putting wings on sphincs
play

Putting wings on SPHINCS PQCRYPTO Conference Stefan K olbl April - PowerPoint PPT Presentation

Jun 01, 2023 •141 likes •692 views

Putting wings on SPHINCS PQCRYPTO Conference Stefan K olbl April 10th, 2018 Technical University of Denmark, Cybercrypt SPHINCS SPHINCS Hash-based signature scheme Stateless 128-bit post-quantum security Sizes: Public

  1. Putting wings on SPHINCS PQCRYPTO Conference Stefan K¨ olbl April 10th, 2018 Technical University of Denmark, Cybercrypt

  2. SPHINCS SPHINCS • Hash-based signature scheme • Stateless • 128-bit post-quantum security • Sizes: • Public Key: 1KB • Secret Key: 1KB • Signature: 41KB https://sphincs.cr.yp.to/ 1

  3. How to instantiate SPHINCS? 1

  4. SPHINCS Main components: • One-time Signature (WOTS) • Few-time Signature (HORST) • Merkle-Tree 2

  5. SPHINCS Level 1 . . . Level 2 32x Level 12 HORST Message 3

  6. SPHINCS pk OTS sign . . . . . . . . . pk pk pk pk OTS sign 4

  7. SPHINCS What is computed? • Many calls to a hash function... • ...but using short input only. f f f f 5

  8. SPHINCS For one signature • ≈ 450.000 times F • ≈ 90.000 times H { 0 , 1 } 512 { 0 , 1 } 256 H { 0 , 1 } 256 { 0 , 1 } 256 F 6

  9. Cryptographic Hash Functions Which hash function could we use? • Standards • SHA256 • SHA-3 • ChaCha12 permutation • Keccak • Haraka • Simpira 7

  10. Cryptographic Hash Functions SHA-2 (FIPS PUB 180-4) • 512-bit Message Blocks • Padding... M 1 M 2 M n h 1 h n +1 f f f IV 8

  11. Cryptographic Hash Functions SHA3-256 (FIPS PUB 202) • 1600-bit Permutation • 1088-bit Message Blocks h M 0 M 1 M 2 h 0 h 1 r 0 π π π π π c 0 9

  12. Cryptographic Hash Functions Other Keccak variants: • Use 800-bit permutation? • Use less rounds (Kangaroo12 1 ). • Best preimage attack on 4 rounds 2 . 0 see https://eprint.iacr.org/2016/770 0 Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak, Asiacrypt 2016 10

  13. Cryptographic Hash Functions ChaCha12 • Suggested in SPHINCS paper. • Use ChaCha12 permutation in sponge. • Great software performance with vectorization. 11

  14. Cryptographic Hash Functions Haraka: A short-input hash function 3 • Permutation based on AES rounds. • SPN construction. • 256- and 512-bit permutation. trunc x H ( x ) π 3 https://eprint.iacr.org/2016/098 12

  15. Cryptographic Hash Functions Simpira 4 • Permutation based on AES rounds. • Feistel construction. • 256- and 512-bit permutation. trunc x H ( x ) π 4 https://eprint.iacr.org/2016/122 13

  16. Microarchitectures SPHINCS not well suited for small devices 5 • Signature size larger than RAM for some devices. • Computational costs for signing high... • ... but verification is cheap. Focus on highend platforms: • Intel Haswell/Skylake, AMD Ryzen • ARM Cortex A57/A72 5 see https://eprint.iacr.org/2015/1042 14

  17. Microarchitectures How to get a fast implementation? • Vectorization (AVX2, NEON, AVX-512) • Hardware Support (AES, SHA-2, SHA-3) • Utilize pipeline 15

  18. Microarchitectures Vector Instructions X 7 X 6 X 5 X 4 X 3 X 2 X 1 X 0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ Y 7 Y 6 Y 5 Y 4 Y 3 Y 2 Y 1 Y 0 = = = = = = = = Z 7 Z 6 Z 5 Z 4 Z 3 Z 2 Z 1 Z 0 • Apply same operation on all elements of the vector. • Use independet inputs. 16

