faster binary curve software a case study
play

Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm - PowerPoint PPT Presentation

Dec 04, 2022 •451 likes •602 views

Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm B. B. Brumley Department of Pervasive Computing Tampere University of Technology, Finland billy.brumley AT tut.fi 20 Oct 2015 1 / 14 Elliptic curves over binary fields Fix m

  1. Faster Binary Curve Software: A Case Study NordSec 2015, Stockholm B. B. Brumley Department of Pervasive Computing Tampere University of Technology, Finland billy.brumley AT tut.fi 20 Oct 2015 1 / 14

  2. Elliptic curves over binary fields Fix m and consider all of the ( x , y ) solutions over F 2 m to the following equation: E : y 2 + xy = x 3 + a 2 x 2 + a 6 Standardized curves $ openssl ecparam -list_curves ... sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field sect163r2 : NIST/SECG curve over a 163 bit binary field sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field sect239k1 : SECG curve over a 239 bit binary field sect283k1 : NIST/SECG curve over a 283 bit binary field sect283r1 : NIST/SECG curve over a 283 bit binary field sect409k1 : NIST/SECG curve over a 409 bit binary field sect409r1 : NIST/SECG curve over a 409 bit binary field sect571k1 : NIST/SECG curve over a 571 bit binary field sect571r1 : NIST/SECG curve over a 571 bit binary field ... 2 / 14

  3. Carryless multiplication 3 / 14

  4. Point multiplication 4 / 14

  5. Affine coordinates OpenSSL implements curve operations as written in P1363. Addition Let P = ( x 1 , y 1 ), Q = ( x 2 , y 2 ) such that P � = ± Q . Then P + Q = ( x 3 , y 3 ) is given by x 3 = λ 2 + λ + x 1 + x 2 + a 2 y 3 = λ ( x 1 + x 3 ) + x 3 + y 1 λ = y 1 + y 2 x 1 + x 2 Doubling Let P = ( x 1 , y 1 ) then 2 P = ( x 3 , y 3 ), where x 3 = λ 2 + λ + a 2 y 3 = λ ( x 1 + x 3 ) + x 3 + y 1 λ = x 1 + y 1 x 1 5 / 14

  6. Lambda coordinates Affine (Knudsen 1999) Short affine point P = ( x , y ) is ( x , λ ) where λ = x + y / x . Projective (Oliveira et al. 2014) With projective equation ( L 2 + LZ + a 2 Z 2 ) X 2 = X 4 + a 6 Z 4 . the λ -projective point ( X 1 : L 1 : Z 1 ) corresponds to the λ -affine point ( X 1 / Z 1 , L 1 / Z 1 ). The inverse of ( X 1 : L 1 : Z 1 ) is ( X 1 : L 1 + Z 1 : Z 1 ). 6 / 14

  7. Computational costs Computational costs of elliptic curve operations in various coordinate systems w.r.t. finite field inversions ( I ), multiplications ( M ), and squarings ( S ). Coordinates double add negate affine 1 I + 2 M + 1 S 1 I + 2 M + 1 S – LD-projective (mixed) 4 M + 5 S 8 M + 5 S 1 M λ -projective (mixed) 4 M + 4 S 8 M + 2 S – λ -projective 4 M + 4 S 11 M + 2 S – 7 / 14

  8. ECC in OpenSSL struct ec_method_st { ... int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); ... int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); ... int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); ... int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); ... int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int (*precompute_mult) (EC_GROUP *group, BN_CTX *); int (*have_precompute_mult) (const EC_GROUP *group); int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); ... } /* EC_METHOD */ ; 8 / 14

  9. Scalar multiplication in OpenSSL /** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object * \param r EC_POINT object for the result * \param n BIGNUM with the multiplier for the group generator (optional) * \param num number futher summands * \param p array of size num of EC_POINT objects * \param m array of size num of BIGNUM objects * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); 9 / 14

  10. Montgomery’s Ladder in OpenSSL /*- * Computes scalar*point and stores the result in r. * point can not equal r. * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES ’99, LNCS 1717). * * To protect against side-channel attack the function uses constant time swap, * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) 10 / 14

  11. Bug attacks and projective randomization ◮ Bug attacks (Biham et al. 2008) target implementation errors to steal keys. ◮ Pick β at random, and at the beginning of scalar multiplication set the accumulator to ( β X : β L : β Z ). ◮ Observe ( β X : β L : β Z ) �→ (( β X ) / ( β Z ) , ( β L ) / ( β Z )) = ( X / Z , L / Z ). 11 / 14

