Fault Attacks on Public Keys
|
|
- Elaine Ruby Hall
- 6 years ago
- Views:
Transcription
1 Fault Attacks on Public Keys Ce cile Canovas and Alexandre Berzati CEA-LETI Minatec et Universite de Versailles 5 Juin 2009
2 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms 4 ECDLP-based algorithms 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 2
3 Asymmetric cryptography Signature Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 3
4 Asymmetric cryptography Signature hash message m Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 3
5 Asymmetric cryptography Signature hash message m computation Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 3
6 Asymmetric cryptography Signature hash message m signature S Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 3
7 Fault Attacks on Asymmetric cryptography Differential Fault Analysis (DFA) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 4
8 Fault Attacks on Asymmetric cryptography Differential Fault Analysis (DFA) hash message m computation Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 4
9 Fault Attacks on Asymmetric cryptography Differential Fault Analysis (DFA) hash message m computation Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 4
10 Fault Attacks on Asymmetric cryptography Differential Fault Analysis (DFA) hash message m signature Ŝ Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 4
11 Fault Attacks on Asymmetric cryptography Differential Fault Analysis (DFA) hash message m signature Ŝ The key is recovered from the difference between S and Ŝ Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 4
12 Fault Attacks on Asymmetric cryptography Structure Fault Attacks Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 5
13 Fault Attacks on Asymmetric cryptography Structure Fault Attacks hash message m computation Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 5
14 Fault Attacks on Asymmetric cryptography Structure Fault Attacks hash message m computation Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 5
15 Fault Attacks on Asymmetric cryptography Structure Fault Attacks hash message m signature Ŝ Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 5
16 Fault Attacks on Asymmetric cryptography Structure Fault Attacks hash message m signature Ŝ The key is recovered from Ŝ because of the weak algebraic structure Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 5
17 Outline 1 Introduction 2 IFP-based algorithms RSA Signature Scheme Fault Attacks 3 DLP-based algorithms 4 ECDLP-based algorithms 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 6
18 RSA Signature Scheme Key generation Pick large primes p and q and compute N = p q Pick a random e such that gcd(e, ϕ(n)) = 1 Compute d e 1 mod N The public key is (e, N) The private key is d Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 7
19 RSA Signature Scheme Key generation Pick large primes p and q and compute N = p q Pick a random e such that gcd(e, ϕ(n)) = 1 Compute d e 1 mod N The public key is (e, N) The private key is d Signature Return S h(m) d mod N Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 7
20 RSA Signature Scheme Key generation Pick large primes p and q and compute N = p q Pick a random e such that gcd(e, ϕ(n)) = 1 Compute d e 1 mod N The public key is (e, N) The private key is d Signature Return S h(m) d mod N Signature verification Check that S e h(m) mod N Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 7
21 Outline 1 Introduction 2 IFP-based algorithms RSA Signature Scheme Fault Attacks 3 DLP-based algorithms 4 ECDLP-based algorithms 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 8
22 Why One Should Also Secure RSA Public Key Elements [BCMCC06] Fault Model The attacker performs a perturbation compaign by collecting faulty signatures computed under unknown faulty moduli Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 9
23 Why One Should Also Secure RSA Public Key Elements [BCMCC06] Fault Model The attacker performs a perturbation compaign by collecting faulty signatures computed under unknown faulty moduli Fault Analysis From some faulty signatures, the attacker recovers small residues of d by solving small D.L. The whole d is recovered with the Chinese Remainder Theorem Variant Use of a constrained fault model and moduli dictionary Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 9
24 Fault Attacks on RSA Public Keys [BCDG09] Fault Model A byte of the modulus is corrupted during the exponentiation The faulty modulus has to be prime or smooth A dictionnary of prime faulty moduli has to be computed Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 10
