Table of Contents. Preface... vii Abstract... vii Kurzfassung... x Acknowledgements... xiii. I The Preliminaries 1

Transcription

1 Preface vii Abstract vii Kurzfassung x Acknowledgements xiii I The Preliminaries 1 1 Introduction Motivation Thesis Outline Summary of Research Contributions Overview Alternatives to Classical PKC Hash-Based Cryptography Code-Based Cryptography Multivariate-Quadratic Cryptography Lattice-Based Cryptography Summary Embedded Systems Microcontroller Reconfigurable Hardware Finite Fields Field Representations Polynomial Representation Exponential Representation Tower Fields A New Approach: Partial Lookup Tables Attacking Classical Schemes using Quantum Computers Quantum Computing Mathematical Definition of Qubits and Quantum Register

2 5.1.2 Operations on Qubits and Quantum Registers Grover s Algorithm: A Quantum Search Algorithm Attacking Cryptographic Schemes Formulation of the Process Shor s Algorithm: Factoring and Discrete Logarithm Quantum Fourier Transform Factoring and RSA Factoring with Shor Discrete Logarithm with Shor II Code-based Cryptography 43 6 Introduction to Error Correcting Codes Motivation Existing Implementations Outline Error Correcting Codes Basic Definitions Punctured and Shortened Codes Subfield Subcodes and Trace Codes Important Code Classes Construction of Goppa Codes Binary Goppa Codes Parity Check Matrix of Goppa Codes Dyadic Goppa Codes Quasi-Dyadic Goppa Codes Decoding Algorithms for Goppa Codes Key Equation Syndrome Computation Berlekamp-Massey-Sugiyama Patterson Extracting Roots of the Error Locator Polynomial Brute Force Search Using the Horner Scheme Brute Force Search using Chien Search Berlekamp-Trace Algorithm and Zinoviev Procedures MDPC-Codes Decoding MDPC Codes Cryptosystems Based on Error Correcting Codes Overview xvi

3 7.2 Security Parameters Classical McEliece Cryptosystem Key Generation Encryption Decryption Modern McEliece Cryptosystem Key generation Encryption Decryption Niederreiter Cryptosystem Key generation Encryption Decryption Constant Weight Encoding General Security Considerations and New Side-Channel Attacks Overview Hiding the Structure of the Private Code Attacks Message Security Key Security Side Channel Attacks Introduction to DPA A Practical Power Analysis Attacks on Software Implementations of McEliece Gains of Power Analysis Vulnerabilities Ciphertext Indistinguishability Key Length Conversions for CCA2-secure McEliece Variants Kobara-Imai-Gamma Conversion Fujisaki-Okamoto Conversion Microcontroller and FPGA Implementation of Code-based Crypto Using Plain Binary Goppa Codes Previous Work Security Parameters Bit Microcontroller Implementation Design Decisions CCA2-Secure Conversions t-error Correction Using Berlekamp-Massey Decoder Adaptions and Optimizations xvii

4 µc Results µc Conclusions FPGA Implementation of the Niederreiter Scheme Encryption Decryption Using the Patterson Decoder Decryption Using the Berlekamp-Massey Decoder FPGA Results Future Work Code-based Crypto Using Quasi Dyadic binary Goppa Codes Scheme Definition of QD-McEliece Parameter Choice and Key Sizes Security of QD-McEliece Implementational Aspects Field Arithmetic Implementation of the QD-McEliece Variant Implementation of the KIC-γ Results on an 8-Bit Microcontroller Conclusion and Further Research Code-based Crypto Using Quasi Cyclic Medium Density Parity Check Codes McEliece Based on QC-MDPC Codes Security of QC-MDPC Decoding (QC-)MDPC Codes Implementation on Microcontroller Decoder and Parameter Selection Microcontroller Implementation Results Microcontroller Results III Other Alternative Public Key Schemes Multivariate Quadratics Public-Key Schemes Introduction Multivariate Quadratic Public-Key Cryptosystems Security in a Nutshell Security and Parameters of UOV and 0/1-UOV Security and Parameters of Rainbow Security and Parameters of Enhanced TTS xviii

5 13.4 Implementation on AVR Microprocessors Target Platform and Tools Arithmetic and Finite Field Key Size and Signature Runtime Reduction Verify Runtime Reduction RAM Requirements Key Generation Results Conclusion Further Improvements Toy example of 0/1 UOV Key Generation LaPin: An Efficient Authentication Protocol Based on Ring-LPN Introduction LPN, Ring-LPN, and Related Problems Definitions Rings and Polynomials Distributions Authentication Protocols Ring-LPN and its Hardness Hardness of LPN and Ring-LPN Authentication Protocol The Protocol Analysis Implementation Implementation with a Reducible Polynomial Implementation with an Irreducible Polynomial Implementation Results Conclusions and Open Problems Man-in-the-Middle Attack IV Conclusion Conclusion and Future Work Conclusion Future Work V The Appendix 193 xix

6 16 Appendix Listings Listing primitive polynomials for the construction of Finite fields Computing a normal basis of a Finite Field using SAGE Definitions Hamming weight and Hamming distance Minimum distance of a codeword One-way functions Cryptographic Hash functions One-time pad Bibliography 197 List of Figures 217 List of Tables 220 List of Abbreviations 223 About the Author 225 Publications 227 xx