  19. Microarchitectures Pipelining • Latency • Inverse Throughput Cycles aesenc aesenc aesenc L aesenc 17

  20. Microarchitectures Pipelining • Latency • Inverse Throughput Cycles aesenc aesenc aesenc aesenc aesenc aesenc T − 1 aesenc 17

  21. Microarchitectures Pipelining • Latency • Inverse Throughput Cycles aesenc aesenc aesenc aesenc aesenc aesenc aesenc aesenc aesenc T − 1 aesenc 17

  22. Platforms Performance varies a lot depending on the platform Latency inv. Throughput Platform Instruction Skylake vectorized XOR 1 0.33 Ryzen vectorized XOR 1 0.5 Cortex A57 vectorized XOR 3 2 18

  23. Implementations How to implement those functions efficiently? • SHA-2 • Keccak[ b = 800] • ChaCha12 • Haraka • Simpira 19

  24. Implementations How to implement those functions efficiently? • SHA-2 • 32-bit word oriented • Vectorize • Hardware Support • Keccak[ b = 800] • ChaCha12 • Haraka • Simpira 19

  25. Implementations How to implement those functions efficiently? • SHA-2 • Keccak[ b = 800] • 32-bit word oriented • Vectorize • ChaCha12 • Haraka • Simpira 19

  26. Implementations How to implement those functions efficiently? • SHA-2 • Keccak[ b = 800] • ChaCha12 • 32-bit word oriented • Vectorize • Haraka • Simpira 19

  27. Implementations How to implement those functions efficiently? • SHA-2 • Keccak[ b = 800] • ChaCha12 • Haraka • AES + permute • Simpira 19

  28. Implementations How to implement those functions efficiently? • SHA-2 • Keccak[ b = 800] • ChaCha12 • Haraka • Simpira • AES 19

  29. Tour de SPHINCS 19

  30. Tour de SPHINCS Intel Skylake • AVX2 (256-bit vector) • AES-NI 20

  31. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 • AVX2 (256-bit vector) Haraka • AES-NI Keccak SHA-256 Simpira 20

  32. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 • AVX2 (256-bit vector) Haraka • AES-NI Keccak SHA-256 142.06 Simpira 20

  33. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 • AVX2 (256-bit vector) Haraka • AES-NI Keccak 108.62 SHA-256 142.06 Simpira 20

  34. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 43.49 • AVX2 (256-bit vector) Haraka • AES-NI Keccak 108.62 SHA-256 142.06 Simpira 20

  35. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 43.49 • AVX2 (256-bit vector) Haraka • AES-NI Keccak 108.62 SHA-256 142.06 Simpira 28.40 20

  36. Tour de SPHINCS Signing (million cycles) Design Skylake Intel Skylake ChaCha12 43.49 • AVX2 (256-bit vector) Haraka 20.78 • AES-NI Keccak 108.62 SHA-256 142.06 Simpira 28.40 20

  37. Tour de SPHINCS AMD Ryzen • AVX2 (256-bit vector) • AES-NI (2 ports) • SHA256 instructions 21

  38. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 • AES-NI (2 ports) Haraka Keccak • SHA256 instructions SHA-256 Simpira 21

  39. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 • AES-NI (2 ports) Haraka Keccak 189.98 • SHA256 instructions SHA-256 Simpira 21

  40. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 63.42 • AES-NI (2 ports) Haraka Keccak 189.98 • SHA256 instructions SHA-256 Simpira 21

  41. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 63.42 • AES-NI (2 ports) Haraka Keccak 189.98 • SHA256 instructions SHA-256 53.33 Simpira 21

  42. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 63.42 • AES-NI (2 ports) Haraka Keccak 189.98 • SHA256 instructions SHA-256 53.33 Simpira 20.43 21