25 Fault Attacks on RSA Public Keys [BCDG09] Fault Model A byte of the modulus is corrupted during the exponentiation The faulty modulus has to be prime or smooth A dictionnary of prime faulty moduli has to be computed Fault Analysis The faulty signature is: Ŝ = A 2w h(m) dw mod ˆN (1) where A denotes an intermediate value before the perturbation and d w a partial value of d The values (d w, ˆN) are guessed and determined Computation of square roots The whole d is gradually recovered Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 10
26 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms ElGamal Signature Scheme DSA Signature Scheme 4 ECDLP-based algorithms 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 11
27 ElGamal Signature Scheme Key generation Pick a random prime p, g a generator of Z/pZ and a random x s.t. The public key is (y, g, p) The private key is x y = g x mod p (2) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 12
28 ElGamal Signature Scheme Key generation Pick a random prime p, g a generator of Z/pZ and a random x s.t. The public key is (y, g, p) The private key is x y = g x mod p (2) Signature Pick a random k s.t. gcd (k, p 1) = 1 Compute u g k mod p and v h(m) xu k mod (p 1) Return the couple (u, v) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 12
29 ElGamal Signature Scheme Key generation Pick a random prime p, g a generator of Z/pZ and a random x s.t. The public key is (y, g, p) The private key is x y = g x mod p (2) Signature Pick a random k s.t. gcd (k, p 1) = 1 Compute u g k mod p and v h(m) xu k mod (p 1) Return the couple (u, v) Signature verification Check that y u u v g h(m) mod p Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 12
30 Fault Attack (Reference [KBPJJ08]) Fault Model The attacker can generate random faults on p He knows (or can guess) the resulting faulty modulus ˆp If gcd `k, ˆp 1 = 1, we have: û g k mod ˆp and ˆv h(m) xû k mod `ˆp 1 (3) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 13
31 Fault Attack (Reference [KBPJJ08]) Fault Model The attacker can generate random faults on p He knows (or can guess) the resulting faulty modulus ˆp If gcd `k, ˆp 1 = 1, we have: û g k mod ˆp and ˆv h(m) xû k mod `ˆp 1 (3) Fault Analysis Let t s.t. t ˆp and ϕ (t) `ˆp 1 ûˆv g k h(m) xû k g h(m) xû mod t ûˆv g h(m) g û x mod t So, each fault analysis makes the attacker recover x mod r, where r denotes the order of g û modulo t Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 13
32 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms ElGamal Signature Scheme DSA Signature Scheme 4 ECDLP-based algorithms 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 14
33 DSA Signature Scheme Key generation Pick a random prime p, q s.t. q (p 1), g Z/pZ s.t. ord (g) = q Then, pick a random x s.t. 0 < x < q and compute: The public key is (y, g, p, q) The private key is x y = g x mod p (4) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 15
34 DSA Signature Scheme Key generation Pick a random prime p, q s.t. q (p 1), g Z/pZ s.t. ord (g) = q Then, pick a random x s.t. 0 < x < q and compute: The public key is (y, g, p, q) The private key is x y = g x mod p (4) Signature Pick a random k s.t. gcd (k, p 1) = 1 Compute u `g k mod p mod q and v h(m)+xu mod q k Return the couple (u, v) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 15
35 DSA Signature Scheme Key generation Pick a random prime p, q s.t. q (p 1), g Z/pZ s.t. ord (g) = q Then, pick a random x s.t. 0 < x < q and compute: The public key is (y, g, p, q) The private key is x y = g x mod p (4) Signature Pick a random k s.t. gcd (k, p 1) = 1 Compute u `g k mod p mod q and v h(m)+xu mod q k Return the couple (u, v) Signature verification Compute w = v 1 mod q Check that `g wh(m) y wu mod q = u Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 15
36 Fault Attack (Reference [KBPJJ08]) Fault Model The attacker can generate random faults on p and q He knows (or can guess) resulting faulty moduli ˆp and ˆq If gcd `k, ˆq = 1, we have: û g k h(m) + xû mod ˆp mod ˆq and ˆv mod ˆq (5) k Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 16
37 Fault Attack (Reference [KBPJJ08]) Fault Model The attacker can generate random faults on p and q He knows (or can guess) resulting faulty moduli ˆp and ˆq If gcd `k, ˆq = 1, we have: û g k h(m) + xû mod ˆp mod ˆq and ˆv mod ˆq (5) k Fault Analysis Let t s.t. t ˆp, t ˆq and ϕ (t) `ˆp 1 ûˆv g h(m) ûˆv g k h(m)+xû k gû x mod t g h(m)+xû mod t So, each fault analysis makes the attacker recover x mod r, where r denotes the order of gû modulo t Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 16
