Coupon Recalculation for the GPS Authentication Scheme
|
|
- Meryl Fay Shields
- 5 years ago
- Views:
Transcription
1 Coupon Recalculation for the GPS Authentication Scheme Georg Hofferek and Johannes Wolkerstorfer Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria This research was supported by the European Union through project BRIDGE (IST-FP ). 1
2 Outline Motivation Introduction Short Introduction to the GPS Authentication Scheme Background & Properties Protocol & Typical Values Classic Coupon Approach Reported Architectures and Implementations Idea of Coupon Recalculation Coupon Recalculation Full-Precision Architecture Digit-Serial Architecture Summary & Outlook 2
3 Motivation Introduction (Public-Key) Authentication for Resource-Restricted Devices (e.g. RFID-Tags) Tag Proves Identity to Reader Many Application Scenarios: Public Transportation Tickets Product Genuineness... From now on: Prover = Tag (or Other Limited Device) Verifier = Reader (or Other Computationally Powerful Device) 3
4 GPS Background Proposed by Marc Girault, Guillaume Poupard, and Jacques Stern [2,3,4] Standardized in ISO/IEC 9798 Part 5 (2004) [1] Zero-Knowledge Protocol Unilateral Authentication (Tag Authenticates to Reader) Based on the Discrete Logarithm Problem (in Groups of Unknown Order) e.g.: mod n = p * q (RSA-like Modulus) Further Specialties: ECC Variant Low-Hamming-Weight Variant Optional Hash Function, Weaker" Hash Functions Coupon-Approach 4
5 The GPS Authentication Scheme Typical Values p, q: 512 bits Modulus n: 1024 bits σ = 160 Secret Key s: 160 bits δ = 20 Challenge c: 20 bits ρ = σ + δ + 80 = 260 Random Value r: 260 bits (cf. [1]) 5
6 Coupon Approach Commitments do not depend on any input from the verifier! Calculate Commitments x = hash(g r mod n) in Advance (e.g. off-tag, at Production Time) Store Coupons (r i, x i ) in NVRAM At Authentication: Select Coupon (r i, x i ) Send x i to Verifier Use r i to Calculate y = r i + s*c (cf. [8]) 6
7 Coupon Approach No Complex (Number Theoretic) Operations on the Tag Implementations by McLoone and Robshaw [5,6]: Low-Hamming-Weight Variant 431 GE (excl. NVRAM for coupons) 136 cycles per Authentication FPGA Prototype by Girault et al. [7]: ECC Variant 2600 GE Including 10 Coupons (Plus 3400 for Supporting Module) 200 ms per Authentication BUT: Denial-of-Service Attack 7
8 Coupon Recalculation Approach Recompute Coupons on the Tag (During Idle Time) Find Slow, but Area- and Power-Efficient Implementations for Commitment Calculation x = g r mod n Reuse Hardware Resources for Response Calculation y = r + s*c Full-Precision Approach & Digit-Serial Approach 8
9 Full-Precision Architecture Needs at least 5 full-precision registers 2 Operands, 1 Result, 1 Modulus, 1 Intermediate (Square&Multiply) ~ GE (for 1024 bits modulus) ~ 5 Million Cycles per Commitment Calculation At least 1024 flip-flops clocked every cycle ( power consumption!) Total High-Level Estimate: ~ GE 9
10 Digit-Serial Approach Less Gates (Area) for Arithmetic Components Less Flip-Flops Clocked per Cycle (Power Consumption) Can Use Standardized RAM Hardmacro (less Area) More Clock Cycles Needed 10
11 Digit-Serial Architecture Synthesis Results Digit Size: 8 bits Needs RAM for 560 digits, ~66.6 million clock cycles per coupon ~800 GE Digit Size d parameterizeable! (~8-64 bits) 11
12 Power Simulation of Arithmetic Unit (d = 8 bits) AMS c35b4 CMOS technology Area after Place & Route: µm² Power Consumption: (simulated with Synopsys 2.5V, 100 khz: 2.5 µa V, 125 MHz: 3.2 ma mw (~ 2 coupons per second) 12
13 Smallest Architecture: Summary & Outlook ~800 GE, plus 560 Bytes RAM 66.6 Million Cycles per Commitment Calculation up to 290 MHz (~ 4 coupons per second) possible in UMC V, 100 khz (AMS c35b4 CMOS technology) Analyse Application Scenarios (Trade-Offs) Think about Storing "Checkpoints in NVRAM Use Elliptic Curve Cryptography On-Tag Public-Key Cryptography not completely out of the question any more. 13
