faster binary curve software a case study
play

Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm - PowerPoint PPT Presentation

Dec 04, 2022 •451 likes •602 views

Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm B. B. Brumley Department of Pervasive Computing Tampere University of Technology, Finland billy.brumley AT tut.fi 20 Oct 2015 1 / 14 Elliptic curves over binary fields Fix m

  1. Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm B. B. Brumley Department of Pervasive Computing Tampere University of Technology, Finland billy.brumley AT tut.fi 20 Oct 2015 1 / 14

  2. Elliptic curves over binary fields Fix m and consider all of the ( x , y ) solutions over F 2 m to the following equation: E : y 2 + xy = x 3 + a 2 x 2 + a 6 Standardized curves $ openssl ecparam -list_curves ... sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field sect163r2 : NIST/SECG curve over a 163 bit binary field sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field sect239k1 : SECG curve over a 239 bit binary field sect283k1 : NIST/SECG curve over a 283 bit binary field sect283r1 : NIST/SECG curve over a 283 bit binary field sect409k1 : NIST/SECG curve over a 409 bit binary field sect409r1 : NIST/SECG curve over a 409 bit binary field sect571k1 : NIST/SECG curve over a 571 bit binary field sect571r1 : NIST/SECG curve over a 571 bit binary field ... 2 / 14

  3. Carryless multiplication 3 / 14

  4. Point multiplication 4 / 14

  5. Affine coordinates OpenSSL implements curve operations as written in P1363. Addition Let P = ( x 1 , y 1 ), Q = ( x 2 , y 2 ) such that P � = ± Q . Then P + Q = ( x 3 , y 3 ) is given by x 3 = λ 2 + λ + x 1 + x 2 + a 2 y 3 = λ ( x 1 + x 3 ) + x 3 + y 1 λ = y 1 + y 2 x 1 + x 2 Doubling Let P = ( x 1 , y 1 ) then 2 P = ( x 3 , y 3 ), where x 3 = λ 2 + λ + a 2 y 3 = λ ( x 1 + x 3 ) + x 3 + y 1 λ = x 1 + y 1 x 1 5 / 14

  6. Lambda coordinates Affine (Knudsen 1999) Short affine point P = ( x , y ) is ( x , λ ) where λ = x + y / x . Projective (Oliveira et al. 2014) With projective equation ( L 2 + LZ + a 2 Z 2 ) X 2 = X 4 + a 6 Z 4 . the λ -projective point ( X 1 : L 1 : Z 1 ) corresponds to the λ -affine point ( X 1 / Z 1 , L 1 / Z 1 ). The inverse of ( X 1 : L 1 : Z 1 ) is ( X 1 : L 1 + Z 1 : Z 1 ). 6 / 14

  7. Computational costs Computational costs of elliptic curve operations in various coordinate systems w.r.t. finite field inversions ( I ), multiplications ( M ), and squarings ( S ). Coordinates double add negate affine 1 I + 2 M + 1 S 1 I + 2 M + 1 S – LD-projective (mixed) 4 M + 5 S 8 M + 5 S 1 M λ -projective (mixed) 4 M + 4 S 8 M + 2 S – λ -projective 4 M + 4 S 11 M + 2 S – 7 / 14

  8. ECC in OpenSSL struct ec_method_st { ... int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); ... int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); ... int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); ... int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); ... int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int (*precompute_mult) (EC_GROUP *group, BN_CTX *); int (*have_precompute_mult) (const EC_GROUP *group); int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); ... } /* EC_METHOD */ ; 8 / 14

  9. Scalar multiplication in OpenSSL /** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object * \param r EC_POINT object for the result * \param n BIGNUM with the multiplier for the group generator (optional) * \param num number futher summands * \param p array of size num of EC_POINT objects * \param m array of size num of BIGNUM objects * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); 9 / 14

  10. Montgomery’s Ladder in OpenSSL /*- * Computes scalar*point and stores the result in r. * point can not equal r. * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES ’99, LNCS 1717). * * To protect against side-channel attack the function uses constant time swap, * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) 10 / 14