38 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms 4 ECDLP-based algorithms Introduction Fault Attacks 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 17
39 Elliptic Curves Definition An elliptic curve E (a, b) defined over a finite field F p, where p > 3 can be given as: E (F p) : y 2 = x 3 + ax + b a, b F p (6) where the associated discriminant = 16 4a b 2 0 Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 18
40 Elliptic Curves Definition An elliptic curve E (a, b) defined over a finite field F p, where p > 3 can be given as: E (F p) : y 2 = x 3 + ax + b a, b F p (6) where the associated discriminant = 16 4a b 2 0 Algebraic Structure We can define a law + over the elliptic curve field that performs a point addition An elliptic curve E (F p) with this law + forms an abelian group Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 18
41 Elliptic Curves Definition An elliptic curve E (a, b) defined over a finite field F p, where p > 3 can be given as: E (F p) : y 2 = x 3 + ax + b a, b F p (6) where the associated discriminant = 16 4a b 2 0 Algebraic Structure We can define a law + over the elliptic curve field that performs a point addition An elliptic curve E (F p) with this law + forms an abelian group Scalar Multiplication Let P E (F p) and d F p be a random value: Q = d P = P + P... + P d times (7) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 18
42 Outline 1 Introduction 2 IFP-based algorithms 3 DLP-based algorithms 4 ECDLP-based algorithms Introduction Fault Attacks 5 Conclusion Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 19
43 Biehl-Meyer-Müller Attack [BMM00] Fault model Faults on the Input Point P (ˆP known) P is changed s.t ˆP E (a, ˆb) whose order has a small divisor r ˆb may not be use to perform the point addition (ANSI X9.63 and IEEE 1363) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 20
44 Biehl-Meyer-Müller Attack [BMM00] Fault model Faults on the Input Point P (ˆP known) P is changed s.t ˆP E (a, ˆb) whose order has a small divisor r ˆb may not be use to perform the point addition (ANSI X9.63 and IEEE 1363) Fault Analysis ord ˆP = r and ˆQ = d ˆP is computed over E (a, ˆb) Since r is small, compute the D.L. in < ˆP > and so find d mod r Repeat the process and get d by the Chinese Remainder Theorem Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 20
45 Biehl-Meyer-Müller Attack [BMM00] Fault model Faults on the Input Point P (ˆP known) P is changed s.t ˆP E (a, ˆb) whose order has a small divisor r ˆb may not be use to perform the point addition (ANSI X9.63 and IEEE 1363) Fault Analysis ord ˆP = r and ˆQ = d ˆP is computed over E (a, ˆb) Since r is small, compute the D.L. in < ˆP > and so find d mod r Repeat the process and get d by the Chinese Remainder Theorem Additional Fault Model Placing Register Faults Random bit fault on P Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 20
46 Ciet-Joye Attack [CJ05] Fault Model An unknown bit of the x-coordinate of P is permanently corrupted ˆP(ˆx, y) E (a, ˆb) whose order has a small divisor r, and ˆQ = d ˆP = ( ˆ x Q, ˆ y Q ) (8) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 21
47 Ciet-Joye Attack [CJ05] Fault Model An unknown bit of the x-coordinate of P is permanently corrupted ˆP(ˆx, y) E (a, ˆb) whose order has a small divisor r, and ˆQ = d ˆP = ( ˆ x Q, ˆ y Q ) (8) Fault Analysis First, recover ˆb by noticing that ˆQ E (a, ˆb): ˆb = y 2 xˆ 3 Q axˆ Q Then, since ˆP(ˆx, y) E (a, ˆb), ˆx is a root of X 3 + ax + ˆb y 2 The root that has most matching bits with x is taken as ˆx If ord ˆP = r is small, compute the D.L. in < ˆP > and find d mod r Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 21
48 Ciet-Joye Attack [CJ05] Fault Model An unknown bit of the x-coordinate of P is permanently corrupted ˆP(ˆx, y) E (a, ˆb) whose order has a small divisor r, and ˆQ = d ˆP = ( ˆ x Q, ˆ y Q ) (8) Fault Analysis First, recover ˆb by noticing that ˆQ E (a, ˆb): ˆb = y 2 xˆ 3 Q axˆ Q Then, since ˆP(ˆx, y) E (a, ˆb), ˆx is a root of X 3 + ax + ˆb y 2 The root that has most matching bits with x is taken as ˆx If ord ˆP = r is small, compute the D.L. in < ˆP > and find d mod r Additional Fault Model Permanent faults on y-coordinates Bit-error on the field parameter q Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 21
