efficient implementations of mqpks
play

Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico - PowerPoint PPT Presentation

Oct 22, 2023 •542 likes •958 views

Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum |

  1. Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum | Embedded Security 1

  2. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Motivation  Quantum computers can solve Discrete Logarithm problem and Factorization problem  Alternatives must be found  MQ based cryptography is one solution  Many MQ schemes were partially or fully broken in the past  Few implementations exist of the remaining schemes  Fair comparison of schemes was only possible theoretically Ruhr-University Bochum | Embedded Security 2

  3. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Goals  Implement • all currently secure schemes • with the same security level • configurable code • including all currently known optimizations  Show that MQ schemes are a good alternative to current schemes? Ruhr-University Bochum | Embedded Security 3

  4. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Signature Schemes - Basics  sign() maps the message to signature with the secret key  verify() maps the signature to message with the public key  If the verification result is not the original message, the signature is invalid  sign and verify are inverses of each other  verify(sign(message)) = message Ruhr-University Bochum | Embedded Security 4

  5. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Signature Schemes - Basics  Four maps exist in a general MQ scheme: P , S , F , and T  P is the composition of S , F , and T and is the public key, P = T ○ F ○ S  S , F , and T are the secret key Inversion ¡of ¡ P ¡is ¡hard ¡because ¡ P ¡is ¡a ¡large ¡MQ ¡system ¡ verify sign Ruhr-University Bochum | Embedded Security 5

  6. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 6

  7. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Linear Maps  Maps or transformations can also be seen as functions  There exist two types of maps in MQ schemes: linear and MQ maps  Linear maps mix variables and therefore “hide” existing structure Ruhr-University Bochum | Embedded Security 7

  8. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Linear Maps  S and T can be inverted by matrix inversion  Matrix inversion can be done by Gaussian elimination algorithm for each column of identity matrix  Inversion of a linear map is matrix vector multiplication with the inverse T -1 Ruhr-University Bochum | Embedded Security 8

  9. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 9

  10. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae MQ Maps  F and P are MQ maps  P has no special structure and is large, therefore hard to invert 3 x 1 x 1 + 8 x 1 x 2 + 5x 1 x 3 + 8 x 2 x 2 + 6x 2 x 3 + 2x 3 x 3 = m 1 1 x 1 x 1 + 7 x 1 x 2 + 9x 1 x 3 + 3 x 2 x 2 + 7x 2 x 3 + 2x 3 x 3 = m 2  A special structure in F is necessary to allow easy inversion  This special structure is hidden by S and T Ruhr-University Bochum | Embedded Security 10

  11. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - UOV  Two variable groups: Oil & Vinegar  Fix vinegar variables to make system linear  A quadratic linear equation system remains after fixing  Apply Gaussian elimination to get a solution for the oil variables Ruhr-University Bochum | Embedded Security 11

  12. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 12

  13. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - Rainbow  Two or more layers (like a Rainbow)  Solve first layer as normal UOV instance  In next layer fix vinegar variables not randomly but with solution from previous layer  Solve layer again with Gaussian elimination Rainbow(3,2,4) : x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 Ruhr-University Bochum | Embedded Security 13

  14. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 14

  15. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS Ruhr-University Bochum | Embedded Security 15

  16. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps – enTTS Ruhr-University Bochum | Embedded Security 16

  17. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 1: • Fix x 1 to x 7 randomly • Multiply with coefficients to get a LES • Solve with Gaussian elimination enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 17

  18. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 2: • Can be solved directly enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 18

  19. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Inverting Central Maps - enTTS  enTTS Layer 3: • Fix x 0 randomly • Multiply already known values with coefficients to get a LES • Solve LES enTTS(20,28) : x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18 x 19 x 20 x 21 x 22 x 23 x 24 x 25 x 26 x 27 Ruhr-University Bochum | Embedded Security 19

  20. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Schemes UOV Rainbow enTTS Invert T Invert T Invert F Invert F Invert F Invert S Invert S Invert S Ruhr-University Bochum | Embedded Security 20