  12. ECDH performance ECDH operations per second. Intel Celeron 2955U 1.40GHz. curve stock modified gain nistk163 2107.7 2022.6 -4.0% nistk233 1675.2 1670.2 -0.3% nistk283 929.3 921.0 -0.9% nistk409 589.5 563.8 -4.4% nistk571 248.7 244.9 -1.5% nistb163 2043.9 2011.4 -1.6% nistb233 1600.9 1640.6 2.5% nistb283 891.6 903.9 1.4% nistb409 551.9 559.4 1.4% nistb571 229.1 243.5 6.3% 12 / 14

  13. ECDSA performance ECDSA operations per second. Intel Celeron 2955U 1.40GHz. curve stock modified gain stock modified gain (sign) (sign) (sign) (verify) (verify) (verify) nistk163 2304.1 6723.4 191.8% 1022.9 1617.6 58.1% nistk233 1146.2 5147.5 349.1% 791.8 1313.5 65.9% nistk283 770.6 3136.7 307.0% 442.6 744.2 68.1% nistk409 341.0 1969.2 477.5% 280.2 456.4 62.9% nistk571 158.2 896.0 466.4% 120.2 199.0 65.6% nistb163 2300.3 6684.2 190.6% 983.1 1635.9 66.4% nistb233 1174.2 5227.7 345.2% 765.0 1280.2 67.3% nistb283 771.3 3142.4 307.4% 420.1 735.1 75.0% nistb409 339.8 1952.7 474.7% 262.4 446.5 70.2% nistb571 157.6 858.8 444.9% 111.1 197.7 77.9% 13 / 14

  14. Conclusion ◮ Source code patches: RT 4013 http://marc.info/?l=openssl-dev&m=144008703808363 ◮ Leverages existing arch, not a(nother) full stack ◮ Crypto in a vacuum has dubious utility Future work Specialized finite field arithmetic (Bluhm & Gueron 2015) 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why should we care? Previous research Michael W. Godfrey A case study: The Linux OS kernel Qiang Tu Observations, hypotheses, and future

179 views • 6 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
results and experiences Sebastian Frank Santiago Vidal SQuAT Case Study Experiences Results

results and experiences Sebastian Frank Santiago Vidal SQuAT Case Study Experiences Results

Universidad Nacional del Centro (UNICEN) Institute of Software Technology ISISTAN Research Institute Reliable Software Systems Software Engineering Group Using the CoCoME We already community case study attended for evaluating the SSP

490 views • 20 slides
10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn

10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn

10-20x Faster 10-20x Faster Software Builds Software Builds John Ousterhout 2307 Leghorn Street Mountain View, CA 94043 www.electric-cloud.com Overview Overview Slow builds impact almost all medium/large development teams Electric Cloud

716 views • 32 slides
Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997

Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997

Software Engineering Case Studies Bob Monroe Software Engineering Reading Group March 31, 1997 Overview Case study paper (Kitchenham et al) Overview of case study methodology Good case studies are powerful. They are also rare

561 views • 15 slides
Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component

Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component

Binary Search Trees 1 October 2020 OSU CSE 1 Faster Searching The BinaryTree component family can be used to arrange the labels on binary tree nodes in a variety of useful ways A common arrangement of labels, which supports searching

890 views • 73 slides
ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case

ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case

ECE444: Software Engineering Case Study Shurui Zhou Learning goal Review a specific case study to understand the requirements issues more clearly Virtual Case File 3 What is the virtual case file? Goal : to automate the FBIs

261 views • 15 slides
Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development

Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development

National Aeronautics and Space Administration NASAs Core Flight Software - a Reusable Real-Time Framework Topics: Core Flight Software (CFS) Overview Case Study: Morpheus Lander JSC CFS Development Efforts CFS Training

960 views • 61 slides
A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide

A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide

A Case Study on Recommending Software Components using Collaborative Filtering Mel Cinnide Frank McCarey Nicholas Kushmerick University College Dublin - Ireland frank.mccarey@ucd.ie May 2004 Introduction ! Software Reuse is

471 views • 21 slides
WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER

WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER

WRITING FASTER CODE 1 . 1 WRITING FASTER CODE AND NOT HATING YOUR JOB AS A SOFTWARE DEVELOPER 1 . 2 WRITING FASTER PYTHON @SebaWitowski 1 . 3 PYTHON WAS NOT MADE TO BE FAST... ...BUT TO MAKE DEVELOPERS FAST. 2 . 1 It was nice to

451 views • 43 slides
Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Overview Using Curve Implementation Lessons Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation Lessons Ninjas Shinobi Kun An John Chan David Mauskop Wisdom Omuya Zitong Wang Curve Ninjas

360 views • 17 slides
Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many

Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many

Faster Code Nicolas Limare 2014/11/19 faster? one task vs many speeds one operation vs many algos one algo vs many codes one code vs many binaries one binary vs many runs We want faster runs for the same operation. why go fast?