49 Twist Attack [FLRV08] Definition The twist of E by c defined over F p where p > 3 can be given as: E c (F p) : y 2 = x 3 + ac 2 x + bc 3 a, b, c F p (9) The number of points on the twist is smooth Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 22
50 Twist Attack [FLRV08] Definition The twist of E by c defined over F p where p > 3 can be given as: E c (F p) : y 2 = x 3 + ac 2 x + bc 3 a, b, c F p (9) The number of points on the twist is smooth Fault Model The attackers modifies the x-coordinate of P s.t. ˆP E c The fault is induced s.t. ˆQ = d ˆP E c The attack targets the Montgomery Ladder implementation of the scalar multiplication (y-coordinates not used) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 22
51 Twist Attack [FLRV08] Definition The twist of E by c defined over F p where p > 3 can be given as: E c (F p) : y 2 = x 3 + ac 2 x + bc 3 a, b, c F p (9) The number of points on the twist is smooth Fault Model The attackers modifies the x-coordinate of P s.t. ˆP E c The fault is induced s.t. ˆQ = d ˆP E c The attack targets the Montgomery Ladder implementation of the scalar multiplication (y-coordinates not used) Fault Analysis From ˆQ, the attacker recovers the parameter of the twist c The attackers solve D.L. and recover d mod ord(ˆp) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 22
52 Conclusion Structure Fault Attack Use fault to compute cryptographic functions in weaker finite fields Perturbation of public elements Different algebraic structure targeted Consequence Protection of public key elements and also the algebraic structure Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 23
53 Thank you! Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 24
54 References I A. Berzati, C. Canovas, J-G. Dumas, and L. Goubin. Fault Attacks on RSA Public Keys: Left-To-Right Implementations are also Vulnerable. In M. Fischlin, editor, RSA Cryptographer s Track (CT-RSA 2009), volume 5473 of Lecture Notes in Computer Science, pages Springer, E. Brier, B. Chevallier-Mames, M. Ciet, and C. Clavier. Why One Should Also Secure RSA Public Key Elements. In L. Goubin and M. Matsui, editors, Cryptographic Hardware and Embedded Systems (CHES 2006), volume 4249 of Lecture Notes in Computer Science, pages Springer-Verlag, I. Biehl, B. Meyer, and V. Müller. Differential Fault Attacks on Ellitic Curve Cryptosystems. In M. Bellare, editor, Advances in Cryptology (CRYPTO 2000), volume 1880 of Lecture Notes in Computer Science, pages Springer-Verlag, J. Blömer, M. Otto, and J-P. Seifert. Sign Change Fault Attacks on Elliptic Curve Cryptosystems. In L. Breveglieri, I. Koren, D. Naccache, and J-P. Seifert, editors, Fault Diagnosis and Tolerance in Cryptography, volume 4236 of Lecture Notes in Computer Science, pages Springer-Verlag, M. Ciet and M. Joye. Elliptic Curve Cryptosystems in the presence of permanent and transient faults. Designs, Codes and Cryptography, (36(1)):33 43, Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 25
55 References II P-A. Fouque, R. Lercier, D. Réal, and F. Valette. Fault attack on elliptic curve montgomery ladder implementation. In L. Breveglieri, S. Gueron, I. Koren, D. Naccache, and J-P. Seifert, editors, Fault Diagnosis and Tolerance in Cryptography (FDTC 2008), pages IEEE Computer Society, C.H. Kim, P. Bullens, C. Petit, and J-J.Quisquater. Fault Attaks on Public Key Elements: Application to DLP-Based Schemes. In S.F. Mjølsnes, S. Mauw, and S.K. Katsikas, editors, European PKI workshop Public Key Infrastructure (EuroPKI 2008), volume 5057 of Lecture Notes In Computer Science, pages Springer, Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 26
56 Biehl-Meyer-Müller Attack [BMM00] (1/2) Fault Attacks against ECDLP Placing Register Faults Random bit fault on P The fault is injected after checking that P is on the curve E(a, b) ˆP E (a, ˆb) differs from P in one bit at an unknown position If E (a, ˆb) is weak, find ˆb from ˆQ Check for all possible ˆP candidates and try to compute the D.L. to find a residue of d Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 27
57 Biehl-Meyer-Müller Attack [BMM00] (2/2) Fault Attacks against ECDLP Faults at Random moments of the Multiplication A bit-flip is induced on an internal register during the multiplication If the Right-to-Left binary method is used: ˆQ = ˆQ j + d [j..(n 1)] P (10) where Q j denotes the internal register value at the j-th step and d [j..(n 1)] the j most significant bits of d For all candidate values d [j..(n 1)], compute Q j = Q d [j..(n 1)] P (11) Then, from Q j, generate all possible faulty values Q j and test if the following equation is satisfied: In case of success a part of d is recovered Additional Fault Model Sign Change Fault Attacks [BOS06] Q j + d [j..(n 1)] P = ˆQ (12) Fault Attacks on Public Keys - Cécile Canovas and Alexandre Berzati 28