  21. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - Reduced Polynomials  Leaving out linear and constant terms in polynomials saves time and space  Can be applied to UOV and Rainbow  In the linear transformations the constant parts are also left out Ruhr-University Bochum | Embedded Security 21

  22. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - Self Invertible Linear Maps  In case of UOV and Rainbow S can be chosen of the form:  S is self invertible S -1 = S ,so no inversion is necessary.  Multiplications in UOV signature generation are reduced from n·n to o·v  Private key is smaller Ruhr-University Bochum | Embedded Security 22

  23. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Optimizations - 0/1 UOV  0/1 UOV is an optimization for UOV  Petzold, Thomae, Wolf et. al showed that large parts of the public key can be chosen randomly fixed  This part can be treated as a system parameter and is not part of the public key anymore  Faster verification is possible because the arithmetic in GF(2) is easier: 1= copy or 0 = not • An additional check is necessary if an element is from GF(2) or GF(2 8 )  Key generation: First choose P and then calculate F Ruhr-University Bochum | Embedded Security 23

  24. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Implementation - Central Map Memory Mapping  Keys are saved without zeros  Serial read out using pointer++ Ruhr-University Bochum | Embedded Security 24

  25. Efficient Implementations of MQPKS on Constrained Devices Peter Czypek,Stefan Heyse, Enrico Thomae Implementation – Exponential Representation  GF(2 8 ) arithmetic with table look up  Multiplication is addition in exponent mod (2 m -1) mul(a,b) = exp(log(a)+log(b) mod (2 m -1)) 3 pgm_read()  Saving memory access by keeping temporary results in exponential representation when next operation is a multiplication mul( mul(a,b) , c ) = exp( log[ exp(log(a)+log(b) mod (2 m -1)) ]+log[c] mod (2 m -1)) 6 pgm_read() mul( mul(a,b) , c ) = exp( (log(a)+log(b) mod (2 m -1)) +log[c] mod (2 m -1)) 4 pgm_read()  Keys are saved in exponential representation, too. Ruhr-University Bochum | Embedded Security 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of

The 7th International Symposium on Data Assimilation (ISDA2019) Efficient Implementations of Ensemble Based Methods In Sequential Data Assimilation: Accounting for Localization Elias D. Ni no-Ruiz Applied Math and Computer Science Laboratory

642 views • 50 slides
Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop,

Technische Universitt Mnchen Binary Rewriting at Runtime for Efficient Dynamic Domain Map Implementations 3 rd CHIUW Workshop, Chicago, May 27, 2016 Josef Weidendorfer, Jens Breitbart Chair for Computer Architecture Department of

258 views • 8 slides
Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center

Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center

SESSION ID: SESSION ID: CRYP-R02 Efficient FPGA Implementations of LowMC and Picnic Roman Walch PhD Student IAIK / Know-Center GmbH, Graz University of Technology @rw0x0 Joint work with: Daniel Kales, Sebastian Ramacher, Christian

499 views • 26 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

1 / 20 Conclusion FSE 2014 LS-Designs G. Leurent (UCL,Inria) Motivation LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security Analysis LS-Designs . . . . . . . . . . . . . . . . . . Vincent

638 views • 27 slides
Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F.

Introduction Multiple Sequence Alignment Distributed Memory Shared Memory Computational Results Conclusions and Future Work Efficient Parallel Implementations of Multiple Sequence Alignment Using BSP/CGM Model Jucele F. A. Vasconcellos,

459 views • 21 slides
Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou

Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC Karim Bigou and Arnaud Tisserand CNRS, IRISA, INRIA Centre Rennes - Bretagne Atlantique and Univ. Rennes 1 CHES 2015, Sept. 13 16 Karim Bigou and Arnaud

1.13k views • 30 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing,

Efficient Algorithms in Software Julio Lpez jlopez@ic.unicamp.br Institute of Computing, University of Campinas September 2017, Habana, Cuba. ASCrypto 2017 Agenda 1 Efficient Software Implementations Software Efficiency Parallel

