efficient implementations of mqpks
play

Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico - PowerPoint PPT Presentation

Oct 22, 2023 •542 likes •958 views

Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum |

  1. Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum | Embedded Security 1

  2. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Motivation  Quantum computers can solve Discrete Logarithm problem and Factorization problem  Alternatives must be found  MQ based cryptography is one solution  Many MQ schemes were partially or fully broken in the past  Few implementations exist of the remaining schemes  Fair comparison of schemes was only possible theoretically Ruhr-University Bochum | Embedded Security 2

  3. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Goals  Implement • all currently secure schemes • with the same security level • configurable code • including all currently known optimizations  Show that MQ schemes are a good alternative to current schemes? Ruhr-University Bochum | Embedded Security 3

  4. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Signature Schemes - Basics  sign() maps the message to signature with the secret key  verify() maps the signature to message with the public key  If the verification result is not the original message, the signature is invalid  sign and verify are inverses of each other  verify(sign(message)) = message Ruhr-University Bochum | Embedded Security 4

  5. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Signature Schemes - Basics  Four maps exist in a general MQ scheme: P , S , F , and T  P is the composition of S , F , and T and is the public key, P = T ○ F ○ S  S , F , and T are the secret key Inversion ¡of ¡ P ¡is ¡hard ¡because ¡ P ¡is ¡a ¡large ¡MQ ¡system ¡ verify sign Ruhr-University Bochum | Embedded Security 5

  6. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 6

  7. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Linear Maps  Maps or transformations can also be seen as functions  There exist two types of maps in MQ schemes: linear and MQ maps  Linear maps mix variables and therefore “hide” existing structure Ruhr-University Bochum | Embedded Security 7

  8. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Linear Maps  S and T can be inverted by matrix inversion  Matrix inversion can be done by Gaussian elimination algorithm for each column of identity matrix  Inversion of a linear map is matrix vector multiplication with the inverse T -1 Ruhr-University Bochum | Embedded Security 8

  9. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 9

  10. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Maps  F and P are MQ maps  P has no special structure and is large, therefore hard to invert 3 x 1 x 1 + 8 x 1 x 2 + 5x 1 x 3 + 8 x 2 x 2 + 6x 2 x 3 + 2x 3 x 3 = m 1 1 x 1 x 1 + 7 x 1 x 2 + 9x 1 x 3 + 3 x 2 x 2 + 7x 2 x 3 + 2x 3 x 3 = m 2  A special structure in F is necessary to allow easy inversion  This special structure is hidden by S and T Ruhr-University Bochum | Embedded Security 10

  11. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - UOV  Two variable groups: Oil & Vinegar  Fix vinegar variables to make system linear  A quadratic linear equation system remains after fixing  Apply Gaussian elimination to get a solution for the oil variables Ruhr-University Bochum | Embedded Security 11

  12. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 12

  13. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - Rainbow  Two or more layers (like a Rainbow)  Solve first layer as normal UOV instance  In next layer fix vinegar variables not randomly but with solution from previous layer  Solve layer again with Gaussian elimination Rainbow(3,2,4) : x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 Ruhr-University Bochum | Embedded Security 13

  14. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 14

  15. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS Ruhr-University Bochum | Embedded Security 15

  16. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps – enTTS Ruhr-University Bochum | Embedded Security 16

  17. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 1: • Fix x 1 to x 7 randomly • Multiply with coefficients to get a LES • Solve with Gaussian elimination enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 17

  18. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 2: • Can be solved directly enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 18

  19. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 3: • Fix x 0 randomly • Multiply already known values with coefficients to get a LES • Solve LES enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 19

  20. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 20

  21. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - Reduced Polynomials  Leaving out linear and constant terms in polynomials saves time and space  Can be applied to UOV and Rainbow  In the linear transformations the constant parts are also left out Ruhr-University Bochum | Embedded Security 21

  22. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - Self Invertible Linear Maps  In case of UOV and Rainbow S can be chosen of the form:  S is self invertible S -1 = S ,so no inversion is necessary.  Multiplications in UOV signature generation are reduced from n·n to o·v  Private key is smaller Ruhr-University Bochum | Embedded Security 22

  23. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - 0/1 UOV  0/1 UOV is an optimization for UOV  Petzold, Thomae, Wolf et. al showed that large parts of the public key can be chosen randomly fixed  This part can be treated as a system parameter and is not part of the public key anymore  Faster verification is possible because the arithmetic in GF(2) is easier: 1= copy or 0 = not • An additional check is necessary if an element is from GF(2) or GF(2 8 )  Key generation: First choose P and then calculate F Ruhr-University Bochum | Embedded Security 23

  24. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Implementation - Central Map Memory Mapping  Keys are saved without zeros  Serial read out using pointer++ Ruhr-University Bochum | Embedded Security 24

  25. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Implementation – Exponential Representation  GF(2 8 ) arithmetic with table look up  Multiplication is addition in exponent mod (2 m -1) mul(a,b) = exp(log(a)+log(b) mod (2 m -1)) 3 pgm_read()  Saving memory access by keeping temporary results in exponential representation when next operation is a multiplication mul( mul(a,b) , c ) = exp( log[ exp(log(a)+log(b) mod (2 m -1)) ]+log[c] mod (2 m -1)) 6 pgm_read() mul( mul(a,b) , c ) = exp( (log(a)+log(b) mod (2 m -1)) +log[c] mod (2 m -1)) 4 pgm_read()  Keys are saved in exponential representation, too. Ruhr-University Bochum | Embedded Security 25

Recommend

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of Ensemble Based Methods In Sequential Data Assimilation: Accounting for Localization Elias D. Ni no-Ruiz Applied Math and Computer Science Laboratory

642 views • 50 slides
Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Technische Universitt Mnchen Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop, Chicago, May 27, 2016 Josef Weidendorfer, Jens Breitbart Chair for Computer Architecture Department of

258 views • 8 slides
Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center

Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center

SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian

499 views • 26 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

1 / 20 Conclusion FSE 2014 LS-Designs G. Leurent (UCL,Inria) Motivation LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security Analysis LS-Designs . . . . . . . . . . . . . . . . . . Vincent

638 views • 27 slides
Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Introduction Multiple Sequence Alignment Distributed Memory Shared Memory Computational Results Conclusions and Future Work Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F. A. Vasconcellos,

459 views • 21 slides
Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou and Arnaud Tisserand CNRS, IRISA, INRIA Centre Rennes - Bretagne Atlantique and Univ. Rennes 1 CHES 2015, Sept. 13 16 Karim Bigou and Arnaud

1.13k views • 30 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing, University of Campinas September 2017, Habana, Cuba. ASCrypto 2017 Agenda 1 Efficient Software Implementations Software Efficiency Parallel

1.68k views • 124 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array Vector Linked Chain 2 Stack ADT #ifndef STACK_H_ #define STACK_H_ template<<typename ItemType> class

1.19k views • 71 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic

461 views • 29 slides
Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Part I: How to make software secure Something with implementations 2 Timing Attacks General idea of those attacks Secret

1.47k views • 65 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by looking at ways to re-index values of n and k. Idea: Using properties of addition and multiplication we can rewrite the equation. 1

541 views • 22 slides
Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on

Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on

Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on Privacy of Advance Web APIs 12 July, 2010. London, United Kingdom. Implementations iOS 4 Firefox 3.6 Chrome 6 Opera 10.6 Critical

445 views • 20 slides
Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN

Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN

Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG Contracts vs. Implementations: Definitions In Eiffel, there are two categories of constructs: Implementations are step-by-step

246 views • 23 slides
Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth,

Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth,

Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth, Sebastian Schildt, Lars Wolf Wolf-Bastian P September 23, 2011: CHANTS Workshop, Las Vegas, NV Motivation Several Bundle Protocol (BP) implementations

874 views • 17 slides
Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband

Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband

4 Multistage Implementations 5 Some Multirate Applications Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband Coding Electrical & Computer Engineering University of Maryland, College Park

891 views • 24 slides
Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox,

Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox,

Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox, Doug Woos, Zachary Tatlock, and Karl Palmskog We should verify implementations of distributed systems... ...and we have! Framework Prover

1.41k views • 86 slides
The PKIX Standards and PKI Implementations Simos Xenitellis University of London

The PKIX Standards and PKI Implementations Simos Xenitellis University of London

The PKIX Standards and PKI implementations The PKIX Standards and PKI Implementations Simos Xenitellis University of London S.Xenitellis@rhbnc.ac.uk 1 16th May, 2000, University of London The PKIX Standards and PKI implementations Agenda

513 views • 29 slides
Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View Implementations Designing testable code High-level Model-View design T est-drivers and mock objects Unit test execution KDE ItemViews

268 views • 23 slides

More recommend