Public Key Perturbation of Randomized RSA Implementations
Public Key Perturbation of Randomized RSA Implementations Alexandre Berzati 1,2, Cécile Canovas-Dumas 1, Louis Goubin 2 1 CEA-LETI/MINATEC, 17 rue des Martyrs, 38054 Grenoble Cedex 9, France, {alexandre.berzati,cecile.canovas}@cea.fr
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationSoftware Engineering Aspects of Elliptic Curve Cryptography. Joppe W. Bos Real World Crypto 2017
Software Engineering Aspects of Elliptic Curve Cryptography Joppe W. Bos Real World Crypto 2017 1. NXP Semiconductors Operations in > 35 countries, more than 130 facilities 45,000 employees Research &
More informationProtecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis Sk Subidh Ali and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur,
More informationWagner s Attack on a Secure CRT-RSA Algorithm Reconsidered
Wagner s Attack on a Secure CRT-RSA Algorithm Reconsidered Johannes Blömer 1, and Martin Otto 2, 1 Paderborn University, Institute for Computer Science, 33095 Paderborn, Germany, bloemer@uni-paderborn.de
More informationDFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.
DFA on AES Christophe Giraud Oberthur Card Systems, 25, rue Auguste Blanche, 92800 Puteaux, France. c.giraud@oberthurcs.com Abstract. In this paper we describe two different DFA attacks on the AES. The
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationRSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.
RSA (material drawn from Avi Kak (kak@purdue.edu) Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto. protocols The RSA algorithm is based on the following property
More informationError Detection and Recovery for Transient Faults in Elliptic Curve Cryptosystems
Error Detection and Recovery for Transient Faults in Elliptic Curve Cryptosystems Abdulaziz Alkhoraidly and M. Anwar Hasan Department of Electrical and Computer Engineering University of Waterloo January
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationFINDING CRYPTOGRAPHICALLY STRONG ELLIPTIC CURVES: A TECHNICAL REPORT
FINDING CRYPTOGRAPHICALLY STRONG ELLIPTIC CURVES: A TECHNICAL REPORT HAMISH IVEY-LAW AND ROBERT ROLLAND Abstract. Elliptic curve cryptography is becoming the standard for public key cryptography. Unfortunately,
More informationLow-cost fault detection method for ECC using Montgomery Powering Ladder
Low-cost fault detection method for ECC using Montgomery Powering Ladder Duško Karaklajić, Junfeng Fan, Jörn-Marc Schmidt and Ingrid Verbauwhede Katholieke Universiteit Leuven, ESAT/SCD-COSIC and IBBT
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationFault-Based Attack of RSA Authentication
Fault-Based Attack of RSA Authentication, Valeria Bertacco and Todd Austin 1 Cryptography: Applications 2 Value of Cryptography $2.1 billions 1,300 employees $1.5 billions 4,000 employees $8.7 billions
More informationElliptic Curve Cryptosystem
UDC 681.8 Elliptic Curve Cryptosystem VNaoya Torii VKazuhiro Yokoyama (Manuscript received June 6, 2000) This paper describes elliptic curve cryptosystems (ECCs), which are expected to become the next-generation
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationPublic Key Encryption
Public Key Encryption A case study THE RSA CRYPTOSYSTEM Public 31/05/14 Key Encryption 2 Rivest Shamir Adleman (1978) Key generation 1. Generate two large, distinct primes p, q (100 200 decimal digits)
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31
ECC Elliptic Curve Cryptography Foundations of Cryptography - ECC pp. 1 / 31 Elliptic Curve an elliptic curve E is a smooth, projective, algebraic curve defined by the following equation: y 2 3 2 a xy
More informationDigital Signature. Raj Jain
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationChapter 3 Public Key Cryptography
Cryptography and Network Security Chapter 3 Public Key Cryptography Lectured by Nguyễn Đức Thái Outline Number theory overview Public key cryptography RSA algorithm 2 Prime Numbers A prime number is an
More informationChannel Coding and Cryptography Part II: Introduction to Cryptography
