enhanced digital signature using splitted exponent digit
play

Enhanced Digital Signature using Splitted Exponent Digit - PowerPoint PPT Presentation

Oct 07, 2023 •207 likes •763 views

Enhanced Digital Signature using Splitted Exponent Digit Representation Christophe Ngre ( 1 ) , Thomas Plantard ( 2 ) , Jean-Marc Robert ( 1 , 3 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, University of Wollongong,

  1. Enhanced Digital Signature using Splitted Exponent Digit Representation Christophe Nègre ( 1 ) , Thomas Plantard ( 2 ) , Jean-Marc Robert ( 1 , 3 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, University of Wollongong, Australia 3: IMATH, Université de Toulon le 18 avril 2019 WRACH 2019, Roscoff, France C. Nègre, Th. Plantard, J.-M. Robert 1 / 26

  2. Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 2 / 26

  3. State of The Art Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 3 / 26

  4. State of The Art State of the Art for Modular Exponentiation Square-and-Multiply Left-to-Right Square-and-Multiply Modular Exponentiation Require: k = ( k t − 1 , . . . , k 0 ) , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p X ← 1 for i from t − 1 downto 0 do X ← X 2 mod p if k i = 1 then X ← X · g mod p end if end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 4 / 26

  5. State of The Art State of the Art for Modular Exponentiation Square-and-Multiply Left-to-Right Square-and-Multiply Modular Exponentiation Require: k = ( k t − 1 , . . . , k 0 ) , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p X ← 1 for i from t − 1 downto 0 do X ← X 2 mod p if k i = 1 then X ← X · g mod p end if end for return ( X ) No storage, t − 1 squarings, ≈ t 2 multiplications. ⇒ One takes no advantage of the reuse of the exponent (i.e. when one needs to compute a lot of signature with the same public key) C. Nègre, Th. Plantard, J.-M. Robert 4 / 26

  6. State of The Art State of the Art for Modular Exponentiation Radix- R Radix- R Exponentiation Method (Gordon, 1998) Require: k = ( k ℓ − 1 , . . . , k 0 ) R , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p Precomputation. Store G i , j ← g j · R i , with j ∈ [ 1 , ..., R − 1 ] and 0 ≤ i < ℓ . X ← 1 for i from ℓ − 1 downto 0 do X ← X · G i , k i mod p end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 5 / 26

  7. State of The Art State of the Art for Modular Exponentiation Radix- R Radix- R Exponentiation Method (Gordon, 1998) Require: k = ( k ℓ − 1 , . . . , k 0 ) R , the DSA modulus p , g a generator of Z / p Z of order q . Ensure: X = g k mod p Precomputation. Store G i , j ← g j · R i , with j ∈ [ 1 , ..., R − 1 ] and 0 ≤ i < ℓ . X ← 1 for i from ℓ − 1 downto 0 do X ← X · G i , k i mod p end for return ( X ) With w ← log 2 ( R ) → Storage of ⌈ t / w ⌉ · ( R − 1 ) values ∈ F p , no squarings, ℓ = ⌈ t / w ⌉ multiplications. C. Nègre, Th. Plantard, J.-M. Robert 5 / 26

