Cryptographic Engineering

Size: px

Start display at page:

Download "Cryptographic Engineering"

Rosalyn Nelson
6 years ago
Views:

1 etin Kaya K09 Editor Cryptographic Engineering ^Spri ringer

1 About Cryptographic Engineering 1 Cetin Kaya Кос 1.1 Introduction 1 1.2 Chapter Contents 2 1.

2 1 About Cryptographic Engineering 1 Cetin Kaya Кос 1.1 Introduction Chapter Contents Exercises and Projects 4 2 Random Number Generators for Cryptographic Applications 5 Werner Schindler 2.1 Introduction General Requirements Classification Deterministic Random Number Generators (DRNGs) Pure DRNGs HybridDRNGs A Word of Warning Physical True Random Number Generators (PTRNGs) The Generic Design Entropy and Guesswork Non-physical True Random Number Generators (NPTRNGs): Basic Properties Standards and Evaluation Guidances Exercises Projects 21 References 21 3 Evaluation Criteria for Physical Random Number Generators 25 Werner Schindler 3.1 Introduction Generic Design Evaluation Criteria for the Principle Design The Stochastic Model 29 ix

x Contents 3.5 Algorithmic Postprocessing 37 3.6 Online Test, Tot Test, and Self Test 41 3.6.1 Online Tests 42 3.7 Alternative Security Philosophies 49 3.8 Side-channel Attacks and Fault Attacks 50 3.

3 x Contents 3.5 Algorithmic Postprocessing Online Test, Tot Test, and Self Test Online Tests Alternative Security Philosophies Side-channel Attacks and Fault Attacks Exercises Projects 51 References 52 4 True Random Number Generators for Cryptography 55 Berk Sunar 4.1 Introduction TRNG Building Blocks Desirable Features Survey of TRNG Designs Baggini and Bucci The Intel TRNG Design The Tkacik TRNG Design The Epstein et al. TRNG Design The Fischer-Dratarovsky Design The Golic FIGARO Design The Kohlbrenner-Gaj Design The Bucci-Luzzi Testable TRNG Design Framework The Rings Design The PUF-RNG Design The Yoo et al. Design The Dichtl and Golic RNG Design Postprocessing Techniques Exercises 70 References 71 5 Fast Finite Field Multiplication 75 Serdar Süer Erdem, Tugrul Yanik, and Cetin Kaya Кос 5.1 Introduction Finite Fields Multiplication in Prime Fields Integer Multiplication Integer Squaring Integer Modular Reduction Multiplication in Binary Extension Fields Polynomial Multiplication over F Polynomial Squaring over F Polynomial Modular Reduction over F Multiplication in General Extension Fields Field Multiplication in OEF Coefficient Multiplication and Reductions 98

xi 5.6 Karatsuba-Ofman Algorithm 99 5.6.1 Complexity 100 5.6.2 Number of Scalar Multiplications 100 5.7 Exercises 102 5.

4 xi 5.6 Karatsuba-Ofman Algorithm Complexity Number of Scalar Multiplications Exercises Projects 103 References Efficient Unified Arithmetic for Hardware Cryptography 105 Erkay Sava and Cetin Kaya Кос 6.1 Introduction Fundamentals of Extension Fields Addition and Subtraction Multiplication Montgomery Multiplication Algorithm Dual-Radix Multiplier Support for Ternary Extension Fields, GF(3") Inversion Montgomery Inversion for GF(p) and GF{2") Conclusions Exercises Projects 123 References Spectral Modular Arithmetic for Cryptography 125 Gökay Saldamh and Cetin Kaya Кос 7.1 Introduction Notation and Background Evaluation Polynomials Discrete Fourier Transform (DFT) Properties of DFT: Time-frequency dictionary Spectral Modular Arithmetic Time Simulations and Spectral Algorithms Modular Reduction Spectral Modular Reduction Time Simulation of Spectral Modular Reduction Spectral Modular Reduction in a Finite Ring Spectrum Spectral Modular Multiplication (SMM) Spectral Modular Exponentiation Illustrative Example Applications to Cryptography Mersenne and Fermat rings Pseudo Number Transforms Parameter Selection for RSA Parameter Selection for ECC over Prime Fields Spectral Extension Field Arithmetic Binary Extension Fields 158

7.5.2 Midsize Characteristic Extension Fields 161 7.5.3 Parameter Selection for ECC over Extension Fields 164 7.6 Notes 165 7.7 Exercises 166 7.