Channel Coding and Cryptography Part II: Introduction to Cryptography Prof. Dr.-Ing. habil. Andreas Ahrens Communications Signal Processing Group, University of Technology, Business and Design Email: andreas.ahrens@hs-wismar.de
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationPublic Key Cryptography 2. c Eli Biham - December 19, Public Key Cryptography 2
Public Key Cryptography 2 c Eli Biham - December 19, 2012 346 Public Key Cryptography 2 RSA Reference: Rivest, Shamir, Adleman, A Method for Obtaining Digital Signatures and Public Key Cryptosystems, CACM,
More information- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT
- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT With the capacity of communications channels increasing at the current
More informationDifferential Attacks on Deterministic Signatures
Published in N. P. Smart, Ed., Topics in Cryptology CT-RSA 2018, vol. 10808 of Lecture Notes in Computer Science, pp. 339 353, Springer, 2018. Differential Attacks on Deterministic Signatures Christopher
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationIMPLEMENTATION OF ELLIPTIC CURVE POINT MULTIPLICATION ALGORITHM USING DSP PROCESSOR 1Prof. Renuka H. Korti, 2Dr. Vijaya C.
ISSN 2320-9194 13 International Journal of Advance Research, IJOAR.org Volume 1, Issue 7, July 2013, Online: ISSN 2320-9194 IMPLEMENTATION OF ELLIPTIC CURVE POINT MULTIPLICATION ALGORITHM USING DSP PROCESSOR
More informationNetwork Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 4 Public Key Cryptography However,
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 9 Elliptic Curve Cryptography ver. February 2nd, 2015 These slides were prepared by Tim Güneysu, Christof Paar
More informationA Fault Attack Against the FOX Cipher Family
A Fault Attack Against the FOX Cipher Family L. Breveglieri 1,I.Koren 2,andP.Maistri 1 1 Department of Electronics and Information Technology, Politecnico di Milano, Milano, Italy {brevegli, maistri}@elet.polimi.it
More informationDifferential Fault Analysis on the AES Key Schedule
ifferential Fault Analysis on the AES Key Schedule Junko TAKAHASHI and Toshinori FUKUNAGA NTT Information Sharing Platform Laboratories, Nippon Telegraph and Telephone Corporation, {takahashi.junko, fukunaga.toshinori}@lab.ntt.co.jp
More informationAn improved proxy blind signature scheme based on ECDLP
Malaya J. Mat. 2(3)(2014) 228 235 An improved proxy blind signature scheme based on ECDLP Manoj Kumar Chande Shri Shankaracharya Institute Of Professional Management & Technology, Raipur, 492015, Chhattisgarh,
More informationThe Beta Cryptosystem
Bulletin of Electrical Engineering and Informatics Vol. 4, No. 2, June 2015, pp. 155~159 ISSN: 2089-3191 155 The Beta Cryptosystem Chandrashekhar Meshram Department of Mathematics, RTM Nagpur University,
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 2 Basics 2.2 Public Key Cryptography Encryption/Decryption using Public Key Cryptography
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationThe Application of Elliptic Curves Cryptography in Embedded Systems
The Application of Elliptic Curves Cryptography in Embedded Systems Wang Qingxian School of Computer Science and Engineering University of Electronic Science and Technology China Introduction to Cryptography
More informationINTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 ISSN 0976 6464(Print)
More informationApplications of The Montgomery Exponent
Applications of The Montgomery Exponent Shay Gueron 1,3 1 Dept. of Mathematics, University of Haifa, Israel (shay@math.haifa.ac.il) Or Zuk 2,3 2 Dept. of Physics of Complex Systems, Weizmann Institute
More informationElliptic Curve Cryptography (ECC) Elliptic Curve Cryptography. Elliptic Curves. Elliptic Curve Cryptography (ECC) Elliptic curve
Elliptic Curve Cryptography Gerardo Pelosi Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB) Politecnico di Milano gerardo.pelosi - at - polimi.it ECC was introduced by Victor Miller and
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationSide-Channel Attack against RSA Key Generation Algorithms
Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information
More informationThe most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who
1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does
More informationAbhijith Chandrashekar and Dushyant Maheshwary
By Abhijith Chandrashekar and Dushyant Maheshwary Introduction What are Elliptic Curves? Curve with standard form y 2 = x 3 + ax + b a, b ϵ R Characteristics of Elliptic Curve Forms an abelian group Symmetric
More informationc 2006 by CRC Press, LLC.