14 References [1] ISO/IEC. International Standard ISO/IEC 9798 Part 5: Mechanisms using zeroknowledge techniques. December, 2004 [2] Marc Girault. An identiy-based identification scheme based on discrete logarithms modulo a composite number.in I. B. Daamgard, editor, Advances in Cryptology Eurocrypt 90, number 473 in Lecture Notes in Computer Science, pages Springer,1991. [3] Marc Girault. Self-certified public keys. In D. Davies, editor, Advances in Cryptology Eurocrypt 91, number 547 in Lecture Notes in Computer Science, pages Springer, April [4] Guillaume Poupard and Jacques Stern. Security analysis of a practical on the fly authentication and signature generation. In Advances in Cryptology EUROCRYPT 98, volume 1403 of Lecture Notes in Computer Science, page 422. Springer, ISBN [5] M. McLoone and M. J. B. Robshaw. New architectures for low-cost public key cryptography on RFID tags. In IEEE International Symposium on Circuits and Systems, ISCAS 2007, pages , May [6] M. McLoone and M. J. B. Robshaw. Public key cryptography and RFID tags. In Topics in Cryptology CT- RSA 2007, volume 4377 of Lecture Notes in Computer Science. Springer, ISBN [7] Marc Girault, L. Juniot, and M. J. B. Robshaw. The feasibility of on-the-tag public key cryptography. In Proceedings of the International Conference on RFID Security 2007, [8] Girault, M.: Low-size coupons for low-cost ic cards. In Smart Card Research and Advanced Applications. In: Proceedings of the Fourth Working Conference on Smart Card Research and Advanced Applications, CARDIS 2000, Bristol, UK, September 20-22, 2000, vol. 180, pp Kluwer, Dordrecht (2000) 14
15 Thank You for Your Attention! Georg Hofferek, Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria Phone:
Public Key Cryptography on RFID tags "A survey on the GPS identification scheme"
Public Key Cryptography on RFID tags "A survey on the GPS identification scheme" Spyridon Antakis Eindhoven University of Technology Department of Mathematics & Computer Science Email: s.antakis@student.tue.nl
More informationA Case Against Currently Used Hash Functions in RFID Protocols
Institute for Applied Information Processing and Communications (IAIK) & Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006,
More informationA Case Against Currently Used Hash Functions in RFID Protocols
A Case Against Currently Used Hash Functions in RFID Protocols Martin Feldhofer and Christian Rechberger Graz University of Technology Institute for Applied Information Processing and Communications Inffeldgasse
More informationLightweight Cryptography and RFID: Tackling the Hidden Overheads
Lightweight Cryptography and RFID: Tackling the Hidden Overheads A. Poschmann 1, M. Robshaw 2, F. Vater 3, and C. Paar 4 1 Division of Mathematical Sciences, Nanyang Technological University, Singapore
More informationHardware/Software Co-Design of Elliptic Curve Cryptography on an 8051 Microcontroller
Hardware/Software Co-Design of Elliptic Curve Cryptography on an 8051 Microcontroller Manuel Koschuch, Joachim Lechner, Andreas Weitzer, Johann Großschädl, Alexander Szekely, Stefan Tillich, and Johannes
More informationPublic-Key Cryptography for RFID Tags
Public-Key Cryptography for RFID Tags L. Batina 1, T. Kerins 2, N. Mentens 1, Pim Tuyls 2, Ingrid Verbauwhede 1 1 Katholieke Universiteit Leuven, ESAT/COSIC, Belgium 2 Philips Research Laboratories, Eindhoven,
More informationVLSI. Institute for Applied Information Processing and Communications VLSI Group. VLSI Design. KU Sommersemester 2007 RSA-2048 Implementation
VLSI Design KU Sommersemester 2007 RSA-2048 Implementation 1 Motivation RSA: asymmetric cryptography Signature generation Based on modular exponentiation Integer factorization as underlying hard problem
More informationCoupon Recalculation for the GPS Authentication Scheme
Coupon Recalculation for the GPS Authentication Scheme Georg Hofferek an Johannes Wolkerstorfer Graz University of Technology, Institute for Applie Information Processing an Communications (IAIK), Inffelgasse
More informationAdvanced Encryption Standard
Advanced Encryption Standard Vincent Rijmen Institute for Applied Information Processing and Communications (IAIK) - Krypto Group Faculty of Computer Science Graz University of Technology Outline Modern
More informationVLSI Design. KU Summer Semester 2011 Low-Resource Block Ciphers VLSI. Thomas Plos.