  11. Bug attacks and projective randomization ◮ Bug attacks (Biham et al. 2008) target implementation errors to steal keys. ◮ Pick β at random, and at the beginning of scalar multiplication set the accumulator to ( β X : β L : β Z ). ◮ Observe ( β X : β L : β Z ) �→ (( β X ) / ( β Z ) , ( β L ) / ( β Z )) = ( X / Z , L / Z ). 11 / 14

  12. ECDH performance ECDH operations per second. Intel Celeron 2955U 1.40GHz. curve stock modified gain nistk163 2107.7 2022.6 -4.0% nistk233 1675.2 1670.2 -0.3% nistk283 929.3 921.0 -0.9% nistk409 589.5 563.8 -4.4% nistk571 248.7 244.9 -1.5% nistb163 2043.9 2011.4 -1.6% nistb233 1600.9 1640.6 2.5% nistb283 891.6 903.9 1.4% nistb409 551.9 559.4 1.4% nistb571 229.1 243.5 6.3% 12 / 14

  13. ECDSA performance ECDSA operations per second. Intel Celeron 2955U 1.40GHz. curve stock modified gain stock modified gain (sign) (sign) (sign) (verify) (verify) (verify) nistk163 2304.1 6723.4 191.8% 1022.9 1617.6 58.1% nistk233 1146.2 5147.5 349.1% 791.8 1313.5 65.9% nistk283 770.6 3136.7 307.0% 442.6 744.2 68.1% nistk409 341.0 1969.2 477.5% 280.2 456.4 62.9% nistk571 158.2 896.0 466.4% 120.2 199.0 65.6% nistb163 2300.3 6684.2 190.6% 983.1 1635.9 66.4% nistb233 1174.2 5227.7 345.2% 765.0 1280.2 67.3% nistb283 771.3 3142.4 307.4% 420.1 735.1 75.0% nistb409 339.8 1952.7 474.7% 262.4 446.5 70.2% nistb571 157.6 858.8 444.9% 111.1 197.7 77.9% 13 / 14

  14. Conclusion ◮ Source code patches: RT 4013 http://marc.info/?l=openssl-dev&m=144008703808363 ◮ Leverages existing arch, not a(nother) full stack ◮ Crypto in a vacuum has dubious utility Future work Specialized finite field arithmetic (Bluhm & Gueron 2015) 14 / 14

Recommend

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why should we care? Previous research Michael W. Godfrey A case study: The Linux OS kernel Qiang Tu Observations, hypotheses, and future

179 views • 6 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

912 views • 4 slides
results and experiences Sebastian Frank Santiago Vidal SQuAT Case Study Experiences Results

results and experiences Sebastian Frank Santiago Vidal SQuAT Case Study Experiences Results

Universidad Nacional del Centro (UNICEN) Institute of Software Technology ISISTAN Research Institute Reliable Software Systems Software Engineering Group Using the CoCoME We already community case study attended for evaluating the SSP

490 views • 20 slides
10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn

10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn

10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn Street Mountain View, CA 94043 www.electric-cloud.com Overview Overview Slow builds impact almost all medium/large development teams Electric Cloud

716 views • 32 slides
Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997

Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997

Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997 Overview Case study paper (Kitchenham et al) Overview of case study methodology Good case studies are powerful. They are also rare

561 views • 15 slides
Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component

Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component

Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component family can be used to arrange the labels on binary tree nodes in a variety of useful ways A common arrangement of labels, which supports searching

890 views • 73 slides
ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case

ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case

ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case study to understand the requirements issues more clearly Virtual Case File 3 What is the virtual case file? Goal : to automate the FBIs

261 views • 15 slides
Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development

Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development

National Aeronautics and Space Administration NASAs Core Flight Software - a Reusable Real-Time Framework Topics: Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development Efforts CFS Training

960 views • 61 slides
A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide

A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide

A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide Frank McCarey Nicholas Kushmerick University College Dublin - Ireland frank.mccarey@ucd.ie May 2004 Introduction ! Software Reuse is

471 views • 21 slides
WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER

WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER

WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER 1 . 2 WRITING FASTER PYTHON @SebaWitowski 1 . 3 PYTHON WAS NOT MADE TO BE FAST... ...BUT TO MAKE DEVELOPERS FAST. 2 . 1 It was nice to

451 views • 43 slides
Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Overview Using Curve Implementation Lessons Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation Lessons Ninjas Shinobi Kun An John Chan David Mauskop Wisdom Omuya Zitong Wang Curve Ninjas

360 views • 17 slides
Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many

Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many

Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many algos one algo vs many codes one code vs many binaries one binary vs many runs We want faster runs for the same operation. why go fast?

620 views • 17 slides
Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with

Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with

Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with increasing temperature and decreasing temperature. Note that there is a hysteresis especially in the transition region. 4 Pool Boiling Curve

295 views • 7 slides
Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin

Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin

Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin (linx7@mail.uc.edu) Department of EECS, University of Cincinnati, OH SE4Science, Montreal, Canada May 28, 2019 Acknowledgments Nan Niu Xuanyi Lin Michelle Simon

323 views • 14 slides
Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software

Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software

How Software AG built up its Online Communities with OpenCms Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software AG & componio GmbH at a glance Company Presentation | Status: April 2011 | Page 2

915 views • 54 slides
1 1. some theory Proces of change of target groups forms an g g g p S-shaped curve;

1 1. some theory Proces of change of target groups forms an g g g p S-shaped curve;

Strategy to speed up largescale adoption of the CNG Car Cees Egmond Senternovem Summer study ECEEE 4-9 june 2007 1 Overview presentation Introduction Some theory Report on a Case study: Marketintroduction of theCNG-car,

942 views • 9 slides
Conducting a Long-Term Case Study in a Software Firm Experience Report Sofia Sherman Irit Hadar

Conducting a Long-Term Case Study in a Software Firm Experience Report Sofia Sherman Irit Hadar

Conducting a Long-Term Case Study in a Software Firm Experience Report Sofia Sherman Irit Hadar Dept. of Information Systems University of Haifa Software Architecture Lab. The research Research agenda: To define the software

210 views • 8 slides
Process Mining; Concepts and Case Studies Milad Naeimaei (M.A, B.Eng) Ali Bozorgi (Ph.D) 6-Case

Process Mining; Concepts and Case Studies Milad Naeimaei (M.A, B.Eng) Ali Bozorgi (Ph.D) 6-Case

Process Mining; Concepts and Case Studies Milad Naeimaei (M.A, B.Eng) Ali Bozorgi (Ph.D) 6-Case Study-2 4-Software 2- Literature Review 5-Case Study-1 3-Methodology 1-Concepts Proce cess a collection of related, structured activities or

1.47k views • 69 slides
Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc kland What We ll Co ve r T o day T he L ig htbulb Mo me nt My Ph.D Case Study Case Study Charac te ristic s Case Study Stre

424 views • 10 slides
Challenges of linking statistical data and phonetic pronunciation software Case study: Problem Of

Challenges of linking statistical data and phonetic pronunciation software Case study: Problem Of

Challenges of linking statistical data and phonetic pronunciation software Case study: Problem Of Regular Statistics Establishments' Frames In Egypt Nehall Ahmed Farouk nehall_ahmed@capmas.gov.eg Research , sampling ,and computer specialist

348 views • 23 slides
Teaching Software Architecture Process to Undergraduate Students: A Case Study Lotfi ben Othmane

Teaching Software Architecture Process to Undergraduate Students: A Case Study Lotfi ben Othmane

Teaching Software Architecture Process to Undergraduate Students: A Case Study Lotfi ben Othmane Iowa State University 2nd International Workshop on Engineering IoT Systems: Architectures, Services, Applications, and Platforms Seattle, April

907 views • 19 slides
The Influence of Organizational Structure on Software Quality: An Empirical Case Study

The Influence of Organizational Structure on Software Quality: An Empirical Case Study

The Influence of Organizational Structure on Software Quality: An Empirical Case Study Nachiappan Nagappan Brendan Murphy Victor R. Basili Microsoft Research Microsoft Research University of Maryland Redmond, WA, USA Cambridge, UK College

348 views • 33 slides
Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System

Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System

Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System Level Verifier Toni Mancini, Annalisa Massini, Federico Mari , Igor Melatti, Ivano Salvo, Enrico Tronci Computer Science Department Sapienza University

668 views • 23 slides
2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Page 1 of 7 2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular, symbolic problem. The solution that we develop incorporates a task scheduling algorithm. 2.7.1

259 views • 7 slides

More recommend