This is the of the Handbook of Elliptic and Hyperelliptic Curve Cryptography, Henri Cohen, Christophe Doche, and Gerhard Frey, Editors, CRC Press 2006. CRC Press has granted the following specific permissions
More informationInnovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc
Innovation and Cryptoventures Digital Signatures Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Definition Cryptography is the science of communication
More informationInnovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc
Innovation and Cryptoventures Digital Signatures Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Definition Cryptography is the science of communication
More informationSide-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck
Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck What is RSA? As we all know, RSA (Rivest Shamir Adleman) is a really secure algorithm for public-key cryptography.
More informationElliptic Curve Public Key Cryptography
Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationStudy Guide to Mideterm Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #7 Professor M. J. Fischer February 20, 2012 Study Guide to Mideterm Exam For the exam, you are responsible
More informationCS669 Network Security
UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness
More informationLecture 6: Overview of Public-Key Cryptography and RSA
1 Lecture 6: Overview of Public-Key Cryptography and RSA Yuan Xue In this lecture, we give an overview to the public-key cryptography, which is also referred to as asymmetric cryptography. We will first
More informationScalar Blinding on Elliptic Curves with Special Structure
Scalar Blinding on Elliptic Curves with Special Structure Scott Fluhrer Cisco Systems August 11, 2015 1 Abstract This paper shows how scalar blinding can provide protection against side channel attacks
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationPublic-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
More informationPractical Threshold Signatures with Linear Secret Sharing Schemes
Practical Threshold Signatures with Linear Secret Sharing Schemes İlker Nadi Bozkurt, Kamer Kaya, Ali Aydın Selçuk Department of Computer Engineering Bilkent University Ankara, 06800, Turkey {bozkurti,kamer,selcuk}@cs.bilkent.edu.tr
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationElliptic Curve Cryptography (ECC) Elliptic Curve Cryptography. Elliptic Curves. Elliptic Curve Cryptography (ECC) Elliptic curve
Elliptic Curve Cryptography Gerardo Pelosi Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB) Politecnico di Milano gerardo.pelosi - at - polimi.it ECC was introduced by Victor Miller and
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 10 Digital Signatures Israel Koren ECE597/697 Koren Part.10.1 Content of this part
More information(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography
Code No: RR410504 Set No. 1 1. Write short notes on (a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography 3. (a) Illustrate Diffie-hellman Key Exchange scheme for GF(P) [6M] (b) Consider
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationAn Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost
An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost Junfeng Fan and Ingrid Verbauwhede Katholieke Universiteit Leuven, ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001
More informationDigital Signatures 1
Digital Signatures 1 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants of the ElGamal Signature Scheme The Digital Signature Algorithm
More informationEfficient identity-based GQ multisignatures
Int. J. Inf. Secur. DOI 10.1007/s10207-008-0072-z REGULAR CONTRIBUTION Efficient identity-based GQ multisignatures Lein Harn Jian Ren Changlu Lin Springer-Verlag 2008 Abstract ISO/IEC 14888 specifies a
More informationSPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation Roman Novak Jozef Stefan Institute, Jamova 39, 00 Ljubljana, Slovenia, Roman.Novak@ijs.si Abstract. 1 We describe an adaptive chosen-ciphertext
More informationWorkshop Challenges Startup code in PyCharm Projects
INTRODUCTION TO CRYPTOGRAPHIC ATTACKS EXERCISE LOGISTICS Workshop Challenges Startup code in PyCharm Projects BLOCK CIPHERS Fixed sized input Random looking output for each message and key Block Cipher
More informationFault Attacks on AES with Faulty Ciphertexts Only
Fault Attacks on AES with Faulty Ciphertexts Only Thomas Fuhr, Eliane Jaulmes, Victor Lomné and Adrian Thillard ANSSI 51, Bd de la Tour-Maubourg, 75700 Paris 07 SP, France firstname.lastname@ssi.gouv.fr
More information1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)
Digital Signature Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 13-1 1. Digital Signatures 2.