VLSI Design Assignment Presentation KU Summer Semester 2011 Low-Resource Block Ciphers Thomas Plos IAIK Graz University of Technology Thomas.Plos@iaik.tugraz.at www.iaik.tugraz.at 1 Security-Related RFID
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationCoupon Recalculation for the GPS Authentication Scheme
Coupon Recalculation for the GPS Authentication Scheme Georg Hofferek an Johannes Wolkerstorfer Graz University of Technology, Institute for Applie Information Processing an Communications (IAIK), Inffelgasse
More informationScalable VLSI Design for Fast GF(p) Montgomery Inverse Computation
Scalable VLSI Design for Fast GF(p) Montgomery Inverse Computation Adnan Abdul-Aziz Gutub 1, Erkay Savas 2, and Tatiana Kalganova 3 1 Department of Computer Engineering, King Fahd University of Petroleum
More informationLow-Cost Cryptography for Privacy in RFID Systems
Low-Cost Cryptography for Privacy in RFID Systems Abstract. Massively deploying RFID systems while preserving people s privacy and data integrity is a major security challenge of the coming years. Up to
More informationALIKE: Authenticated Lightweight Key Exchange. Sandrine Agagliate, GEMALTO Security Labs
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability
More informationCryptography for Resource Constrained Devices: A Survey
Cryptography for Resource Constrained Devices: A Survey Jacob John Dept. of Computer Engineering Sinhgad Institute of Technology Pune, India. jj31270@yahoo.co.in Abstract Specifically designed and developed
More informationLow-cost cryptography for privacy in RFID systems
Low-cost cryptography for privacy in RFID systems Benoît Calmels, Sébastien Canard, Marc Girault, and Hervé Sibert France Telecom R&D, 42, rue des Coutures, BP6243, 14066 Caen Cedex 4, France {benoit.calmels,
More informationInstitute for Applied Information Processing and Communications VLSI Group Professor Horst Cerjak, Martin Feldhofer KU01_assignment
VLSI Design KU Sommersemester 2009 SHA-3 Hash Competition 1 Hash Functions are Work Horses in IT Security and Cryptography Web browser Trusted computing, everything is done with SHA-1 Public-key infrastructures
More informationStrong Authentication for RFID Systems Using the AES Algorithm
Strong Authentication for RFID Systems Using the AES Algorithm Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer Institute for Applied Information Processing and Communications, Graz University
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationDigital Signature. Raj Jain
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationPUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems
PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems Huiju Cheng, Howard M. Heys, and Cheng Wang Electrical and Computer Engineering Memorial University of Newfoundland St. John's,
More informationA New Type of Timing Attack: Application to GPS
A New Type of Timing Attack: Application to GPS Julien Cathalo, François Koeune and Jean-Jacques Quisquater Université catholique de Louvain Place du Levant 3 1348 Louvain-la-Neuve, Belgium {cathalo,fkoeune,q}@dice.ucl.ac.be
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationRecommendation to Protect Your Data in the Future
Recommendation to Protect Your Data in the Future Prof. Dr.-Ing. Tim Güneysu Arbeitsgruppe Technische Informatik / IT-Sicherheit (CEITS) LEARNTEC Karlsruhe 27.01.2016 Long-Term Security in the Real World
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationVLSI Design. Assignment. KU Sommersemester 2006 Analysis of Stream Ciphers. Stream cipher implementation VLSI VLSI PRNG PRNG. Key = K.
Design KU Sommersemester 2006 Analysis of Stream Ciphers 1 Assignment Stream cipher implementation PRNG PRNG Key = K Key = K Keystream Keystream Plaintext Ciphertext Plaintext Plaintext XOR Keystrem =
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 29192-4 First edition 2013-06-01 Information technology Security techniques Lightweight cryptography Part 4: Mechanisms
More informationAlgorithms and arithmetic for the implementation of cryptographic pairings
Cairn seminar November 29th, 2013 Algorithms and arithmetic for the implementation of cryptographic pairings Nicolas Estibals CAIRN project-team, IRISA Nicolas.Estibals@irisa.fr What is an elliptic curve?