620 views • 17 slides
Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with

Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with

Boiling Curve Wall Temp. Controlled. Pool boiling curve for temperature controlled case with increasing temperature and decreasing temperature. Note that there is a hysteresis especially in the transition region. 4 Pool Boiling Curve

295 views • 7 slides
Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin

Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin

Releasing Scientific Software in GitHub: A Case Study on SWMM2PEST Xuanyi Lin (linx7@mail.uc.edu) Department of EECS, University of Cincinnati, OH SE4Science, Montreal, Canada May 28, 2019 Acknowledgments Nan Niu Xuanyi Lin Michelle Simon

323 views • 14 slides
Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software

Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software

How Software AG built up its Online Communities with OpenCms Robert Diawara, Software AG Fabian Huschka, componio GmbH Get There Faster. Module 1 Software AG & componio GmbH at a glance Company Presentation | Status: April 2011 | Page 2

915 views • 54 slides
1 1. some theory Proces of change of target groups forms an g g g p S-shaped curve;

1 1. some theory Proces of change of target groups forms an g g g p S-shaped curve;

Strategy to speed up largescale adoption of the CNG Car Cees Egmond Senternovem Summer study ECEEE 4-9 june 2007 1 Overview presentation Introduction Some theory Report on a Case study: Marketintroduction of theCNG-car,

942 views • 9 slides
2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

BYOd at Tully SHS 2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the success of the Tully SHS 1:1 mobile devices policy in years 11 & 12. This policy has allowed each senior student to have a mobile

202 views • 16 slides
XOTcl an Object-Oriented Scripting Language Gustaf Neumann Uwe Zdun Department of

XOTcl an Object-Oriented Scripting Language Gustaf Neumann Uwe Zdun Department of

XOTcl an Object-Oriented Scripting Language Gustaf Neumann Uwe Zdun Department of Information Systems Specification of Software Systems Vienna University of Economics University of Essen Vienna, Austria Essen, Germany

509 views • 17 slides
Title goes here Tools for Performance Evaluation Timing and performance evaluation has been

Title goes here Tools for Performance Evaluation Timing and performance evaluation has been

Title goes here Tools for Performance Evaluation Timing and performance evaluation has been an art Experiences and Lessons Learned Resolution of the clock with a Portable Interface to Issues about cache effects Hardware Performance

594 views • 5 slides
nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01 @n1ckler A smart home A Bitcoin node A lonely datacenter Robustness Do you trust binaries from some cache or do you build from source? Do

411 views • 29 slides
Survey of the slow control project for the PANDA cluster-jet target Target Session of LII PANDA

Survey of the slow control project for the PANDA cluster-jet target Target Session of LII PANDA

National Centre for Nuclear Research, Poland Survey of the slow control project for the PANDA cluster-jet target Target Session of LII PANDA Meeting 1 Arkadiusz Chlopik Universitt Gieen, March 17, 2015 National Centre for Nuclear

423 views • 14 slides
How to Mine using the Blockchain Summary 1. What is mining 2. How to mine 3. Which GPUs to

How to Mine using the Blockchain Summary 1. What is mining 2. How to mine 3. Which GPUs to

How to Mine using the Blockchain Summary 1. What is mining 2. How to mine 3. Which GPUs to buy 4. How to optimize 5. Issues and Advices 6. Misc What is mining ? What is a Hash ? b5eb2f296bf19d0ca77 SHA-256 22a0ef91c527628381d3

703 views • 27 slides
Quality of Service su Linux: Passato Presente e Futuro Luca Abeni luca.abeni@unitn.it

Quality of Service su Linux: Passato Presente e Futuro Luca Abeni luca.abeni@unitn.it

Quality of Service su Linux: Passato Presente e Futuro Luca Abeni luca.abeni@unitn.it Universit` a di Trento Quality of Service su Linux:Passato Presente e Futuro p. 1 Quality of Service Time Sensitive applications Implicit temporal

728 views • 19 slides
Improved Branch-Cut-and-Price for Capacitated Vehicle Routing Diego Pecin 1 Artur Pessoa 2 Marcus

Improved Branch-Cut-and-Price for Capacitated Vehicle Routing Diego Pecin 1 Artur Pessoa 2 Marcus

Improved Branch-Cut-and-Price for Capacitated Vehicle Routing Diego Pecin 1 Artur Pessoa 2 Marcus Poggi 1 Eduardo Uchoa 2 PUC - Rio de Janeiro 1 Universidade Federal Fluminense 2 January, 2014 Aussois-2014 Pecin, Pessoa, Poggi, and Uchoa

1.19k views • 72 slides

More recommend