towards one cycle per bit asymmetric encryption code
play

Towards One Cycle per Bit Asymmetric Encryption: Code-Based - PowerPoint PPT Presentation

Apr 08, 2023 •362 likes •590 views

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Gneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim

  1. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu CHES 2012 – Leuven, Belgium 11.09.2012 Ruhr-University Bochum | Embedded Security 1

  2. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 2

  3. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Introduction  We need alternatives to classical schemes for larger diversification and to resist (possible?) quantum computer attacks  Nearly all alternative PKCS are hindered by large keys  Already shown that they can be fast  How fast can we get?  Is McEliece or Niederreiter faster (in standard scenario)? Ruhr-University Bochum | Embedded Security 3

  4. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 4

  5. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Goppa Codes  Subgroup of error correcting code  Belongs to the huge family of alternant codes  Can be described by Goppa polynomial g(z) of degree s and a list of field elements called support L . Ruhr-University Bochum | Embedded Security 5

  6. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Parity check matrix of Goppa Codes  By evaluation g(z) in the elements of the support L we can construct the parity check matrix H as Ruhr-University Bochum | Embedded Security 6

  7. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Generator matrix of Goppa Codes  Bringing H to systematic form H=(Q|ID) (by Gauss) we can derive the generator matrix G as G=(ID|-Q T )  G*H T = 0  m*G=c is code word of the goppa code  m*G+e = c+e is code word with errors ( up to t errors can be corrected)  For binary Goppa codes t=s=degree of g(z), else t=floor(s/2)  c*H T =syn(z) called syndrome , because it only depends on the error e  If syn(z) ≠ 0 decoding algorithm (Patterson,Berlekamp-Massey,...) gives you corrected codeword and the error. Ruhr-University Bochum | Embedded Security 7

  8. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 8

  9. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter I  Classical McEliece  Modern McEliece • Public key G’=S*G*P • Public key G’ in systematic form • Secret key (corresponding parity check matrix H defined • Secret key (corresponding by Goppa polynomial g(z) and parity check matrix H defined support L ) by Goppa polynomial g(z) and DO NOT USE MCELIECE THIS WAY. permuted support P*L ) • Encryption • Encryption YOU NEED a CCA2 SECURE CONVERSION! • c=m*G’+e • c=m*G’+e • Decryption • Decryption • c’=c*P -1 • Decode directly c to m • Decode c’ to m’ • S can be omitted • m=m’*S -1 • P merged into decoding algorithm Ruhr-University Bochum | Embedded Security 9

  10. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter II  Classical Niederreiter  Modern Niederreiter • Public key H’=M*H*P • Public key H’=M*H in systematic form • Secret key (Goppa polynomial g(z) and support L ) • Secret key (Goppa polynomial g(z) and permuted support L ) • Encryption • Encryption • Convert m into e YOU CAN USE NIEDERREITER LIKE THIS. • Convert m into e • c=H’*e • c=H’*e • Decryption • Decryption • c’=M -1 *c • c’=M -1 *c • Decode c’ to e’ • Decode c’ directly to e • e=P -1 *e’ • Convert e to m • Convert e to m Ruhr-University Bochum | Embedded Security 10

  11. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Security parameters Public key is a (n-k)*k bit matrix (only non-identity part) Ruhr-University Bochum | Embedded Security 11

  12. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter: existing work  McEliece (using binary Goppa codes) • PC (HyMES ‘08) : 140 cycles/bit enc 2714 cycles/bit dec • µ C (CHES’09) : 7200 cycles/bit enc 11300 cycles/bit dec • FPGA (ASAP’09) : 160 cycles/bit enc 446 cycles/bit dec  Niederreiter • PC : (there is one-> seg fault) • µ C (PQCrypto‘11 ) : 267 cycles/bit enc 30000 cycles/bit dec • FPGA : (only for signature scheme: 0.86s/sig) Ruhr-University Bochum | Embedded Security 12

  13. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 13

  14. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Niederreiter encryption  c=H’*e is just a XOR of t=27 out of 2048 rows of H’  Hard part is “computational expensive” mapping of m to e  Error e is so called constant weight word of length n=2048 and hamming weight t=27 Ruhr-University Bochum | Embedded Security 14

  15. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Hardware architecture for encryption Ruhr-University Bochum | Embedded Security 15

  16. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Niederreiter decryption  Far more complex than encryption  Multiplication with M -1 also just binary XOR of ~(n-k)/2 rows  Uses Patterson algorithm for Goppa decoding  Involved root searching is done with parallel Chien search in 3*2 m clock cycles Ruhr-University Bochum | Embedded Security 16