More informationA New Type of Timing Attack: Application to GPS
A New Type of Timing Attack: Application to GPS Julien Cathalo, François Koeune, and Jean-Jacques Quisquater Université catholique de Louvain Place du Levant 3 1348 Louvain-la-Neuve, Belgium {cathalo,fkoeune,q}@dice.ucl.ac.be
More informationLightweight Cryptography for RFID Systems
Lightweight Cryptography for RFID Systems Guang Gong Department of Electrical and Computer Engineering University of Waterloo CANADA G. Gong (University of Waterloo)
More informationECE 297:11 Reconfigurable Architectures for Computer Security
ECE 297:11 Reconfigurable Architectures for Computer Security Course web page: http://mason.gmu.edu/~kgaj/ece297 Instructors: Kris Gaj (GMU) Tarek El-Ghazawi (GWU) TA: Pawel Chodowiec (GMU) Kris Gaj George
More informationPKCS #3: Diffie-Hellman Key-Agreement
1 of 6 5/19/2006 1:04 PM PKCS #3: Diffie-Hellman Key-Agreement Standard An RSA Laboratories Technical Note Version 1.4 Revised November 1, 1993 * 1. Scope This standard describes a method for implementing
More informationPKCS #3: Diffie-Hellman Key- Agreement Standard
PKCS #3: Diffie-Hellman Key- Agreement Standard An RSA Laboratories Technical Note Version 1.4 Revised November 1, 1993 * 1. Scope This standard describes a method for implementing Diffie-Hellman key agreement,
More informationHardware/Software Co-Design of Elliptic Curve Cryptography on an 8051 Microcontroller
Hardware/Software Co-Design of Elliptic Curve Cryptography on an 8051 Microcontroller Manuel Koschuch, Joachim Lechner, Andreas Weitzer, Johann Großschädl, Alexander Szekely, Stefan Tillich, and Johannes
More informationIMPLEMENTATION OF ELLIPTIC CURVE POINT MULTIPLICATION ALGORITHM USING DSP PROCESSOR 1Prof. Renuka H. Korti, 2Dr. Vijaya C.
ISSN 2320-9194 13 International Journal of Advance Research, IJOAR.org Volume 1, Issue 7, July 2013, Online: ISSN 2320-9194 IMPLEMENTATION OF ELLIPTIC CURVE POINT MULTIPLICATION ALGORITHM USING DSP PROCESSOR
More informationHardware Accelerator for Stream Cipher Spritz
Hardware Accelerator for Stream Cipher Spritz by Debjyoti Bhattacharjee and Anupam Chattopadhyay School of Computer Science and Engineering (SCSE) 26-July-2016 Debjyoti Bhattacharjee and Anupam Chattopadhyay,
More informationHigh-Performance Modular Multiplication on the Cell Broadband Engine
High-Performance Modular Multiplication on the Cell Broadband Engine Joppe W. Bos Laboratory for Cryptologic Algorithms EPFL, Lausanne, Switzerland joppe.bos@epfl.ch 1 / 21 Outline Motivation and previous
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationGroup Authentication Using The Naccache-Stern Public-Key Cryptosystem
Group Authentication Using The Naccache-Stern Public-Key Cryptosystem Scott Guthery sguthery@mobile-mind.com Abstract A group authentication protocol authenticates pre-defined groups of individuals such
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationA 5.1µJ per Point-Multiplication Elliptic Curve Cryptographic Processor
A 5.1µJ per Point-Multiplication Elliptic Curve Cryptographic Processor authors version Vladimir Rožić, Oscar Reparaz and Ingrid Verbauwhede ESAT/COSIC and iminds, KU Leuven, Kasteelpark Arenberg 10, B-3001
More informationElliptic Curve Public Key Cryptography
Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key
More informationA Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.
