a timing attack on hyperelliptic curve cryptosystems
play

A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 - PowerPoint PPT Presentation

Jul 28, 2023 •173 likes •229 views

A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 rump session on Dec. 2 nd , 2003 M.Katagi, I.Kitamura, T.Akishita, and T. Takagi(*) Sony Corporation (*)Technische Universitaet Darmstadt Introduction Optimization of

  1. A Timing Attack on Hyperelliptic Curve Cryptosystems Asiacrypt 2003 rump session on Dec. 2 nd , 2003 M.Katagi, I.Kitamura, T.Akishita, and T. Takagi(*) Sony Corporation (*)Technische Universitaet Darmstadt

  2. Introduction � Optimization of addition algorithm for HECC � Active area ! � Harley Algorithm (Explicit Formulae) � Side Channel Attacks (SCA) for HECC � Important, but not enough studied...

  3. Experimental Results � Timings of scalar multiplication � Detect the timing difference on PC! � Intel Xeon Processor 2.80GHz � Linux 2.4 (RedHat) � gcc3.3 and NTL5.3 with GMP4.0 Timing Addition Formulae Harley 15.12ms Harley with one exceptional procedure 15.08ms � Success to reveal 160bit key � about 10 hours on our environment

  4. Timing Attack : Guessing 1bit (genus two) Addition Chain of dD, d=(101............) Input: randomly chosen divisor D DBL ADD D 2D 3D weight 2 5D 4D DBL ADD Addition Chain of dD, d=(101............) with One Exceptional Procedure Input: D = 4 -1 mod (#J c )D 0 , D 0 : weight 1 divisor, #J c : order of Jacobian DBL ADD D 2D 3D fast ! weight 1 5D 4D Ex DBL Ex ADD

  5. Summary � We demonstrated that scalar multiplication of HECC was vulnerable to chosen ciphertext attack � Exceptional procedure using low weight divisors � Easily attacked on regular PC � We should investigate the security of HECC � This attack has not appeared in the standard ECC. � Cryptology ePrint Archive � http://eprint.iacr.org/2003/203 /

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis Christophe Negre ici joined work with T. Plantard (U. of Wollongong, Australia) Journees Nationales GDR IM January 19-th, 2016 1 / 39 Outline Regular

1.15k views • 90 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve Cryptography Nicolas Thriault ntheriau@fields.utoronto.ca Fields Institute Discrete Logarithms Suppose that G = a , an additive group of order

230 views • 21 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault nicolast@exp-math.uni-essen.de University of Toronto / IEM Universitt DuisburgEssen Slide index Discrete Log Problem Large primes Hyperelliptic

927 views • 67 slides
A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with

A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with

A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with Simona Samardjiska, Paolo Santini and Edoardo Persichetti Latincrypt 2019 October 3rd, 2019 A Reaction Attack against Cryptosystems based on LRPC

590 views • 33 slides
Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS IRISA Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS Lab-STICC Introduction 1 HTMM

591 views • 40 slides
Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China) KU Leuven ESAT/COSIC (Belgium) frederik.vercauteren@gmail.com 23 August 2016 Frederik Vercauteren Elliptic Curve Isogeny Based Cryptosystems 23

839 views • 52 slides
Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics, University of Auckland PQCrypto 2017, 26th of June 1/15 Outline 1 Preliminaries Introduction Supersingular isogenies SSI cryptosystems 2 Fault attack

378 views • 33 slides
Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs marc.joye@thomson.net CryptoPuces 2009 Porquerolles, June 26, 2009 Outline Elliptic Curve Cryptography Inducing Faults Fault Attacks Countermeasures

363 views • 24 slides
Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011 Hyperelliptic curve 2 g + 1 C : y 2 = ( x a i ) i = 1 Riemann surface with two sheets. a i = branch points. color = argument of y

733 views • 28 slides
The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the communication - all cryptosystems we discussed so far - also called: symmetric-key cryptosystems Public-key cryptosystems (Chapter 6) : - what to do if

281 views • 4 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s Many important and storied examples. See: http://users.telenet.be/d.rijmenants/ Jim Royer Well talk about just one in detail: the one-time pad .

250 views • 6 slides
A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation

A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation

A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM Qian Guo, Thomas Johansson, Alexander Nilsson August 10, 2020 Preliminaries Implementing Crypto Is Hard

994 views • 80 slides
Singular curve point decompression attack Peter Gnther joint work with Johannes Blmer

Singular curve point decompression attack Peter Gnther joint work with Johannes Blmer

Singular curve point decompression attack Peter Gnther joint work with Johannes Blmer University of Paderborn FDTC 2015, September 13th, Saint Malo Peter Gnther (UPB) Decompression Attack FDTC 2015 1 / 18 Elliptic curves Example: E (

378 views • 37 slides
A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for

A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for

A Cache Timing Analysis of HC-256 Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk SAC 2008, Aug. 14, 2008 Erik Zenner (DTU-MAT) A Cache Timing Analysis of HC-256 SAC 2008, Aug. 14, 2008 1 / 25

293 views • 25 slides
Live Streaming Board Meetings September 26, 2019 Donna Felezzola, School Business Administrator

Live Streaming Board Meetings September 26, 2019 Donna Felezzola, School Business Administrator

Live Streaming Board Meetings September 26, 2019 Donna Felezzola, School Business Administrator 2 The Process Allows the public to watch the board meetings in real time, or at another time (post meeting) that is more convenient The

347 views • 8 slides
Annual General Meeting CEO Presentation Fredrik Tumegrd May 9, 2017 1 | Annual General

Annual General Meeting CEO Presentation Fredrik Tumegrd May 9, 2017 1 | Annual General

Annual General Meeting CEO Presentation Fredrik Tumegrd May 9, 2017 1 | Annual General Meeting CEO Presentation | Net Insight Market transformation TV 1.0 TV 2.0 TV 3.0 BRINGING PEOPLE TOGETHER 2 | Annual General Meeting CEO

212 views • 20 slides
Introduction to Talent Analytics and Interim View 01 Overview Erich OSaben Talent Analytics

Introduction to Talent Analytics and Interim View 01 Overview Erich OSaben Talent Analytics

NGA.NET Talent Analytics Introduction to Talent Analytics and Interim View 01 Overview Erich OSaben Talent Analytics Consultant The Importance of Talent Analytics Why are Analytics Important? Support organizational

605 views • 12 slides
Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre

Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre

Fisc Fiscal al 2015 2015 Th Third ird Quarter Quarter Ea Earning rnings Call Call Pre Presen sentation tation | Fiscal 2015 Third Quarter Earnings Call Presentation | 1 harris.com Forward Forward-looking looking statemen

298 views • 10 slides
Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure

Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure

Meltdown Overview of a security vulnerability Stefano Ottolenghi @ Binary Analysis and Secure Coding Universit degli Studi di Genova December 3rd, 2018 Overview Meltdown breaks memory isolation and allows a process to read the entire

335 views • 18 slides
Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

329 views • 16 slides
Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran

Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran

Fullbacks Fullbacks Tactical and Positional analysis Tactical and Positional analysis Kieran Smith Kieran Smith UEFA A Licence Coach UEFA A Licence Coach The attacking fullback is seen by many as the most important position in the modern

369 views • 19 slides

More recommend