5 7.5.2 Midsize Characteristic Extension Fields Parameter Selection for ECC over Extension Fields Notes Exercises Projects 167 References 168 Elliptic and Hyperelliptic Curve Cryptography 171 Nigel Boston and Matthew Darnall 8.1 Introduction Diffie - Hellman Key Exchange Introduction to Elliptic and Hyperelliptic Curves The Jacobian of a Curve The Principal Subgroup and Jac(C) Computing on Jac{C) Group Law for Elliptic Curves Techniques for Computations in Hyperelliptic Curves Explicit Formulae Projective Coordinates Other Optimization Techniques Counting Points on Jac(C) Attacks Baby-Step Giant-Step Attack Pollard Rho and Lambda Attacks Pohlig-Hellman Attack Menezes-Okamoto-Vanstone Attack Semaev, Satoh-Araki, Smart Attack Attacks employing Weil descent Good Curves Exercises Projects 185 References 185 Instruction Set Extensions for Cryptographic Applications 191 Sandro Bartolini, Roberto Giorgi, and Enrico Martinelli 9.1 Introduction Instruction Set Architecture Applications and Benchmarks Benchmarks Potential Performance ISE for Cryptographic Applications Instructions for Information Confusion and Diffusion ISE for AES ISE for ECC applications Exercises Projects 228 References 229

xiü 10 FPGA and ASIC Implementations of AES 235 Kris Gaj and Pawel Chodowiec 10.1 Introduction 235 10.2 AES Cipher Description 236 10.2.1 Basic Features 236 10.2.2 Round Operations 237 10.2.3 Iterative Structure 242 10.

6 xiü 10 FPGA and ASIC Implementations of AES 235 Kris Gaj and Pawel Chodowiec 10.1 Introduction AES Cipher Description Basic Features Round Operations Iterative Structure Key Scheduling FPGA and ASIC Technologies Parameters of Hardware Implementations Throughput and Latency Area Hardware Architectures of Symmetric Block Ciphers Hardware Architectures vs. Block Cipher Modes of Operation Basic Iterative Architecture Loop Unrolling Pipelining Limits on the Maximum Clock Frequency of Pipelined Architectures Compact Architectures with Resource Sharing Implementation of Basic Operations of AES in Hardware SubBytes and InvSubBytes MixColumns and InvMixColumns Hardware Architectures of a Single Round of AES S-Box-Based Architecture T-Box-Based Architecture Compact Architectures Implementation of Key Scheduling Optimum Choice of a Hardware Architecture for AES Exercises Projects 290 References Secure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs 295 Francois-Xavier Standaert 11.1 Introduction Efficient FPGA Implementations Exploiting the Slice Structure Exploiting Embedded Blocks Exploiting Further Features Combining the Tricks: The Flexibility Versus Efficiency Tradeoff Fair Evaluation of a Cryptographic FPGA Design 303

xiv Contents 11.3.1 Design Goals 304 11.3.2 Performance Evaluation 304 11.4 Security of FPGAs Against Side-Channel Attacks 305 11.4.1 Applicability of the Attack and FPGA Properties 306 11.4.2 Countermeasures 310 11.

7 xiv Contents Design Goals Performance Evaluation Security of FPGAs Against Side-Channel Attacks Applicability of the Attack and FPGA Properties Countermeasures Measuring Side-Channel Resistance Other Security Issues Fault Attacks Bitstream Security Conclusions and Open Questions Exercises Projects 317 References Block Cipher Modes of Operation from a Hardware Implementation Perspective 321 Debrup Chakraborty and Francisco Rodriguez-Henriquez 12.1 Introduction Block Ciphers Introduction to AES Byte Substitution (BS) Step ShiftRows (SR) Step Mix Columns (MC) Step Add Round Key (ARK) Step Key Scheduling Algorithm A Background in Binary Extension Finite Fields Rings Fields Finite Fields Binary Finite Field Arithmetic Traditional Modes of Operations Electronic Code Book Mode Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode Security Requirements for Modes of Operations The Adversary Privacy Only Modes Authenticated Encryption Disk Encryption Schemes Security Proofs Some Modern Modes The Offset CodebookMode ECB-Mask-ECB Mode 344

xv 12.8 The CCM Mode: A Case Study 347 12.8.1 The CCM Mode 347 12.8.2 AES Encryptor Core Implementation 350 12.8.3 Hardware Implementation of the CCM Mode 353 12.8.4 Experimental Results and Comparison 357 12.