A Multi-Application Smart-Card ID System for George Mason University - Suraj Ravichandran. Current System Magnetic Swipe Card based ID The card has three tracks They each store the following: Name, G#
More informationOther Systems Using Timing Attacks. Paul C. Kocher? EXTENDED ABSTRACT (7 December 1995)
Cryptanalysis of Die-Hellman, RSA, DSS, and Other Systems Using Timing Attacks Paul C. Kocher? EXTENDED ABSTRACT (7 December 1995) Since many existing security systems can be broken with timing attacks,
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationState of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks
State of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks Gunnar Gaubatz, Jens-Peter Kaps, Erdinç Öztürk, Berk Sunar Cryptography & Information Security Lab, Worcester Polytechnic
More informationCollision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA
Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007) September 2007 Guerric Meurice de Dormale*, Philippe Bulens,
More informationSecurity of the Lin-Lai smart card based user authentication scheme
Security of the Lin-Lai smart card based user authentication scheme Chris J. Mitchell and Qiang Tang Technical Report RHUL MA 2005 1 27 January 2005 Royal Holloway University of London Department of Mathematics
More informationSuccessfully Attacking Masked AES Hardware Implementations
Successfully Attacking Masked AES Hardware Implementations Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald Institute for Applied Information Processing and Communications (IAIK) Graz University
More informationThe Cryptographic Sensor
The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective
More informationProposal for Scrambled Method based on NTRU
Proposal for Scrambled Method based on NTRU Ahmed Tariq Sadiq Computer Science Department University of Technology Baghdad, Iraq Najlaa Mohammad Hussein Computer Science Department Baghdad University Baghdad,
More informationANALYSIS OF AN AREA EFFICIENT VLSI ARCHITECTURE FOR FLOATING POINT MULTIPLIER AND GALOIS FIELD MULTIPLIER*
IJVD: 3(1), 2012, pp. 21-26 ANALYSIS OF AN AREA EFFICIENT VLSI ARCHITECTURE FOR FLOATING POINT MULTIPLIER AND GALOIS FIELD MULTIPLIER* Anbuselvi M. and Salivahanan S. Department of Electronics and Communication
More informationBlind Differential Cryptanalysis for Enhanced Power Attacks
Blind Differential Cryptanalysis for Enhanced Power Attacks Bart Preneel COSIC K.U.Leuven - Belgium bart.preneel(at)esat.kuleuven.be Joint work with Helena Handschuh Concept Differential cryptanalysis
More informationLightweight Crypto Design Principles - Approaches and Limitations
Lightweight Crypto Design Principles - Approaches and Limitations Axel Poschmann Division of Mathematical Sciences School of Physical and Mathematical Sciences August 31, 2011 Agenda Motivation Background
More informationImproved Delegation Of Computation Using Somewhat Homomorphic Encryption To Reduce Storage Space
Improved Delegation Of Computation Using Somewhat Homomorphic Encryption To Reduce Storage Space Dhivya.S (PG Scholar) M.E Computer Science and Engineering Institute of Road and Transport Technology Erode,
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationAn Optimized Hardware Architecture for the Montgomery Multiplication Algorithm
An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm Miaoqing Huang 1, Kris Gaj 2, Soonhak Kwon 3, Tarek El-Ghazawi 1 1 The George Washington University, Washington, D.C., U.S.A.
More informationA Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.
More informationZero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16)
Zero Knowledge Protocols c Eli Biham - May 3, 2005 442 Zero Knowledge Protocols (16) A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms.
More informationFaster Interleaved Modular Multiplier Based on Sign Detection
Faster Interleaved Modular Multiplier Based on Sign Detection Mohamed A. Nassar, and Layla A. A. El-Sayed Department of Computer and Systems Engineering, Alexandria University, Alexandria, Egypt eng.mohamedatif@gmail.com,
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationHigh Speed Systolic Montgomery Modular Multipliers for RSA Cryptosystems
High Speed Systolic Montgomery Modular Multipliers for RSA Cryptosystems RAVI KUMAR SATZODA, CHIP-HONG CHANG and CHING-CHUEN JONG Centre for High Performance Embedded Systems Nanyang Technological University
More informationFault Attacks on Public Keys
Fault Attacks on Public Keys Ce cile Canovas and Alexandre Berzati CEA-LETI Minatec et Universite de Versailles 5 Juin 2009 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms 4 ECDLP-based
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationTemplate Attacks on ECDSA
Template Attacks on ECDSA Marcel Medwed 1 and Elisabeth Oswald 1,2 1 University of Bristol, Computer Science Department, Merchant Venturers Building, Woodland Road, BS8 1UB, Bristol, UK 2 Graz University
More informationLightweight Cryptography: Designing Crypto for Low Energy and Low Power
Lightweight Cryptography: Designing Crypto for Low Energy and Low Power Miroslav Knežević NXP Semiconductors miroslav.knezevic@nxp.com September 12, 2015 WEEE 2015, Espoo, Finland Cryptography The Art
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationExploring the Design Space of the GPS Authentication Scheme
Exploring the Design Space of the GPS Authentication Scheme Georg Hofferek, Bakk.techn. georg@hofferek.at Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology
More informationA Scalable Architecture for Montgomery Multiplication
A Scalable Architecture for Montgomery Multiplication Alexandre F. Tenca and Çetin K. Koç Electrical & Computer Engineering Oregon State University, Corvallis, Oregon 97331 {tenca,koc}@ece.orst.edu Abstract.