  43. Tour de SPHINCS Signing (million cycles) AMD Ryzen Design Ryzen • AVX2 (256-bit vector) ChaCha12 63.42 • AES-NI (2 ports) Haraka 15.54 Keccak 189.98 • SHA256 instructions SHA-256 53.33 Simpira 20.43 21

  44. Tour de SPHINCS ARM Cortex A57 • NEON (128-bit vector) • AES • SHA256 support 22

  45. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 • AES Haraka Keccak • SHA256 support SHA-256 Simpira 22

  46. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 • AES Haraka Keccak 376.90 • SHA256 support SHA-256 Simpira 22

  47. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 193.51 • AES Haraka Keccak 376.90 • SHA256 support SHA-256 Simpira 22

  48. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 193.51 • AES Haraka Keccak 376.90 • SHA256 support SHA-256 92.08 Simpira 22

  49. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 193.51 • AES Haraka Keccak 376.90 • SHA256 support SHA-256 92.08 Simpira 63.48 22

  50. Tour de SPHINCS Signing (million cycles) ARM Cortex A57 Design Cortex A57 • NEON (128-bit vector) ChaCha12 193.51 • AES Haraka 47.10 Keccak 376.90 • SHA256 support SHA-256 92.08 Simpira 63.48 22

  51. Formula SPHINCS Hash Performance for F 20 16.71 ChaCha 18 Haraka 16 Keccak Cycles per Byte 14 SHA256 12 Simpira 10 6.94 7.3 5.52 8 4.11 3.91 6 2.73 2.44 1.85 1.71 4 1.08 0.94 0.63 0.39 0.49 2 0 Skylake Ryzen Cortex-A57 23

  52. Formula SPHINCS Hash Performance for H 11 8.68 ChaCha 10 Haraka 7.15 9 Keccak Cycles per Byte 8 SHA256 7 Simpira 6 3.55 5 2.73 2.58 2.20 4 1.82 1.71 1.44 1.51 1.13 3 0.94 0.72 0.48 0.49 2 1 0 Skylake Ryzen Cortex-A57 24

  53. NIST PQ Competition Two variants of SPHINCS in NIST PQ competition: • Gravity-SPHINCS • Results directly apply. • Already uses Haraka. • SPHINCS+ • Tweakable Hash. • Needs to process slightly larger inputs. 25

Recommend

Wings Demo Walkthrough For a brief overview of Wings, see

Wings Demo Walkthrough For a brief overview of Wings, see

Wings Demo Walkthrough For a brief overview of Wings, see http://www.isi.edu/~gil/slides/WingsTour-8-08.pdf Last Update: August 22, 2008 1 Summary of Wings Demonstration Wings can: Express high-level reusable workflow templates

794 views • 36 slides
SMILES ON WINGS SMILES ON WINGS NEW BEGINNINGS D I N I N G F O R W O M E N - D E C E M B E R

SMILES ON WINGS SMILES ON WINGS NEW BEGINNINGS D I N I N G F O R W O M E N - D E C E M B E R

SMILES ON WINGS SMILES ON WINGS NEW BEGINNINGS D I N I N G F O R W O M E N - D E C E M B E R 2 0 1 3 HISTORY SMILES ON WINGS Oct October 2003 ber 2003 SOW was founded by Dr. Usa Bunnag, a native Thai dentist living and practicing

199 views • 15 slides
Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume

Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume

Gravity-SPHINCS First PQC Standardization Conference Jean-Philippe Aumasson 1 , Guillaume Endignoux 2 Wednesday 11 th April, 2018 1 Kudelski Security 2 Work done while at Kudelski Security and EPFL 1 Introduction: SPHINCS Hash-based signatures

725 views • 35 slides
Characteris/cs of finite wings Flow around the wing @p

Characteris/cs of finite wings Flow around the wing @p

Finite wings Introduc)on to Aeronau)cal Engineering Ir. Nando Timmer Franck Cabrol - CC - BY - SA 3.0 Characteris/cs of finite wings Flow

