lac
play

LAC Xianhui Lu 1 , Yamin Liu 1 , Dingding Jia 1 , Haiyang Xue 1 , - PowerPoint PPT Presentation

Aug 25, 2022 •2.59k likes •2.98k views

LAC Xianhui Lu 1 , Yamin Liu 1 , Dingding Jia 1 , Haiyang Xue 1 , Jingnan He 1 , Zhenfei Zhang 2 , Zhe Liu 3 , Hao Yang 3 , Bao Li 1 , Kunpeng Wang 1 NIST Second PQC Standardization Conference August 24, 2019 Lu et al. (CAS, Algorand, NUAA) LAC: an

  1. LAC Xianhui Lu 1 , Yamin Liu 1 , Dingding Jia 1 , Haiyang Xue 1 , Jingnan He 1 , Zhenfei Zhang 2 , Zhe Liu 3 , Hao Yang 3 , Bao Li 1 , Kunpeng Wang 1 NIST Second PQC Standardization Conference August 24, 2019 Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 1 / 16

  2. Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  3. Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  4. Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  5. Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  6. Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  7. Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  8. Aug 2019: Hybrid dual attack Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  9. Timeline 1 1 2 1 2 3 6 8 1 0 0 1 1 0 0 0 . . . . . . . . 7 8 8 8 8 9 9 9 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 Nov 2017: LAC round 1 submission Jan 2018: Subfield attack Feb 2018: High hamming weight attack (CCA) Nov 2018: Timing attack on ECC (CCA) Dec 2018: Error correlation (CCA) Mar 2019: LAC round 2 submission Jun 2019: Pattern attack (CCA) Aug 2019: Hybrid dual attack Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 2 / 16

  10. A brief review ( pk , sk ) ← KeyGen () pk = ( a , b := as + e ), sk = s c ← Enc ( msg , sk ) ˜ = BCH encode ( msg ) m c 1 = as 1 + e , c 2 = bs 1 + e 0 00 + q / 2 ˜ m c = ( c 1 , c 2 ) msg ← Dec ( c , pk ) . . . msg = BCH decode ( m ~ ) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 3 / 16

  11. Motivation Want to use smallest modulus, q = 251 Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 4 / 16

  12. Use ECC to handle the errors The focus of the cryptanalysis Motivation Want to use smallest modulus, q = 251 Too many errors in the message Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 4 / 16

  13. The focus of the cryptanalysis Motivation Want to use smallest modulus, q = 251 Too many errors in the message Use ECC to handle the errors Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 4 / 16

  14. Motivation Want to use smallest modulus, q = 251 Too many errors in the message Use ECC to handle the errors The focus of the cryptanalysis Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 4 / 16

  15. And more cryptanalysis... This talk A summary of the cryptanalysis on LAC; The updated parameter sets in Round 2; Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 5 / 16

  16. This talk A summary of the cryptanalysis on LAC; The updated parameter sets in Round 2; And more cryptanalysis... Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 5 / 16

  17. Subfield Attack [Alp18a] Strategy x n + 1 = hg . . = ( x n / 2 + 91 x n / 4 + 250)( x n / 2 + 160 x n / 4 + 250) mod 251 Given ( a , b = as + e ), try to recover ( s g , e g ) := ( s , e ) mod g ( s h , e h ) := ( s , e ) mod h Analysis | s g , e g | ∞ = 25 too large, c.f. RHF No impact on LAC parameters for Round 1 submission Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 6 / 16

  18. High Hamming Weight Attack [Alp18b] Strategy s 1 , e 0 follows binomial distribution Choose s 1 , e 0 with higher-then-normal Hamming weight Decryption error rate increased to 2 − 44 . 4 Produce 2 19 . 6 decryption failures with 2 207 pre-computation and 2 64 oracle queries for level 5. Counter-measure Use binomial distribution with fixed Hamming weight. Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 7 / 16

  19. Timing attack on ECC [DTVV19] Round 1 BCH: non-constant time, O ( err ) Round 2 BCH: almost constant time, O ( max ( err )) Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 8 / 16

  20. Error Correlation [DVV19] Round 1 parameter Dependency aware model: “ independence assumption is suitable for schemes without error correction, but that it might lead to under-estimating the failure probability of algorithms using error correcting codes ” Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 9 / 16

  21. Error Correlation [DVV19], continued Round 2 parameter Red line: Experimental data Blue line: Dependency aware model Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 10 / 16