1.68k views • 124 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array Vector Linked Chain 2 Stack ADT #ifndef STACK_H_ #define STACK_H_ template<<typename ItemType> class

1.19k views • 71 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic

461 views • 29 slides
Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Part I: How to make software secure Something with implementations 2 Timing Attacks General idea of those attacks Secret

1.47k views • 65 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Speaking Notes | Budget Presentation to Board of Trustees June 18, 2019 The following notes were

Speaking Notes | Budget Presentation to Board of Trustees June 18, 2019 The following notes were

Speaking Notes | Budget Presentation to Board of Trustees June 18, 2019 The following notes were used by Chief Superintendent of Schools Christopher Usih to introduce the 2019-20 budget report to the Board of Trustees on June 18, 2019. Chair

73 views • 5 slides
University Delegates Meeting Runion des dlgus universitaires May 2, 2019 / Le 2 mai 2019

University Delegates Meeting Runion des dlgus universitaires May 2, 2019 / Le 2 mai 2019

This session will start momentarily. Cette session commencera sous peu . University Delegates Meeting Runion des dlgus universitaires May 2, 2019 / Le 2 mai 2019 Please ensure that you are connected to the Audio Broadcast mode by going

541 views • 17 slides
Health Canada First Nations & Inuit Health Branch British Columbia Region Youth Suicide

Health Canada First Nations & Inuit Health Branch British Columbia Region Youth Suicide

Health Canada First Nations & Inuit Health Branch British Columbia Region Youth Suicide Prevention & Response to Mental Health Emergencies Dr. Naomi Dove MD MPH FRCPC Health Promotion Directorate Dr. Shannon Waters MD MHSc FRCPC

131 views • 11 slides
Q1 2020 FINANCIAL RESULTS APRIL 28, 2020 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT

Q1 2020 FINANCIAL RESULTS APRIL 28, 2020 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT

A DIVERSIFIED TECHNOLOGY COMPANY Q1 2020 FINANCIAL RESULTS APRIL 28, 2020 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT The information provided in this presentation contains forward-looking statements within the meaning of the federal

474 views • 28 slides
Chapter 4: Culvert Hydraulics Jam Aleem Nawaz Amanda Yancoskie Table of Contents

Chapter 4: Culvert Hydraulics Jam Aleem Nawaz Amanda Yancoskie Table of Contents

Chapter 4: Culvert Hydraulics Jam Aleem Nawaz Amanda Yancoskie Table of Contents Introduction Types Inlet Control Outlet Control Tutorial Example Problem Statement Questions 4.5 Tutorial Example Problem Statement

824 views • 26 slides
On the Effectiveness of Joint Inversion Jodi Mead James Ford Department of Mathematics

On the Effectiveness of Joint Inversion Jodi Mead James Ford Department of Mathematics

On the Effectiveness of Joint Inversion Jodi Mead James Ford Department of Mathematics Clearwater Analytics Diego Domenzain John Bradford Department of Geosciences Department of Geophysics Colorado School of Mines Thanks to: NSF

504 views • 37 slides
ELLIPTIC CURVES By Jessica and Sushi WHAT ARE ELLIPTIC CURVES?! ADDING POINTS! Adding points

ELLIPTIC CURVES By Jessica and Sushi WHAT ARE ELLIPTIC CURVES?! ADDING POINTS! Adding points

ELLIPTIC CURVES By Jessica and Sushi WHAT ARE ELLIPTIC CURVES?! ADDING POINTS! Adding points is not the same addition as 1+1=2. The addition of points is the production of a third point using two already known points Properties of

503 views • 22 slides
Will the US Really Regulate to Stop Inversions? squirepattonboggs.com What is a Corporate

Will the US Really Regulate to Stop Inversions? squirepattonboggs.com What is a Corporate

Will the US Really Regulate to Stop Inversions? squirepattonboggs.com What is a Corporate Inversion? In a corporate inversion, a US company acquires a non-US company and, while so doing, relocates its parent company to a non-US

97 views • 5 slides

More recommend