh Karri 1 1 New York University, kb150,dss545,rkarri@nyu.edu 2 New York University,

More information

Publicly-verifiable proof of storage: a modular construction. Federico Giacon

Publicly-verifiable proof of storage: a modular construction. Federico Giacon Publicly-verifiable proof of storage: a modular construction Federico Giacon Ruhr-Universita t Bochum federico.giacon@rub.de 6th BunnyTN, Trent 17 December 2015 Proof of Storage Proof of Storage (PoS)

More information

A Survey of Hardware Implementations of Elliptic Curve Cryptographic Systems

A Survey of Hardware Implementations of Elliptic Curve Cryptographic Systems A Survey of Hardware Implementations of Elliptic Curve Cryptographic Systems Basel Halak Email: bh9@ecs.soton.ac.uk Said Subhan Waizi Email: ssw1e15@soton.ac.uk Asad Islam Email: ai1u14@soton.ac.uk Abstract

More information

Application to More Efficient Obfuscation

Application to More Efficient Obfuscation Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)

More information

Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem

Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem Li-Chin Huang and Min-Shiang Hwang 1 Department of Computer Science and Engineering,

More information

Hardware Architectures

Hardware Architectures Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based

More information

P V Sriniwas Shastry et al, Int.J.Computer Technology & Applications,Vol 5 (1),

P V Sriniwas Shastry et al, Int.J.Computer Technology & Applications,Vol 5 (1), On-The-Fly AES Key Expansion For All Key Sizes on ASIC P.V.Sriniwas Shastry 1, M. S. Sutaone 2, 1 Cummins College of Engineering for Women, Pune, 2 College of Engineering, Pune pvs.shastry@cumminscollege.in

More information

Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs

Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs Shaunak Shah Corsec Security, Inc Fairfax, VA, USA Email: sshah@corsec.com Rajesh Velegalati, Jens-Peter Kaps, David

More information

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication

High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication High-performance Elliptic Curve Cryptography by Using the CIOS Method for Modular Multiplication Amine Mrabet, Nadia El-Mrabet, Ronan Lashermes, Jean-Baptiste Rigaud, Belgacem Bouallegue, Sihem Mesnager

More information

Public-Key Cryptography for RFID Tags

Public-Key Cryptography for RFID Tags Public-Key Cryptography for RFID Tags L. Batina 1, T. Kerins 2, N. Mentens 1, Pim Tuyls 2, Ingrid Verbauwhede 1 1 Katholieke Universiteit Leuven, ESAT/COSIC, Belgium 2 Philips Research Laboratories, Eindhoven,

More information

High Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646

High Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646 High Level Synthesis of Cryptographic Hardware Jeremy Trimble ECE 646 High Level Synthesis Synthesize (FPGA) hardware using software programming languages: C / C++, Domain specific Languages ( DSL ) Typical

More information

Deep-Pipelined FPGA Implementation of Ellipse Estimation for Eye Tracking

Deep-Pipelined FPGA Implementation of Ellipse Estimation for Eye Tracking Deep-Pipelined FPGA Implementation of Ellipse Estimation for Eye Tracking Keisuke Dohi, Yuma Hatanaka, Kazuhiro Negi, Yuichiro Shibata, Kiyoshi Oguri Graduate school of engineering, Nagasaki University,

More information

EVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach

EVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach EVT/WOTE 09 AUGUST 10, 2009 Ersin Öksüzoğlu Dan S. Wallach VoteBox Full featured DRE voting machine Paper in USENIX Security Symposium 2008 2 Pre-rendered user interface simplifies the graphics subsystem

More information

HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction

HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction Daniel J. Bernstein 1, Leon Groot Bruinderink 2, Tanja Lange 2, and Lorenz Panny 2 1 Department of Computer Science

More information

Designing a Hardware in the Loop Wireless Digital Channel Emulator for Software Defined Radio

Designing a Hardware in the Loop Wireless Digital Channel Emulator for Software Defined Radio Designing a Hardware in the Loop Wireless Digital Channel Emulator for Software Defined Radio Janarbek Matai, Pingfan Meng, Lingjuan Wu, Brad Weals, and Ryan Kastner Department of Computer Science and

More information

FCUDA-SoC: Platform Integration for Field-Programmable SoC with the CUDAto-FPGA

FCUDA-SoC: Platform Integration for Field-Programmable SoC with the CUDAto-FPGA 1 FCUDA-SoC: Platform Integration for Field-Programmable SoC with the CUDAto-FPGA Compiler Tan Nguyen 1, Swathi Gurumani 1, Kyle Rupnow 1, Deming Chen 2 1 Advanced Digital Sciences Center, Singapore {tan.nguyen,

More information

Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates

Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Use of Embedded FPGA Resources in Implementations of Five Round Three SHA-3 Candidates Malik Umar Sharif, Rabia Shahid, Marcin Rogawski, Kris Gaj Abstract In this paper, we present results of the comprehensive

More information

Table 1: Example Implementation Statistics for Xilinx FPGAs

Table 1: Example Implementation Statistics for Xilinx FPGAs logijpge Motion JPEG Encoder January 10 th, 2018 Data Sheet Version: v1.0 Xylon d.o.o. Fallerovo setaliste 22 10000 Zagreb, Croatia Phone: +385 1 368 00 26 Fax: +385 1 365 51 67 E-mail: support@logicbricks.com

More information

Classic McEliece: conservative code-based cryptography

Classic McEliece: conservative code-based cryptography Classic McEliece: conservative code-based cryptography 1 D. J. Bernstein classic.mceliece.org Fundamental literature: 1962 Prange (attack) + many more attack papers. 1968 Berlekamp (decoder). 1970 1971

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback