enhanced digital signature using splitted exponent digit
play

Enhanced Digital Signature using Splitted Exponent Digit - PowerPoint PPT Presentation

Oct 07, 2023 •207 likes •763 views

Enhanced Digital Signature using Splitted Exponent Digit Representation Christophe Ngre ( 1 ) , Thomas Plantard ( 2 ) , Jean-Marc Robert ( 1 , 3 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, University of Wollongong,

  1. Enhanced Digital Signature using Splitted Exponent Digit Representation Christophe Nègre ( 1 ) , Thomas Plantard ( 2 ) , Jean-Marc Robert ( 1 , 3 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, University of Wollongong, Australia 3: IMATH, Université de Toulon le 18 avril 2019 WRACH 2019, Roscoff, France C. Nègre, Th. Plantard, J.-M. Robert 1 / 26

  2. Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 2 / 26

  3. State of The Art Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 3 / 26

  4. State of The Art State of the Art for Modular Exponentiation Square-and-Multiply Left-to-Right Square-and-Multiply Modular Exponentiation Require: k = ( k t − 1 , . . . , k 0 ) , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p X ← 1 for i from t − 1 downto 0 do X ← X 2 mod p if k i = 1 then X ← X · g mod p end if end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 4 / 26

  5. State of The Art State of the Art for Modular Exponentiation Square-and-Multiply Left-to-Right Square-and-Multiply Modular Exponentiation Require: k = ( k t − 1 , . . . , k 0 ) , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p X ← 1 for i from t − 1 downto 0 do X ← X 2 mod p if k i = 1 then X ← X · g mod p end if end for return ( X ) No storage, t − 1 squarings, ≈ t 2 multiplications. ⇒ One takes no advantage of the reuse of the exponent (i.e. when one needs to compute a lot of signature with the same public key) C. Nègre, Th. Plantard, J.-M. Robert 4 / 26

  6. State of The Art State of the Art for Modular Exponentiation Radix- R Radix- R Exponentiation Method (Gordon, 1998) Require: k = ( k ℓ − 1 , . . . , k 0 ) R , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p Precomputation. Store G i , j ← g j · R i , with j ∈ [ 1 , ..., R − 1 ] and 0 ≤ i < ℓ . X ← 1 for i from ℓ − 1 downto 0 do X ← X · G i , k i mod p end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 5 / 26

  7. State of The Art State of the Art for Modular Exponentiation Radix- R Radix- R Exponentiation Method (Gordon, 1998) Require: k = ( k ℓ − 1 , . . . , k 0 ) R , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p Precomputation. Store G i , j ← g j · R i , with j ∈ [ 1 , ..., R − 1 ] and 0 ≤ i < ℓ . X ← 1 for i from ℓ − 1 downto 0 do X ← X · G i , k i mod p end for return ( X ) With w ← log 2 ( R ) → Storage of ⌈ t / w ⌉ · ( R − 1 ) values ∈ F p , no squarings, ℓ = ⌈ t / w ⌉ multiplications. C. Nègre, Th. Plantard, J.-M. Robert 5 / 26

  8. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method In this method, the exponent k is written in w rows, and the colums are processed one at a time. Thus, d = ⌈ t / w ⌉ is the column size. k = K w − 1 � . . . � K 1 � K 0 Each K j is a bit string of length d . Let K j i denote the i th bit of K j . One sets: g [ K w − 1 i ] = g K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  9. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method i ] = g K w − 1 One sets: g [ K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i Fixed-base Comb Method (Lim & Lee, Crypto ’94) Require: k = ( k t − 1 , . . . , k 1 , k 0 ) 2 , the DSA modulus p , g a generator of Z / p Z of order q , window width w , d = ⌈ t / w ⌉ . Ensure: X = g k mod p Precomputation. Compute and store g [ a w − 1 ,..., a 0 ] mod p , ∀ ( a w − 1 , . . . , a 0 ) ∈ Z w 2 . X ← 1 for i from d − 1 downto 0 do X ← X 2 mod p X ← X · g [ K w − 1 ,..., K 1 i , K 0 i ] mod p i end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  10. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method i ] = g K w − 1 One sets: g [ K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i Fixed-base Comb Method (Lim & Lee, Crypto ’94) Require: k = ( k t − 1 , . . . , k 1 , k 0 ) 2 , the DSA modulus p , g a generator of Z / p Z of order q , window width w , d = ⌈ t / w ⌉ . Ensure: X = g k mod p Precomputation. Compute and store g [ a w − 1 ,..., a 0 ] mod p , ∀ ( a w − 1 , . . . , a 0 ) ∈ Z w 2 . X ← 1 for i from d − 1 downto 0 do X ← X 2 mod p X ← X · g [ K w − 1 ,..., K 1 i , K 0 i ] mod p i end for return ( X ) Storage of 2 w − 1 values ∈ F p , With d ← ⌈ t / w ⌉ → d − 1 squarings, d multiplications. C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  11. fi State of The Art State of the Art for Modular Exponentiation Synthesis Complexities and storage amounts of state of the art methods, average case. storage # MM # MS (# values ∈ F p ) Square-and-multiply t / 2 t − 1 - Radix- R method ⌈ t / w ⌉ - ⌈ t / w ⌉ · ( R − 1 ) 2 w − 1 Fixed-base Comb d = ⌈ t / w ⌉ d − 1 C. Nègre, Th. Plantard, J.-M. Robert 7 / 26

  12. State of The Art State of the Art for Modular Exponentiation Synthesis Complexities and storage amounts of state of the art methods, average case. storage # MM # MS (# values ∈ F p ) Square-and-multiply t / 2 t − 1 - Radix- R method ⌈ t / w ⌉ - ⌈ t / w ⌉ · ( R − 1 ) 2 w − 1 Fixed-base Comb d = ⌈ t / w ⌉ d − 1 Complexity Comparison RadixR/FixedBaseComb 1e+07 FixedBaseComb radix R Total available storage #kBytes 1e+06 100000 10000 1000 100 20 40 60 80 100 120 140 number of fi eld multiplications #MM key size t = 512 bits (MS = 0.86 × MM). C. Nègre, Th. Plantard, J.-M. Robert 7 / 26

  13. Contributions Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 8 / 26

  14. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  15. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  16. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; Complexity and storage requirements evaluation; C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  17. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; Complexity and storage requirements evaluation; Software implementations, showing performance improvements. C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  18. Contributions Radix- R and RNS Digit representation Recoding Algorithm The Radix- R = m 0 · m 1 representation is as follows ( gcd ( m 0 , m 1 ) = 1): ℓ − 1 � k i R i , with ℓ = ⌈ t / log 2 ( R ) ⌉ , k = i = 0 and we represent the digits k i using RNS with base B = { m 0 , m 1 } : � k ( 0 ) = k i mod m 0 = | k i | m 0 , i k ( 1 ) = k i mod m 1 = | k i | m 1 . i C. Nègre, Th. Plantard, J.-M. Robert 10 / 26

  19. Contributions Radix- R and RNS Digit representation Recoding Algorithm The Radix- R = m 0 · m 1 representation is as follows ( gcd ( m 0 , m 1 ) = 1): ℓ − 1 � k i R i , with ℓ = ⌈ t / log 2 ( R ) ⌉ , k = i = 0 and we represent the digits k i using RNS with base B = { m 0 , m 1 } : � k ( 0 ) = k i mod m 0 = | k i | m 0 , i k ( 1 ) = k i mod m 1 = | k i | m 1 . i Chinese Remainder Theorem Using the CRT, one can retrieve k i : � � � k ( 0 ) · m 1 · | m − 1 1 | m 0 + k ( 1 ) · m 0 · | m − 1 k i = 0 | m 1 R . � � i i � C. Nègre, Th. Plantard, J.-M. Robert 10 / 26

  20. Contributions Radix- R and RNS Digit representation Recoding Algorithm → RNS splitting In the sequel, let’s denote (when k ( 1 ) � = 0) i 0 = m 1 · | m − 1 m ′ 1 | m 0 ,   m ′ 1 = m 0 · | m − 1 0 | m 1 , i = | k ( 0 ) · ( k ( 1 ) k ′ ) − 1 | m 0 .  i i C. Nègre, Th. Plantard, J.-M. Robert 11 / 26

Recommend

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is publicly verifiable Unforgeable 2 A Digital Signature Scheme Key generation algorithm G (probabilistic) ( pk, sk ) G (1 ) security

602 views • 22 slides
Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Digital Signature And Hash Function Biometric Signature Electronic Signature Act ROC, 2002/04/01,

299 views • 13 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY &amp; NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Digital Signatures and Authentication 1 Outline What is a digital signature ? General

Digital Signatures and Authentication 1 Outline What is a digital signature ? General

Digital Signatures and Authentication 1 Outline What is a digital signature ? General model Foundations of security RSA, DSA, ECDSA signatures Zero knowledge (Guillo-Quisquater) One-time signature Special

675 views • 46 slides
3-509

3-509

3-509 liuzhen@sjtu.edu.cn 1 Digital Signature Hash Function Message Authentication Code 2 Digital Signature There is an electronic document to be sent

738 views • 24 slides
Digital Signatures Model A public key analog of MAC A digital signature scheme includes

Digital Signatures Model A public key analog of MAC A digital signature scheme includes

Digital Signatures Model A public key analog of MAC A digital signature scheme includes the following elements: A private key k A public key k A signature algorithm Public key is published Signature requires

475 views • 24 slides
Digital Signature And Hash Function

Digital Signature And Hash Function

Digital Signature And Hash Function 1 Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Biometric Signature

894 views • 52 slides
IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13

IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13

IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13 OCTOBER 2017 1. What is Digital Signature? 2. Why use Digital Certificate? 3. Digital Signature Act 1997 4. Digital Signature Regulations 1998

282 views • 12 slides
Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange Labs PKC 2020 Context PKC 2020 p 2 Digital Signature Digital signature can be used to authenticate digital data ... Name Birthdate Address

437 views • 33 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

244 views • 21 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

478 views • 24 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally

Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally

Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally ly Tra rans nsform orm Your ur Or Orga ganiz nizat ation ion June 16, 2016 A St Story y Abou out t Di Disn sney Poli licing cing

887 views • 36 slides
Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital Signatures The hash and sign paradigm m c slide 1/18 . Any public key encryption can be turned into a signature. Digital Signatures The hash and

759 views • 28 slides
Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature 1 Signature 2 Signature 2 http://comm ons.wikime dia.org/wiki/ File:Piasnic a- Signature 3 Signature 3 wodowskaz -0.jpg Ida Westerberg 1,2

388 views • 19 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

506 views • 24 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

810 views • 22 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

440 views • 26 slides
ratification and signature Signature vs ratification Signature formal expression of intent to

ratification and signature Signature vs ratification Signature formal expression of intent to

Steps and technical modalities to follow for the deposit of the instrument of ratification and signature Signature vs ratification Signature formal expression of intent to be bound, but no legal obligation yet: however, a State is

585 views • 10 slides
Recursion continued Exercise solution // Returns base ^ exponent. // Precondition: exponent

Recursion continued Exercise solution // Returns base ^ exponent. // Precondition: exponent

Recursion continued Exercise solution // Returns base ^ exponent. // Precondition: exponent &gt;= 0 public static int pow(int x, int n) { if (n == 0) { // base case; any number to 0th power is 1 return 1; } else { // recursive case: x^n =

614 views • 32 slides
The Picnic Digital Signature Algorithm NIST Second PQC Standardization Conference August 2019

The Picnic Digital Signature Algorithm NIST Second PQC Standardization Conference August 2019

The Picnic Digital Signature Algorithm NIST Second PQC Standardization Conference August 2019 Melissa Chase, David Derler, Steven Goldfeder, Jonathan Katz, Vladimir Kolesnikov, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel

765 views • 21 slides
CENG 342 Digital Systems Hexadecimal Digit to Seven-segment LED Decoder Larry Pyeatt

CENG 342 Digital Systems Hexadecimal Digit to Seven-segment LED Decoder Larry Pyeatt

CENG 342 Digital Systems Hexadecimal Digit to Seven-segment LED Decoder Larry Pyeatt SDSM&amp;T 7-segment LED display A 7-segment LED is configured active low (segment is lit when the control signal is 0). Why? 4-bit input as a

374 views • 13 slides
CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary Floating Point Representation Floating point number consists of three components: sign bit, exponent, and mantissa. Example: 12.75: sign is + , exponent

253 views • 12 slides
CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz (Ruhr-Universit at Bochum), Tancr` ede Lepoint (SRI International), Vadim Lyubashevsky (IBM Research), Peter Schwabe (Radboud University), Gregor

1.06k views • 36 slides

More recommend