292 views • 13 slides
A Very Old Man with Enormous Wings Bellwork 2/15/2018 -Read A Very Old Man with Enormous

A Very Old Man with Enormous Wings Bellwork 2/15/2018 -Read A Very Old Man with Enormous

A Very Old Man with Enormous Wings Bellwork 2/15/2018 -Read A Very Old Man with Enormous Wings by Gabriel Garcia Marquez Page 406 to 409 Alata will be here soon... Journal Entry: - What kinds of things have you experienced in your

591 views • 29 slides
What are the 4Cs? About WINGS Global Mandate Network of almost 90 grantmaker associations and

What are the 4Cs? About WINGS Global Mandate Network of almost 90 grantmaker associations and

Assessing the Value of Philanthropy Infrastructure: What are the 4Cs? About WINGS Global Mandate Network of almost 90 grantmaker associations and philanthropic support organisations in more than 30 countries. Together WINGS members and

313 views • 14 slides
A new submission to the SNAKE OIL CRYPTO competition Roberto Avanzi @FakeIACR (ad hodorem)

A new submission to the SNAKE OIL CRYPTO competition Roberto Avanzi @FakeIACR (ad hodorem)

A new submission to the SNAKE OIL CRYPTO competition Roberto Avanzi @FakeIACR (ad hodorem) Diego Aranha (our network expert) ANNOUNCEMENT After SPHINCS and SPHINCS-Haraka we are introducing a third variant of this

482 views • 4 slides
Transient Capability of a Multi-group Pin Homogenized SP 3 Code SPHINCS Hyun Ho Cho 1) , Junsu Kang

Transient Capability of a Multi-group Pin Homogenized SP 3 Code SPHINCS Hyun Ho Cho 1) , Junsu Kang

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Transient Capability of a Multi-group Pin Homogenized SP 3 Code SPHINCS Hyun Ho Cho 1) , Junsu Kang 1) , Joo Il Yoon 2) and Han Gyu Joo 1)* Seoul National University,

272 views • 4 slides
SCHEME SPHINCS-256 Dorian Amiet 1 , Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule fr

SCHEME SPHINCS-256 Dorian Amiet 1 , Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule fr

IMES FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256 Dorian Amiet 1 , Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule fr Technik, Rapperswil, Switzerland 2 Securosys SA, Zrich, Switzerland CHES 2018 12.09.2018

525 views • 28 slides
WINGS-SSA Collaboration Sally Balch Hurme, JD National Guardianship Association Board of

WINGS-SSA Collaboration Sally Balch Hurme, JD National Guardianship Association Board of

WINGS-SSA Collaboration Sally Balch Hurme, JD National Guardianship Association Board of Directors Working Interdisciplinary Networks of WINGS Guardianship Stakeholders Ongoing Court-initiated Problem-solving

337 views • 12 slides
these wings must be inclined to the relative wind. The inclination of the body and wings is

these wings must be inclined to the relative wind. The inclination of the body and wings is

MISSILE DYNAMICS presented by 6- by 6-Foot Supersonic Wind-Tunnel In our demonstration today, we are going to try to explain certain difficult aspects of missile research with which we are concerned, not only here, but in various other sections

275 views • 8 slides
Feature The 'Plight of the Monarch' and Wings of Change by Sandy Lindsay April 21, 2016

Feature The 'Plight of the Monarch' and Wings of Change by Sandy Lindsay April 21, 2016

(continued) Feature The 'Plight of the Monarch' and Wings of Change by Sandy Lindsay April 21, 2016 www.saugeentimes.com To Comment on this article Click Here Monarch message at Southampton Library attracts interested group 'Wings of Change'

429 views • 3 slides
SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas Hlsing Tanja Lange Ruben Niederhagen Louiza Papachristodoulou Michael Schneider Peter Schwabe Zooko Wilcox-OHearn 28 April 2015 Hash-based