8 xv 12.8 The CCM Mode: A Case Study The CCM Mode AES Encryptor Core Implementation Hardware Implementation of the CCM Mode Experimental Results and Comparison Conclusions Exercises Projects 359 References Basics of Side-Channel Analysis 365 Marc Joye 13.1 Introduction Timing Analysis Attack on a Password Verification Attack on an RSA Signature Scheme Simple Power Analysis Reverse-Engineering of an Algorithm Attack on a Private RSA Exponentiation Attack on a DES Key Schedule Differential Power Analysis Bit Tracing Attack on an AES Implementation Attack on an RSA Signature Scheme (2) Countermeasures Exercises Projects 378 References Improved Techniques for Side-Channel Analysis 381 Pankaj Rohatgi 14.1 Introduction CMOS Devices: Side-Channel Leakage Perspective Intentional Current Flows Leakage Current Flows Information Leakage in Power and EM Side-Channels Characterizing Side-Channel Leakage Using Maximum Likelihood Adversarial Model Maximum Likelihood and Best Attack Strategy Gaussian Assumption Template Attacks Classical Template Attacks: The Case of RC Single-Bit Templates and Applications Improved DPA/DEMA Metric Improving DPA 395

xvi Contents 14.6 Multi-Channel Attacks 397 14.6.1 Multiple Channel Selection 397 14.6.2 Multi-Channel Template Attacks 399 14.6.3 Multi-Channel DPA 400 14.

9 xvi Contents 14.6 Multi-Channel Attacks Multiple Channel Selection Multi-Channel Template Attacks Multi-Channel DPA Toward Information Leakage Assessment Practical Considerations Projects 403 References Electromagnetic Attacks and Countermeasures 407 Pankaj Rohatgi 15.1 Introduction and History EM Emanations Background Types of EM Emanations EM Propagation EM Capturing Equipment EM Leakage Examples Examples: Amplitude Modulation Examples: Angle Modulation Multiplicity of EM Channels and Comparison with Power Channel Using EM to Bypass Power Analysis Countermeasures Quantifying EM Exposure Countermeasures Projects 429 References Leakage from Montgomery Multiplication 431 Colin D. Walter 16.1 Introduction Montgomery Reduction Montgomery Modular Multiplication Exponentiation Space and Time Comparisons Side Channel Analysis Frequencies of Conditional Subtractions Variance in Frequencies and SCA Errors A Surprising Improvement Conclusions Exercises Projects 446 References Randomized Exponentiation Algorithms 451 Colin D. Walter 17.1 Introduction 451

xvii 17.2 The Big Mac Attack 452 17.3 Digit Representation and Exponentiation Algorithms 454 17.4 Liardet-Smart 457 17.4.1 Attacking the Algorithm 459 17.5 Oswald-Aigner Exponentiation 460 17.5.1 Attacking the Algorithm 461 17.

10 xvii 17.2 The Big Mac Attack Digit Representation and Exponentiation Algorithms Liardet-Smart Attacking the Algorithm Oswald-Aigner Exponentiation Attacking the Algorithm Ha-Moon Attacking the Algorithm Itoh's Overlapping Windows Attacking the Algorithm Randomized Table Method Attacking the Algorithm The MIST Algorithm Attacking the Algorithm Conclusions Exercises Projects 470 References Microarchitectural Attacks and Countermeasures 475 Onur Aciicmez and Cetin Kaya Кос 18.1 Introduction Overview and Brief History Cache Analysis Basics of Cache Overview of Cache Attacks A Brief Survey on Cache Analysis Time-Driven and Trace-Driven Attacks Exploiting Internal Collisions in Time-Driven Attacks Access-Driven Attacks Percival's Hyper-Threading Attack on RSA Branch Prediction Analysis The Concept of Branch Prediction Simple Branch Prediction Analysis I-cache Analysis Exploiting Shared Functional Units Comparing Microarchitectural Analysis Types Countermeasures for Microarchitectural Analysis Exercises Projects 500 References 501 Authors' Biographies 505 Index 513

Cryptography and Network Security

Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY