modular exponentiation
play

Modular Exponentiation In the browser !? P.h.D. semester project, - PowerPoint PPT Presentation

Jan 10, 2023 •25 likes •215 views

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1 Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and

  1. Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1

  2. Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and requires physical presence... Can we make people vote from their bed in a secure way ?? 2

  3. CHVote Geneva is developing a next-gen voting solution for its canton: CHVote. Lot of people living abroad are expected to use the solution. Full formal specifications written by people from the e-Voting group, RISIS, in BFH. Implementation in progress by the DGSI (“Direction générale des systèmes d'information”) 3

  4. Encrypted vote in the browser... Secure voting requires encryption of the vote at the client’s side ● Up to hundreds of votes to encrypt for one client RSA encryption uses modular exponentiation with 1024,2048 or 4096 bit keys. g^s mod q Modular exponentiation is a slow operation. 4

  5. Modular exp. in Javascript ? Javascript is an interpreted language and runs in the browser ● It it *not* fast ● Garbage collected ● Not to mention all the security issues... Nevertheless, a better choice than sending a vote in the clear! 5

  6. What can we do ? Outsource the heavy computation to remote servers (honest-but-curious). In this context: (1) Partial exponentiation ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally with multiplication 6

  7. What can we do ? Offload the heavy computation to remote (2) Local Reconstruction servers (honest-but-curious) ! In this context: ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally with multiplication 7

  8. What can we do ? Offload the heavy computation to remote servers (honest-but-curious)! In this context: (2) Local Reconstruction ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally 8

  9. Splitting the computation Partial exponentiation: v = <vote> a = <public key> q = <modulo> s_i = <random> (i: 0...n-1) s_n = v - SUM(s_i) (i: 0 … n-1) Each server i computes: r_i = a^(s_i) mod q 9

  10. Splitting the computation Partial exponentiation: Local Reconstruction: v = <vote> e = <encrypted vote> a = <public key> q = <modulo> e = MUL(r_i) (i: 0 … n) s_i = <random> (i: 0...n-1) = a ^ (SUM(s_i)) mod q s_n = v - SUM(s_i) (i: 0 … n-1) = a ^ [SUM(s_i) + v - SUM(s_i)] Each server i computes: = a ^ v mod q r_i = a^(s_i) mod q 10

  11. Evaluation: Comparison between: ● Pure Javascript ● Using JSBN library from Tom Wu at ● Split method Stanford (fastest library ?) ● WebAssembly ● Simple one line of code... 11

  12. Evaluation: Comparison between: ● Front end in JS (share splitting + JSON encoding) ● Pure Javascript ○ ~50 lines ● Split method ● Backend in Go using binding to GMP ● WebAssembly ○ Less than 100 lines ● Optimized to send the minimum amount of data 12

  13. Evaluation: Comparison between: ● Pure Javascript ● Split method ● WebAssembly ● Compiled GMP to Wasm in 32 bit ○ Using LLVM 32 bit ○ Without assembly code :( ● Small wrapper in C for mod. Exp. ● Copy data to Wasm heap from JS ○ All in one call 13

  14. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 14

  15. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 15

  16. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 16

  17. Future work ● Look at verifiable computation (NIZK) ○ Is it possible ? ○ Is it expensive ? ○ Look at recent progress such as “ CExp: secure and verifiable outsourcing of composite modular exponentiation with single untrusted server “ (Shuai Li) ● Code optimized hand-written WebAssembly code for modular exponentiation ● Experience with a varying number of servers (3 so far) 17

  18. Conclusions Outsourcing the heavy computation is good in this context ● Performs an order of magnitude better than other solutions ● No need for verification of correct output 18

  19. https://github.com/dedis/students_17_geneva Conclusions Outsourcing the heavy computation IS good in WebAssembly is not ready for prime time yet . this context ● Performs much better in an infinite loop ● Performs an order of magnitude better (graphics) than other solutions ● Compiles only in 32 bit ● No need for verification of correct output ● Can’t compile hand-written assembly 19

Recommend

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

0 12 1 Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and Remainder, GCD, Euclid s algorithm, L(a,b) { au + bv | u,v Z } = { n gcd(a,b) | n Z } Primes, Fundamental Theorem of

272 views • 14 slides
THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e , and n , the following algorithm quickly computes the reduced power a e % n . ( Initialize ) Set ( x, y, f ) = (1 , a, e ). ( Loop ) While f &gt;

175 views • 5 slides
Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2) CCISR, SCIT, University of Wollongong,

708 views • 43 slides
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe NEGRE ( 1 ) , Thomas PLANTARD ( 2 ) and Jean-Marc ROBERT ( 1 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, (University of

1.25k views • 69 slides
a (mod m ) b is congruent to modulo a m b mod mod a m b m

a (mod m ) b is congruent to modulo a m b mod mod a m b m

Number Theory and its Applications Modular Exponentiation Euclidean Algorithm for GCD Solving Linear Congruences Chinese Remainder Theorem and Application to Arithmetic with large numbers Covered in Sections 3.6 and 3.7 Based

489 views • 19 slides
ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In collaboration with Marco S. Bianchi arXiv:1403.3398 N=4 SYM Exponentiation Consider color ordered MHV 4p amplitude in We define the ratio

415 views • 29 slides
CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

Announcements Reading assignments Today and Monday: CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up to p. 191 5 th Edition Lecture 11 Wednesday Modular Exponentiation and Primes

345 views • 5 slides
CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis and Jack Spalding-Jamieson 2020/01/23 University of British Columbia Announcements Again, assignment 1 is due this Saturday!!!!!!!!

490 views • 31 slides
Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene

Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene

Introduction Square Always Parallelization Conclusion Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene Roussellet 2 Vincent Verneuil 2 , 3 Myl` 1 XLIM-Universit e de Limoges, France 2 INSIDE

1.05k views • 60 slides
1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

TEMPORARY MODULAR HOUSING Temporary Modular Housing Community Information Session 7430 7460 Heather Street ( formerly 650 West 57 th Avenue) ) 1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

701 views • 32 slides
CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with a simple algorithm: ans = 1 i = y while i &gt; 0: ans = ans * x i-- Runtime? 2 Just like with multiplication, let's consider large

698 views • 22 slides
Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

S6349 - XMP LIBRARY INTERNALS Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA Accelerated Big Integer Library High Performance Modular Exponentiation A^K mod P Where A, K and P are hundreds to thousands

737 views • 24 slides
SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas Plantard Paris Diderot Universit e, University of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF,

1.16k views • 69 slides
Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like any other homes. Today's technology has allowed modular manufacturers to build almost any style of house, from a simple ranch to a highly customized

522 views • 15 slides
Decrease by a Constant Factor Examples that we have already seen: Binary Search

Decrease by a Constant Factor Examples that we have already seen: Binary Search

Decrease by a constant factor Decrease by a variable amount A FEW LEFTOVER DECREASE AND CONQUER ALGORITHMS Decrease by a Constant Factor Examples that we have already seen: Binary Search Exponentiation (ordinary and modular) by

216 views • 6 slides
Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) -

Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) -

Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) - remainder of x divided by m in { 0 ,..., m 1 } . x is congruent to y modulo m or x y ( mod m ) if and only if ( x y ) is divisible by m .

397 views • 5 slides
Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software why? Building modular software in Java in C++ in .NET Whos talking? @jbaruch 3 WTF IS MODULE? Module Modular

1.87k views • 158 slides
High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic

High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic

High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic question about the Diffie-Hellman system: How quickly can we compute n th powers mod p ? Modular exponentiation. p ; Assume standard prime p =

684 views • 45 slides
Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain Oberthur Technologies &amp; Univ. of Luxembourg 04/24/09 | Session ID: CRYP-403 Session Classification: Agenda RSA and Fault Analysis A New

421 views • 27 slides
resources T M Modular Gold Plant MGP Environmentally Friendly True Modular

resources T M Modular Gold Plant MGP Environmentally Friendly True Modular

SPECIALISTS IN ADVANCED GOLD PROCESSING PLANTS resources T M Modular Gold Plant MGP Environmentally Friendly True Modular Construction Physical Recovery Process High Gold Recovery resources T M Modular Gold Plant

569 views • 21 slides
Surreal models of the reals with exponentiation A. Berarducci University of Pisa Paris, IHP, 6-8

Surreal models of the reals with exponentiation A. Berarducci University of Pisa Paris, IHP, 6-8

Surreal models of the reals with exponentiation A. Berarducci University of Pisa Paris, IHP, 6-8 Feb. 2018 A. Berarducci (University of Pisa) Surreal models of the reals with exponentiation Paris, IHP, 6-8 Feb. 2018 1 / 39 Introduction I

611 views • 39 slides
WHITTAKER FUNCTIONS IN MODULAR FORMS Let F be a classical holomorphic modular form for SL(2, )

WHITTAKER FUNCTIONS IN MODULAR FORMS Let F be a classical holomorphic modular form for SL(2, )

DO GROWING WHITTAKER FUNCTIONS Stephen D. Miller Rutgers University ACTUALLY OCCUR IN AUTOMORPHIC Joint work with Tien Trinh, FORMS? University of Colorado, Boulder WHITTAKER FUNCTIONS IN MODULAR FORMS Let F be a classical holomorphic modular

380 views • 17 slides
DATUM SYSTEMS M7 Modular Series Introduction June 2014 New M7 Modular Modem Series with

DATUM SYSTEMS M7 Modular Series Introduction June 2014 New M7 Modular Modem Series with

Saving Bandwidth made Easy and Affordable DATUM SYSTEMS M7 Modular Series Introduction June 2014 New M7 Modular Modem Series with Smart Technology M7 / M7L / M7D / M7LD M7LT Remote Sat-Terminal Compact 1/2 Rack Wide

488 views • 24 slides
MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight Modular exponentiation Euclid's algorithm (if there is time) extended Euclid's algorithm 1 Quick look at review topics in textbook REVIEW

314 views • 10 slides

More recommend