Parallelizing Cryptography. Gordon Werner Samantha Kenyon

Transcription

1 Parallelizing Cryptography Gordon Werner Samantha Kenyon

2 Outline Security requirements Cryptographic Primitives Block Cipher Parallelization of current Standards AES RSA Elliptic Curve Cryptographic Attacks Deep Crack COPACOBANA Single Block Attack Meet in the Middle Enhancing Strength Analysis Statistical Analysis of Hash Functions Summary Questions

3 What Determines Security Size of secret data Longer key gives higher security Ideal system has no solution Brute force is most efficient way to solve system Solve time must be inconceivable Takes into account future advances as well

4 Primitives All cryptographic standards built upon primitives Primitives themselves are insecure Block Cipher

5 Block Cipher Takes in a block of data Fixed bit length Produces output of same length Operates over data for a number of rounds Used in AES and Skein among others

6 Parallelization of Current Standards AES RSA Elliptic Curve

7 Parallelization of AES Original AES GPU Implementation Results

8 AES Block cipher Non linear thanks to S-Box Encrypts using multiple rounds

9 GPU Implementation Assigned each block of plaintext to 16 threads One thread per byte Round information generated on CPU Stored into GPU in shared memory Each byte in each block executed in parallel Combine Substitution and mixing into one block Stored in lookup table

10 Results Showed performance increase in larger inputs CUDA has high overhead for kernel startup

11 RSA C = pkey mod D C Requires multiplication and modulo reduction

12 RSA TRSA Binary Tree Architecture Each element fed into tree from leaves Results processed at the root Time Complexity : * each processor element operation Tradeoff between # of processor elements and key length

13 TRSA Results

14 Elliptic Curve Alternative to RSA Key Size: b Compared to 1-2kb for RSA Same level of security

15 Elliptic Curve E = y^2 + xy = x^3 + ax^2 + b Scalar multiplication Point addition Point doubling

16 Elliptic Curve Parallelism in field multipliers Digit-serial Massey-Omura multiplier Increase number of function blocks

17 Elliptic Curve Parallelism in FAP Control number of multipliers Ideal: 1 multiplier, 11 functional blocks

18 Elliptic Curve Parallel FAPs Reduce Latency Splitting Algorithms Divide computational load Fixed Width Cyclic Parallel FAPs versus 1 FAP with multiple multipliers Parallel performs better in speedup per area

19 Parallelization of Attacks Most attacks are brute force Hardware Deep Crack COPACOBANA Software Meet in the Middle Attack Single Block Attack on Cube Hash

20 Deep Crack Built to brute force DES Contained 1856 ASIC chips Cost under $250,000 Caused a re-working of DES algorithm Rework gave birth to meet in the middle attack

21 COPACOBANA Cost Optimized Parallel Code Breaker Cluster of 120 FPGAs Focused on DES cracking Cannot crack more recent standards Can still be used to gather data about attacks on them

22 Meet in the Middle Attack DES strengthened by double encryption Encrypt text once using key 1 Encrypt that encryption again using key 2 To attack encrypt and decrypt to find single encryption text

23 Single Block Attack on Cube Hash SHA-3 entrant Advanced to pre-final round Block cipher Generates a h bit hash from any size input < 128 bits

24 Attack Reconstructing the initial state given a hash Trying to regenerate the last 128-b bits of initial state Second pre-image attack

25 Enhancing Strength Analysis Use parallel computation to our advantage Gather data on function properties Helps determine strength Statistical analysis of hash function

26 Statistical Analysis of Hash function Led by Dr. Kaminsky Used parallel processing to run huge numbers of hash functions Analyzed output hash bits for uniformity

27 Test Procedure For 2000 initial x values, run L tests, using x to x+l as inputs Gather output bit data

28 Test bits and pairs of bits

29 Uniformity Test gathered P values for uniformity Take those results and again test for total uniformity Produces single output value Ensures algorithm produces truly random output

30 Summary Parallelization is double edged sword Encryption benefits in certain areas Attacks benefit much more Allows for more understanding of security More exhaustive tests can be run in less time

31 Questions?