  17. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Hardware architecture for decryption Ruhr-University Bochum | Embedded Security 17

  18. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 18

  19. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Results Ruhr-University Bochum | Embedded Security 19

  20. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Results  Encryption of 192 bits in ~200 clock cycles means ~1 cycle/bit  800 times faster than McEliece  4000 times faster than ECC  Forget RSA  Typical scenario would require a 774 GByte/sec interface for public keys  Decryption in 14,500 clock cycles means ~75 cycles/bit  140 times faster than McEliece  30 times faster than ECC Ruhr-University Bochum | Embedded Security 20

  21. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Future work  General alternant decoding (smaller and faster, despite we a working with twice as large polynomials?)  Quasi dyadic (Goppa/Srivastava) codes in hardware  Non typical scenario of encryption huge amounts of data with PKS (Niederreiter vs. McEliece) Ruhr-University Bochum | Embedded Security 21

  22. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu CHES 2012 – Leuven, Belgium 11.09.2012 Thank ¡you ¡for ¡your ¡a,en.on! ¡ Any ¡Ques.ons? ¡ Ruhr-University Bochum | Embedded Security 22

Recommend

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1 Setting: End-to-end encrypted messaging Hello From: Alice To: Bob

1k views • 75 slides
Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

I5020 Computer Security Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

740 views • 53 slides
The Internet: Encryption & Public Keys (6:39, start at 2:12)

The Internet: Encryption & Public Keys (6:39, start at 2:12)

Encryption Sit in teams of 4 students from your lab. At least one person on your team needs to set up an account on code.org http://code.org Click "Sign in" to create your own account and join our class using the code KLCXNY Review the

221 views • 6 slides
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall Symmetric Cryptography Before

1.93k views • 145 slides
Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption Algorithms Symmetric Algorithms: DES and AES Asymmetric Algorithm: RSA Pretty Good Privacy (PGP) Chapter 5 Symmetric vs. Asymmetric

363 views • 8 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. Mihir Bellare UCSD 2

917 views • 59 slides
Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha) Boldyreva S R Public-key encryption 1 2 Public-key (asymmetric) setting Asymmetric encryption schemes A scheme AE is specified a key generation

280 views • 4 slides
Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A

Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A

Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. Mihir Bellare UCSD 1 Mihir Bellare UCSD 2

363 views • 24 slides
Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers /timings.html Standard construction: encrypt with stream cipher; authenticate the ciphertext by appending encrypted hash. How to hash the ciphertext?

323 views • 4 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9

A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9

A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9 Percentile Retention DRAM with a 99.9 Percentile Retention Time of 110sec Ki Chul Chun Pulkit Jain Ki Chul Chun, Pulkit Jain, Tae-Ho Kim, and Chris H.

244 views • 21 slides
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE, ECDHE 2. Symmetric encryption 2

956 views • 28 slides
Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012

Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012

Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012 Contents The Setup History: The Zimmerman Telegram The Conceit Where to conceal the backdoor Asymmetric vs. Symmetric RSA

711 views • 46 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
HQC: H amming Q uasi- C yclic An IND-CCA2 Code-based Public Key Encryption Scheme August the 24 th

HQC: H amming Q uasi- C yclic An IND-CCA2 Code-based Public Key Encryption Scheme August the 24 th

HQC: H amming Q uasi- C yclic An IND-CCA2 Code-based Public Key Encryption Scheme August the 24 th , 2019 NIST 2 nd PQC Standardization Conference Santa-Barbara https://pqc-hqc.org C. Aguilar Melchor ISAE-Supa ero, University of Toulouse N.

188 views • 15 slides
CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Symmetric Encryption Block Ciphers DES (dont use it), 3-DES, AES Mode of operation: ECB (dont use it), CBC,

563 views • 24 slides
FAST (Harder Better) FAster STronger Cryptography 2020/02/19 Bordeaux Damien Robert

FAST (Harder Better) FAster STronger Cryptography 2020/02/19 Bordeaux Damien Robert

FAST (Harder Better) FAster STronger Cryptography 2020/02/19 Bordeaux Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Goal Cryptology: Encryption; Authenticity; Integrity. asymmetric encryption, signatures, zero-knowledge

225 views • 20 slides
FAST (Harder Better) FAster STronger Cryptography 2018/09/18 LIRIMA Meeting, Paris, France

FAST (Harder Better) FAster STronger Cryptography 2018/09/18 LIRIMA Meeting, Paris, France

FAST (Harder Better) FAster STronger Cryptography 2018/09/18 LIRIMA Meeting, Paris, France Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Goal Cryptology: Encryption; Authenticity; Integrity. asymmetric encryption, signatures,

683 views • 31 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides

More recommend