  8. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method In this method, the exponent k is written in w rows, and the colums are processed one at a time. Thus, d = ⌈ t / w ⌉ is the column size. k = K w − 1 � . . . � K 1 � K 0 Each K j is a bit string of length d . Let K j i denote the i th bit of K j . One sets: g [ K w − 1 i ] = g K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  9. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method i ] = g K w − 1 One sets: g [ K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i Fixed-base Comb Method (Lim & Lee, Crypto ’94) Require: k = ( k t − 1 , . . . , k 1 , k 0 ) 2 , the DSA modulus p , g a generator of Z / p Z of order q , window width w , d = ⌈ t / w ⌉ . Ensure: X = g k mod p Precomputation. Compute and store g [ a w − 1 ,..., a 0 ] mod p , ∀ ( a w − 1 , . . . , a 0 ) ∈ Z w 2 . X ← 1 for i from d − 1 downto 0 do X ← X 2 mod p X ← X · g [ K w − 1 ,..., K 1 i , K 0 i ] mod p i end for return ( X ) C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  10. State of The Art State of the Art for Modular Exponentiation Fixed-base Comb Method i ] = g K w − 1 One sets: g [ K w − 1 ,..., K 1 i , K 0 2 ( w − 1 ) d + ... + K 2 i 2 2 d + K 1 i 2 d + K 0 i i i Fixed-base Comb Method (Lim & Lee, Crypto ’94) Require: k = ( k t − 1 , . . . , k 1 , k 0 ) 2 , the DSA modulus p , g a generator of Z / p Z of order q , window width w , d = ⌈ t / w ⌉ . Ensure: X = g k mod p Precomputation. Compute and store g [ a w − 1 ,..., a 0 ] mod p , ∀ ( a w − 1 , . . . , a 0 ) ∈ Z w 2 . X ← 1 for i from d − 1 downto 0 do X ← X 2 mod p X ← X · g [ K w − 1 ,..., K 1 i , K 0 i ] mod p i end for return ( X ) Storage of 2 w − 1 values ∈ F p , With d ← ⌈ t / w ⌉ → d − 1 squarings, d multiplications. C. Nègre, Th. Plantard, J.-M. Robert 6 / 26

  11. fi State of The Art State of the Art for Modular Exponentiation Synthesis Complexities and storage amounts of state of the art methods, average case. storage # MM # MS (# values ∈ F p ) Square-and-multiply t / 2 t − 1 - Radix- R method ⌈ t / w ⌉ - ⌈ t / w ⌉ · ( R − 1 ) 2 w − 1 Fixed-base Comb d = ⌈ t / w ⌉ d − 1 C. Nègre, Th. Plantard, J.-M. Robert 7 / 26

  12. State of The Art State of the Art for Modular Exponentiation Synthesis Complexities and storage amounts of state of the art methods, average case. storage # MM # MS (# values ∈ F p ) Square-and-multiply t / 2 t − 1 - Radix- R method ⌈ t / w ⌉ - ⌈ t / w ⌉ · ( R − 1 ) 2 w − 1 Fixed-base Comb d = ⌈ t / w ⌉ d − 1 Complexity Comparison RadixR/FixedBaseComb 1e+07 FixedBaseComb radix R Total available storage #kBytes 1e+06 100000 10000 1000 100 20 40 60 80 100 120 140 number of fi eld multiplications #MM key size t = 512 bits (MS = 0.86 × MM). C. Nègre, Th. Plantard, J.-M. Robert 7 / 26

  13. Contributions Table des matières State of The Art 1 State of the Art for Modular Exponentiation Contributions 2 Summary Radix- R and RNS Digit representation Radix- R and R -splitting representation Software Implementation and Performances Conclusion 3 C. Nègre, Th. Plantard, J.-M. Robert 8 / 26

  14. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  15. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  16. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; Complexity and storage requirements evaluation; C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  17. Contributions Summary Contributions Starting from the Radix- R method: Digit recoding for exponent, using a multiplicative splitting (2 approaches); Enhanced algorithm for Modular Exponentiation and Elliptic Curve Scalar Multiplication; Complexity and storage requirements evaluation; Software implementations, showing performance improvements. C. Nègre, Th. Plantard, J.-M. Robert 9 / 26

  18. Contributions Radix- R and RNS Digit representation Recoding Algorithm The Radix- R = m 0 · m 1 representation is as follows ( gcd ( m 0 , m 1 ) = 1): ℓ − 1 � k i R i , with ℓ = ⌈ t / log 2 ( R ) ⌉ , k = i = 0 and we represent the digits k i using RNS with base B = { m 0 , m 1 } : � k ( 0 ) = k i mod m 0 = | k i | m 0 , i k ( 1 ) = k i mod m 1 = | k i | m 1 . i C. Nègre, Th. Plantard, J.-M. Robert 10 / 26

