spa resistant exponentiation based on brun s gcd algorithm
play

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie - PowerPoint PPT Presentation

Aug 14, 2022 •449 likes •1.16k views

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas Plantard Paris Diderot Universit e, University of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF,

  1. SPA resistant Exponentiation based on Brun’s GCD algorithm Val´ erie Berth´ e , Thomas Plantard Paris Diderot Universit´ e, University of Wollongong http://www.uow.edu.au/˜ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 1 / 31

  2. Introduction Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 2 / 31

  3. Introduction Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 3 / 31

  4. Exponentiation Exponentiation RSA: in ( Z / ( N Z )) ∗ , compute g e mod N using Modular Multiplication and Squaring. ECC: on a group, compute kP using 2 P and P + Q . Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 4 / 31

  5. Exponentiation Exponentiation RSA: in ( Z / ( N Z )) ∗ , compute g e mod N using Modular Multiplication and Squaring. ECC: on a group, compute kP using 2 P and P + Q . Generic Algorithm Right To Left Left To Right Radix-R exponentiation Radix-R exponentiation with Odd Coefficient Sliding Window Montgomery Ladder Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 4 / 31

  6. Specific Group For ( Z / N Z ) Multiply Always Square Always Square And Multiply Always: 1 replace by N + 1 Exponentiation using multiplicative half-size splitting Montgomery Ladder with Common Operand Multiplication Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 5 / 31

  7. Specific Group For ( Z / N Z ) Multiply Always Square Always Square And Multiply Always: 1 replace by N + 1 Exponentiation using multiplicative half-size splitting Montgomery Ladder with Common Operand Multiplication For ECC NAF Exponentiation: using − P Addition Chain Exponentiation: No Doubling Double Base: exponent in base 2 a 3 b Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 5 / 31

  8. Specific Case Exponentiation with g constant Radix-R exponentiation: exponent in base R = 2 t NAF Representation Comb Method RNS Digit Exponent: exponent represented in base m 0 m 1 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 6 / 31

  9. Specific Case Exponentiation with g constant Radix-R exponentiation: exponent in base R = 2 t NAF Representation Comb Method RNS Digit Exponent: exponent represented in base m 0 m 1 Exponentiation with e random Addition Chain Double Base Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 6 / 31

  10. In this Work Exponentiation Generic Group SPA Protection g variable e given Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 7 / 31

  11. In this Work Exponentiation Generic Group SPA Protection g variable e given Current Solution Radix-R Memorise g i , i ∈ [1 , R ] Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 7 / 31

  12. Exponentiation: g e with e < 2 k Left To Right Exponentiation a ← 1 for i = k − 1 to 0 do a ← a 2 if e i = 1 then a ← a × g Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 8 / 31

  13. Exponentiation: g e with e < 2 k Left To Right Exponentiation a ← 1 for i = k − 1 to 0 do a ← a 2 if e i = 1 then a ← a × g Right To Left Exponentiation a ← 1 , b ← g for i = 0 to k − 1 do if e i = 1 then a ← a × b b ← b 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 8 / 31

  14. SPA Attack Recognising Operations XXXXXXXXXXXXXXXXXXXXXXXX Modular Squaring (S): a ← a 2 Modular Multiplication (M): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 9 / 31

  15. SPA Attack Recognising Operations XXXXXXXXXXXXXXXXXXXXXXXX Modular Squaring (S): a ← a 2 Modular Multiplication (M): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS Regroup Operations SSMSMSSMSMSSSMSMSMSSSSMS (S)(SM)(SM)(S)(SM)(SM)(S)(S)(SM)(SM)(SM)(S)(S)(S)(SM)(S) Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 9 / 31

  16. SPA Counter Measure Classic Solution: Constant Time Algorithm Goal: Unlink Sequence of Operations to Secret Key Solution: Same Sequence for all secret key Drawback: Average Case=Worst Case Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 10 / 31

  17. SPA Counter Measure Classic Solution: Constant Time Algorithm Goal: Unlink Sequence of Operations to Secret Key Solution: Same Sequence for all secret key Drawback: Average Case=Worst Case A second Solution: Stop parenthesing Phase Goal: Stop Attacker to be able to regroup operations Solution: Use Sequence of Equivalent Operations Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 10 / 31

  18. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  19. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Rewriting Modular Squaring (S) : a ← a 2 Modular Multiplication (SS): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  20. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Rewriting Modular Squaring (S) : a ← a 2 Modular Multiplication (SS): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS Drawback Cost of two S greater than M Only for ( Z / N Z ) Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  21. Brun Algorithm Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 12 / 31

  22. Exponentiation based on Euclid Algorithm Exponentiation k a ← g , b ← g 2 2 k k 2 , v ← e − u 2 v u ← e mod 2 2 , e = u + 2 k 2 while v � = 0 do if u > v then u ← u − v b ← b × a else v ← v − u a ← a × b a ← a u Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 13 / 31

  23. Correctness Invariant a u b v = g e Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  24. Correctness Invariant a u b v = g e Initialisation k 2 ) v ) = g u + v 2 k 2 = g e a u b v = g u ( g 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  25. Correctness Invariant a u b v = g e Initialisation k 2 ) v ) = g u + v 2 k 2 = g e a u b v = g u ( g 2 In the loop a u − v ( ab ) v = a u b v ( ab ) u b v − u = a u b v Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  26. Example: g 3165 u v a b If u > v ? Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  27. Example: g 3165 u v a b If u > v ? g 1 g 64 29 49 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  28. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  29. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 29 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  30. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  31. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 9 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  32. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  33. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 9 11 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  34. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 g 194+129 g 129 9 11 F 9 11 − 9 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  35. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 g 194+129 g 129 9 11 F 9 11 − 9 g 323 g 129 9 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