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationHigh-Performance Modular Multiplication on the Cell Broadband Engine
High-Performance Modular Multiplication on the Cell Broadband Engine Joppe W. Bos Laboratory for Cryptologic Algorithms EPFL, Lausanne, Switzerland joppe.bos@epfl.ch 1 / 21 Outline Motivation and previous
More informationState-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures
State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures Junfeng Fan,XuGuo, Elke De Mulder, Patrick Schaumont, Bart Preneel and Ingrid Verbauwhede Katholieke
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2,andKazuoOhta 1 1 Department of Informatics, The University of Electro-Communications
More informationALIKE: Authenticated Lightweight Key Exchange. Sandrine Agagliate, GEMALTO Security Labs
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability
More informationNEW MODIFIED LEFT-TO-RIGHT RADIX-R REPRESENTATION FOR INTEGERS. Arash Eghdamian 1*, Azman Samsudin 1
International Journal of Technology (2017) 3: 519-527 ISSN 2086-9614 IJTech 2017 NEW MODIFIED LEFT-TO-RIGHT RADIX-R REPRESENTATION FOR INTEGERS Arash Eghdamian 1*, Azman Samsudin 1 1 School of Computer
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Name : TU/e student number : Exercise 1 2 3 4 5 6 total points Notes: Please hand in this sheet at the end of the exam.
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationPublic-key encipherment concept
Date: onday, October 21, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on Public Key Cryptography Public-key encipherment concept Each user in a secure communication
More informationON REUSING EPHEMERAL KEYS IN DIFFIE-HELLMAN KEY AGREEMENT PROTOCOLS
ON REUSING EPHEMERAL KEYS IN DIFFIE-HELLMAN KEY AGREEMENT PROTOCOLS ALFRED MENEZES AND BERKANT USTAOGLU Abstract. A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol
More informationAn IBE Scheme to Exchange Authenticated Secret Keys
An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária
More informationAsymmetric Primitives. (public key encryptions and digital signatures)
Asymmetric Primitives (public key encryptions and digital signatures) An informal, yet instructive account of asymmetric primitives Timeline of the invention of public-key cryptography 1970-1974 British
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationCOUNTING THE POINTS OF AN ELLIPTIC CURVE ON A LOW-MEMORY DEVICE
COUNTING THE POINTS OF AN ELLIPTIC CURVE ON A LOW-MEMORY DEVICE Abstract. An important but very memory consuming step in elliptic curve cryptography is that of coming up with an elliptic curve where the
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationFast Multiplication on Elliptic Curves over GF (2 m ) without Precomputation
Fast Multiplication on Elliptic Curves over GF (2 m ) without Precomputation Julio López 1 and Ricardo Dahab 2 1 Department of Combinatorics & Optimization University of Waterloo, Waterloo, Ontario N2L
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationEfficient Countermeasures against RP SPA. Author(s)Mamiya, Hideyo; Miyaji, Atsuko; Mori. Lecture Notes in Computer Science,
JAIST Reposi https://dspace.j Title Efficient Countermeasures against RP SPA Author(s)Mamiya, Hideyo; Miyaji, Atsuko; Mori Citation Lecture Notes in Computer Science, 3 343-356 Issue Date 2004 Type Journal
More informationBlind Signatures and Their Applications
Department of Computer Science, National Chiao Tung University 1 / 15 Cryptanalysis Lab Outline 1 Digital Signature 2 Blind signature 3 Partially blind signature 2 / 15 Cryptanalysis Lab Digital Signature
More information