  19. Contributions Radix- R and RNS Digit representation Recoding Algorithm The Radix- R = m 0 · m 1 representation is as follows ( gcd ( m 0 , m 1 ) = 1): ℓ − 1 � k i R i , with ℓ = ⌈ t / log 2 ( R ) ⌉ , k = i = 0 and we represent the digits k i using RNS with base B = { m 0 , m 1 } : � k ( 0 ) = k i mod m 0 = | k i | m 0 , i k ( 1 ) = k i mod m 1 = | k i | m 1 . i Chinese Remainder Theorem Using the CRT, one can retrieve k i : � � � k ( 0 ) · m 1 · | m − 1 1 | m 0 + k ( 1 ) · m 0 · | m − 1 k i = 0 | m 1 R . � � i i � C. Nègre, Th. Plantard, J.-M. Robert 10 / 26

  20. Contributions Radix- R and RNS Digit representation Recoding Algorithm → RNS splitting In the sequel, let’s denote (when k ( 1 ) � = 0) i 0 = m 1 · | m − 1 m ′ 1 | m 0 ,   m ′ 1 = m 0 · | m − 1 0 | m 1 , i = | k ( 0 ) · ( k ( 1 ) k ′ ) − 1 | m 0 .  i i C. Nègre, Th. Plantard, J.-M. Robert 11 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is publicly verifiable Unforgeable 2 A Digital Signature Scheme Key generation algorithm G (probabilistic) ( pk, sk ) G (1 ) security

602 views • 22 slides
Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Digital Signature And Hash Function Biometric Signature Electronic Signature Act ROC, 2002/04/01,

299 views • 13 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY &amp; NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Digital Signatures and Authentication 1 Outline What is a digital signature ? General

Digital Signatures and Authentication 1 Outline What is a digital signature ? General

Digital Signatures and Authentication 1 Outline What is a digital signature ? General model Foundations of security RSA, DSA, ECDSA signatures Zero knowledge (Guillo-Quisquater) One-time signature Special

675 views • 46 slides
3-509

3-509

3-509 liuzhen@sjtu.edu.cn 1 Digital Signature Hash Function Message Authentication Code 2 Digital Signature There is an electronic document to be sent

738 views • 24 slides
Digital Signatures Model A public key analog of MAC A digital signature scheme includes

Digital Signatures Model A public key analog of MAC A digital signature scheme includes

Digital Signatures Model A public key analog of MAC A digital signature scheme includes the following elements: A private key k A public key k A signature algorithm Public key is published Signature requires

475 views • 24 slides
Digital Signature And Hash Function

Digital Signature And Hash Function

Digital Signature And Hash Function 1 Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Biometric Signature

894 views • 52 slides
IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13

IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13

IM IMPLEMENTATION OF DIG IGIT ITAL SIG IGNATURE IN IN THE AVIA IATION IN INDUSTRY 13 13 OCTOBER 2017 1. What is Digital Signature? 2. Why use Digital Certificate? 3. Digital Signature Act 1997 4. Digital Signature Regulations 1998

282 views • 12 slides
Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange Labs PKC 2020 Context PKC 2020 p 2 Digital Signature Digital signature can be used to authenticate digital data ... Name Birthdate Address

437 views • 33 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

244 views • 21 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

478 views • 24 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally

Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally

Th The e Se Secr cret of of Digital Transformation Ho How w to Dig Digit ital ally ly Tra rans nsform orm Your ur Or Orga ganiz nizat ation ion June 16, 2016 A St Story y Abou out t Di Disn sney Poli licing cing

887 views • 36 slides
Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital Signatures The hash and sign paradigm m c slide 1/18 . Any public key encryption can be turned into a signature. Digital Signatures The hash and