Recommend

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2) CCISR, SCIT, University of Wollongong,

708 views • 43 slides
Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

0 12 1 Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and Remainder, GCD, Euclid s algorithm, L(a,b) { au + bv | u,v Z } = { n gcd(a,b) | n Z } Primes, Fundamental Theorem of

272 views • 14 slides
a (mod m ) b is congruent to modulo a m b mod mod a m b m

a (mod m ) b is congruent to modulo a m b mod mod a m b m

Number Theory and its Applications Modular Exponentiation Euclidean Algorithm for GCD Solving Linear Congruences Chinese Remainder Theorem and Application to Arithmetic with large numbers Covered in Sections 3.6 and 3.7 Based

489 views • 19 slides
R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J

R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J

The High Power Targetry R&amp;D Roadmap for High Energy Physics Workshop @Fermilab, USA 31st May, 2017 R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J PARC Center, High Energy Accelerator Research

625 views • 23 slides
THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e , and n , the following algorithm quickly computes the reduced power a e % n . ( Initialize ) Set ( x, y, f ) = (1 , a, e ). ( Loop ) While f &gt;

175 views • 5 slides
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe NEGRE ( 1 ) , Thomas PLANTARD ( 2 ) and Jean-Marc ROBERT ( 1 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, (University of

1.25k views • 69 slides
Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis Christophe Negre ici joined work with T. Plantard (U. of Wollongong, Australia) Journees Nationales GDR IM January 19-th, 2016 1 / 39 Outline Regular

1.15k views • 90 slides
CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with a simple algorithm: ans = 1 i = y while i &gt; 0: ans = ans * x i-- Runtime? 2 Just like with multiplication, let's consider large

698 views • 22 slides
Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC

Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC

Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC Laboratory, Image Team CNRS UMR 6072 ENSICAEN 6th IAPR -TC-15 Workshop on Graph-based Representations in Pattern Recognition J.H. PRUVOT, L.BRUN

656 views • 51 slides
ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In collaboration with Marco S. Bianchi arXiv:1403.3398 N=4 SYM Exponentiation Consider color ordered MHV 4p amplitude in We define the ratio

415 views • 29 slides
Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of

Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of

Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of Field Multiplier Operands Poulami Das, Debapriya Basu Roy and, Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur 29 / 09 / 2017 Debapriya

1k views • 74 slides
MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight Modular exponentiation Euclid's algorithm (if there is time) extended Euclid's algorithm 1 Quick look at review topics in textbook REVIEW

314 views • 10 slides
Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1 Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and

215 views • 19 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that

Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that

Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that showing it outputs the correct answer. I Under what circumstances would this algorithm be preferred over the QR-based algorithm? The Eigenvector

905 views • 18 slides
Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao Paulo da Silva , Ricardo Dahab, Julio L opez Institute of Computing University of Campinas Latin American Week on Coding and Information

558 views • 32 slides
Upscaling and discretization of coupled geomechanics, flow and heat. Mats K. Brun Advisor:

Upscaling and discretization of coupled geomechanics, flow and heat. Mats K. Brun Advisor:

Upscaling and discretization of coupled geomechanics, flow and heat. Mats K. Brun Advisor: Florin Radu Co-advisors: Inga Berre and J. M. Nordbotten Department of mathematics University of Bergen May 22, 2017 E-mail: mats.brun@uib.no Mats

254 views • 10 slides
Wear resistant ceramic and composite materials based on zirconia nanopowders for engineering and

Wear resistant ceramic and composite materials based on zirconia nanopowders for engineering and

Wear resistant ceramic and composite materials based on zirconia nanopowders for engineering and medicine Prof. Konstantinova Tetyana Head of Material Science Department Donetsk Institute for Physics and Engineering named after O.O. Galkin of

227 views • 20 slides
Software Architecture III Leveraging Nature to Build Better Systems Yuriy Brun

Software Architecture III Leveraging Nature to Build Better Systems Yuriy Brun

Software Architecture III Leveraging Nature to Build Better Systems Yuriy Brun http://www.cs.washington.edu/homes/brun/ Why Nature? Nature Computes Tiles Tile Software Conclusions Outline 1 Why Nature? 2 Using Nature to Compute 3 Tiles 4

983 views • 97 slides
CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis and Jack Spalding-Jamieson 2020/01/23 University of British Columbia Announcements Again, assignment 1 is due this Saturday!!!!!!!!

490 views • 31 slides
Cluster-based Segmentation Algorithm Why Shift What is Mean Idea K-means++ based Algorithm

Cluster-based Segmentation Algorithm Why Shift What is Mean Idea K-means++ based Algorithm

Cluster- Mean Shift http://vision.ouc.edu.cn/~zhenghaiyong CVBIOUC WangRuchen Cluster-based Segmentation Algorithm Why Shift What is Mean Idea K-means++ based Algorithm Idea K-means with Clustering

532 views • 36 slides
An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant

An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant

An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant Typical applications Healthcare Education Back-of-house High traffic areas Manufacturing and industrial areas General

536 views • 43 slides
Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison David

Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison David

Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison David Malone and Josh Tobin. 2008-12-11 1 Hash Table Lookup scheme to avoid cost of searching full list. carrot zuchinni . . . . . . apricot apple

406 views • 16 slides
An alternating variable metric inexact linesearch based algorithm for nonconvex nonsmooth

An alternating variable metric inexact linesearch based algorithm for nonconvex nonsmooth

Motivation The proposed algorithm Convergence of the algorithm Numerical experience An alternating variable metric inexact linesearch based algorithm for nonconvex nonsmooth optimization Simone Rebegoldi (Joint work with Silvia Bonettini and

543 views • 28 slides

More recommend