More informationStandardisation efforst in lightweight cryptography
Standardisation efforts in lighweight cryptography February 2, 2014 Outline Motivation for standardisation. Keeloq. Standardisation processes and structures at ISO. What is in the ISO standards currently?
More information1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)
Digital Signature Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 13-1 1. Digital Signatures 2.
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationThe Beta Cryptosystem
Bulletin of Electrical Engineering and Informatics Vol. 4, No. 2, June 2015, pp. 155~159 ISSN: 2089-3191 155 The Beta Cryptosystem Chandrashekhar Meshram Department of Mathematics, RTM Nagpur University,
More informationBlank Digital Signatures: Optimization and Practical Experiences
Blank Digital Signatures: Optimization and Practical Experiences David Derler, Christian Hanser, and Daniel Slamanig {david.derler, christian.hanser, daniel.slamanig}@iaik.tugraz.at Institute for Applied
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationPost-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Sebastian Ramacher Joint work with Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Christian Rechberger, Daniel
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationmoment (due to problems of auxiliary memory): another weak point is the associated cost. A possible alternative solution is to use an auxiliary unit (
Secure acceleration of DSS signatures using insecure server Philippe Beguin? Jean-Jacques Quisquater Philippe.Beguin@ens.fr Quisquater@dice.ucl.ac.be Laboratoire d'informatique?? Laboratoire DICE Ecole
More informationSelf evaluation of FEAL-NX
Self evaluation of FEAL-NX 1 Evaluation of security 1.1. Differential cryptanalysis In extending differential cryptanalysis, Aoki, Kobayashi, and Moriai [1] greatly reduced the computational amount needed
More informationElliptic Curve Cryptosystem
UDC 681.8 Elliptic Curve Cryptosystem VNaoya Torii VKazuhiro Yokoyama (Manuscript received June 6, 2000) This paper describes elliptic curve cryptosystems (ECCs), which are expected to become the next-generation
More informationFiroz Ahmed Siddiqui 1, Ranjeet Kumar 2 1 (Department of Electronics & Telecommunication, Anjuman College of Engineering & Technology, Nagpur,
VLSI Design of Secure Cryptographic Algorithm Firoz Ahmed Siddiqui 1, Ranjeet Kumar 2 1 (Department of Electronics & Telecommunication, Anjuman College of Engineering & Technology, Nagpur, India) 2 (Department
More informationProtocols for Authenticated Oblivious Transfer
Protocols for Authenticated Oblivious Transfer Mehrad Jaberi, Hamid Mala Department of Computer Engineering University of Isfahan Isfahan, Iran mehrad.jaberi@eng.ui.ac.ir, h.mala@eng.ui.ac.ir Abstract
More informationRequest for Comments: 1828 Category: Standards Track Daydreamer August 1995
Network Working Group Request for Comments: 1828 Category: Standards Track P. Metzger Piermont W. Simpson Daydreamer August 1995 IP Authentication using Keyed MD5 Status of this Memo This document specifies
More informationSecure UHF Tags with Strong Cryptography Development of ISO/IEC Compatible Secure RFID Tags and Presentation of First Results
Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th, 2013 Agenda Motivation for Secure
More informationSource Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network
Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network 1 Ms.Anisha Viswan, 2 Ms.T.Poongodi, 3 Ms.Ranjima P, 4 Ms.Minimol Mathew 1,3,4 PG Scholar, 2 Assistant Professor,
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationProvably Secure and Efficient Cryptography
Provably Secure and Efficient Cryptography Tsuyoshi TAKAGI TU Darmstadt ttakagi@cdc.informatik.tu-darmstadt.de http://www.informatik.tu-darmstadt.de/ti/ Contents Overview NICE Cryptosystem Provable Security
More informationA Related-Key Attack on TREYFER
The Second International Conference on Emerging Security Information, Systems and Technologies A Related-ey Attack on TREYFER Aleksandar ircanski and Amr M Youssef Computer Security Laboratory Concordia
More informationCryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 13 Digital Signatures & Authentication Protocols To guard against the baneful influence
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationEfficient identity-based GQ multisignatures
Int. J. Inf. Secur. DOI 10.1007/s10207-008-0072-z REGULAR CONTRIBUTION Efficient identity-based GQ multisignatures Lein Harn Jian Ren Changlu Lin Springer-Verlag 2008 Abstract ISO/IEC 14888 specifies a
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 13 Digital Signatures To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage
More information