759 views • 28 slides
Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature 1 Signature 2 Signature 2 http://comm ons.wikime dia.org/wiki/ File:Piasnic a- Signature 3 Signature 3 wodowskaz -0.jpg Ida Westerberg 1,2

388 views • 19 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

506 views • 24 slides
Floating Point Coprocessor Instructions Systems Design &amp; Programming CMPE 310 Coprocessor

Floating Point Coprocessor Instructions Systems Design &amp; Programming CMPE 310 Coprocessor

Floating Point Coprocessor Instructions Systems Design &amp; Programming CMPE 310 Coprocessor Basics The 80x87 is able to multiply, divide, add, subtract, find the sqrt and calculate transcenden- tal functions and logarithms. Data types

361 views • 12 slides
Efficient Floating-Point Logarithm Unit for FPGAs Nikolaos Alachiotis , Alexandros Stamatakis The

Efficient Floating-Point Logarithm Unit for FPGAs Nikolaos Alachiotis , Alexandros Stamatakis The

Efficient Floating-Point Logarithm Unit for FPGAs Nikolaos Alachiotis , Alexandros Stamatakis The Exelixis Lab, Dept. of Computer Science, TUM, Munich, Germany PRESENTATION OVERVIEW Introduction Approximation Strategy Reconfigurable

609 views • 35 slides
Exponent Laws MPM2D: Principles of Mathematics Consider the expression x 2 x 3 . Using the

Exponent Laws MPM2D: Principles of Mathematics Consider the expression x 2 x 3 . Using the

p o l y n o m i a l s p o l y n o m i a l s Exponent Laws MPM2D: Principles of Mathematics Consider the expression x 2 x 3 . Using the definition of exponentiation, x 2 x 3 can be expressed as ( x x )( x x x ) = x x x x

175 views • 3 slides
Some Recent Progress in the Applications of Niho Exponents Nian Li Faculty of Mathematics and

Some Recent Progress in the Applications of Niho Exponents Nian Li Faculty of Mathematics and

Some Recent Progress in the Applications of Niho Exponents Nian Li Faculty of Mathematics and Statistics Hubei University Wuhan, China July 5, 2017 Nian Li Problems From Niho Exponents BFA-2017, OS, Norway 1 / 35 Outline Niho Exponents

842 views • 35 slides
On the capabillity of p -groups of class two and prime exponent Arturo Magidin University of

On the capabillity of p -groups of class two and prime exponent Arturo Magidin University of

On the capabillity of p -groups of class two and prime exponent Arturo Magidin University of Louisiana at Lafayette Groups St Andrews 2013 Arturo Magidin Capability Definition A group G is capable if and only if there exists K such that G

901 views • 63 slides
Fixed and Floating Point Numbers Eric McCreath Fractional binary numbers Remember how the

Fixed and Floating Point Numbers Eric McCreath Fractional binary numbers Remember how the

Fixed and Floating Point Numbers Eric McCreath Fractional binary numbers Remember how the meaning of the digits in a binary number is defined: note how there is a binary radix point. So for example the binary number: means 2 Binary

549 views • 7 slides
Introduction to exponential functions An exponential function is a function of the form f ( x ) = b

Introduction to exponential functions An exponential function is a function of the form f ( x ) = b

Introduction to exponential functions An exponential function is a function of the form f ( x ) = b x where b is a Elementary Functions fixed positive number. The constant b is called the base of the exponent. Part 3, Exponential Functions &amp;

776 views • 6 slides
Exponential Functions MHF4U: Advanced Functions A basic exponential function, without

Exponential Functions MHF4U: Advanced Functions A basic exponential function, without

e x p o n e n t i a l a n d l o g a r i t h m i c f u n c t i o n s e x p o n e n t i a l a n d l o g a r i t h m i c f u n c t i o n s Exponential Functions MHF4U: Advanced Functions A basic exponential function, without transformations applied

44 views • 3 slides

More recommend