586 views • 33 slides
SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H ulsing Tanja Lange Ruben Niederhagen Louiza Papachristodoulou Michael Schneider Peter Schwabe Zooko Wilcox-OHearn 2 April 2015 Traditional hash-based

288 views • 10 slides
Wings & Waves Interna.onal Cargo LLC OUR MISSION: Keep Our Customers Happy By Offering Service

Wings & Waves Interna.onal Cargo LLC OUR MISSION: Keep Our Customers Happy By Offering Service

Wings & Waves Interna.onal Cargo LLC OUR MISSION: Keep Our Customers Happy By Offering Service Beyond Expecta;ons! OUR VISION: Be the world leader in complete logis;cs solu;ons INTRODUCTION: Wings and Waves is supported by well experienced

203 views • 9 slides
Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Powered by Powered by Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil Jihie Kim Varun Ratnakar Ewa Deelman USC Information Sciences Institute www.isi.edu/ikcap/wings pegasus.isi.edu

505 views • 28 slides
Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton

Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton

Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton Mowery Chris Kanich UC San Diego 1 Mechanical Turk Crowdsourcing platform Requesters post tasks paying 1 $10 Workers perform HITs

381 views • 18 slides
Unit 12: Putting it All Together: Briefly talk about system Digital Circuits Graphics

Unit 12: Putting it All Together: Briefly talk about system Digital Circuits Graphics

This Unit: Putting It All Together Application Anatomy of a game console OS Microsoft XBox 360 Compiler Firmware CIS 501: Computer Architecture Focus mostly on CPU chip CPU I/O Memory Unit 12: Putting it All Together: Briefly

374 views • 5 slides
Relax Into Enlightenment W E L C O M E S H A U M B R A W O R L D W I D E Wings through the

Relax Into Enlightenment W E L C O M E S H A U M B R A W O R L D W I D E Wings through the

Relax Into Enlightenment W E L C O M E S H A U M B R A W O R L D W I D E Wings through the Web In love and gratitude for John Kuderka Transitioned on October 3, 2017 JOHN RECAP O C T O B E R 2 0 1 7 SHOUD RECAP Recent Events

688 views • 45 slides
BC Government & BCTF Putting the Students First BC Government & BCTF Putting the

BC Government & BCTF Putting the Students First BC Government & BCTF Putting the

BC Government & BCTF Putting the Students First BC Government & BCTF Putting the Students First BC Publi lic c Schools ools have e 40,000 0 teache hers s and ov over er 500,000 00 stud uden ents s in 60 school ool distric

472 views • 13 slides
Babylon Medea-Persia Greece Rome Lion with Lopsided Four- Monstrous Eagles Wings Bear

Babylon Medea-Persia Greece Rome Lion with Lopsided Four- Monstrous Eagles Wings Bear

Babylon Medea-Persia Greece Rome Lion with Lopsided Four- Monstrous Eagles Wings Bear Headed Beast Leopard Lion = king of 3 ribs Ten horns 4 wings beasts 4 heads Eagle = king of birds 5 The Focus is on the Fourth Beast

684 views • 45 slides
No 17 when the snow comes with an emergency landing across the moor and spreads its wings

No 17 when the snow comes with an emergency landing across the moor and spreads its wings

No 17 when the snow comes with an emergency landing across the moor and spreads its wings across the fields with black frost I can see the summer dying in the mouth of a small child I can read from the lips of the moon that is turning

962 views • 10 slides
Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city

Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city

Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city Chris Scott Head of Corporate Communications, London Sport March 17 August 16 March 15 January 16 November 16 17 years ago

606 views • 46 slides
Giving Ireland Wings The Development of the Shannon Aviation &

Giving Ireland Wings The Development of the Shannon Aviation &

Giving Ireland Wings The Development of the Shannon Aviation & Aerospace Cluster as Smart Specialisation 01 October 2015 History Shannon Airport dates from the 1940s

640 views • 15 slides

More recommend