  22. Major updates Round 1 Round 2 Message space 256, 384, 512 256 Noise dist. binomial fix-weight BCH(511,264,29) BCH(511,256,16) ECC BCH(511,392,13) BCH(511,256,8) BCH(1023,520,55) BCH(511,256,16)+D2 Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 11 / 16

  23. Hybrid attacks, Round5 team and [Son19] Hybrid primal attack Reduces security margin of LAC-192 from 286 to 278 No impact on LAC-128/256 Hybrid dual attack Discovered by Round5 team and Son independently last week We are evaluating the impact Current thought: may affect security margin by a few bits Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 12 / 16

  24. Pattern Attack [GJY19] Strategy Assume e 0 has certain pattern e.g., 33 consecutive 1 , − 1 , ... ; happens with prob 2 − 122 s has certain distribution e.g., | s odd (1) | + | s even (1) | > 208; happens with prob 2 − 70 A higher than normal error rate e.g., < 2 − 30 , c.f., norm error rate 2 − 122 Repeat for enough errors to attack secret key e.g., ≈ 2 30 errors (?), with a total cost 2 122+70+30+30 ≈ 2 252 Impact [GJY19] focused on LAC256 of round 1 parameter Our evaluation on round 2 parameter: LAC128/192 remain intacct; LAC256 needs a revision on error correct code. Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 13 / 16

  25. Performance Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 14 / 16

  26. Performance [Dus19] Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 15 / 16

  27. A positive note LAC trials with a new direction to improve performance: super small q + heavy error corrections; c.f. different rings, lattice structures, etc. LAC has sparked a lot of new cryptanalysis technique. Future work Improve error correction performance Almost constant time → constant-time implementation Re-write ring multiplication with Assembly Improve m4 and FPGA implementation Lu et al. (CAS, Algorand, NUAA) LAC: an update August 24, 2019 16 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

4:00 4:30 p.m. How WESTCAS records and advocates Federal issues? Comment Letters 1)

4:00 4:30 p.m. How WESTCAS records and advocates Federal issues? Comment Letters 1)

Wednesday, October 25 th 4:00 4:30 p.m. How WESTCAS records and advocates Federal issues? Comment Letters 1) Independently and/or Jointly Prepared and issued on an as-needed basis with Board approval Briefing Papers, Background

582 views • 12 slides
Ja James Aycock Product Eng ngin ineer Presentation CAS &amp; VPS (or Two Devices to

Ja James Aycock Product Eng ngin ineer Presentation CAS &amp; VPS (or Two Devices to

American Society of Gas Engineers June 5, 2018 Ja James Aycock Product Eng ngin ineer Presentation CAS &amp; VPS (or Two Devices to Improve the Safety &amp; Performance of Gas-Fired Appliances) Heico Companies - Confidential -

394 views • 25 slides
Collaboration Leadership Team Chairs and Directors College Office Craig Gatto BSC Diane

Collaboration Leadership Team Chairs and Directors College Office Craig Gatto BSC Diane

College ege of Arts and nd Sciences nces FY19 Annual Report FY20 Planning Document Collaboration Leadership Team Chairs and Directors College Office Craig Gatto BSC Diane Zosky Interim Dean Craig McLauchlan CHE Steve Hunt

565 views • 28 slides
ZoomieLink Update Raychel Blocher, 18 Alumni and Constituent Relations Coordinator ZoomieLink

ZoomieLink Update Raychel Blocher, 18 Alumni and Constituent Relations Coordinator ZoomieLink

ZoomieLink Update Raychel Blocher, 18 Alumni and Constituent Relations Coordinator ZoomieLink Analytics | Total Users 1959 17 1968 44 1977 47 1986 47 1995 73 2004 39 2013 32 1960 9 1969 72 1978 57 1987 53 1996 42 2005

1.24k views • 14 slides
CAS is at the heart of the Diploma Program Creativity - arts, and other experiences that involve

CAS is at the heart of the Diploma Program Creativity - arts, and other experiences that involve

International Baccalaureate C reativity, A ctivity, S ervice http://vimeo.com/33128097 CAS is at the heart of the Diploma Program Creativity - arts, and other experiences that involve creative thinking. Examples: Join an art club or pursue

377 views • 14 slides
Streamlined Sales Tax The Next Step Presented by David Kolb, Indiana And Tim Bennett, Kentucky

Streamlined Sales Tax The Next Step Presented by David Kolb, Indiana And Tim Bennett, Kentucky

Streamlined Sales Tax The Next Step Presented by David Kolb, Indiana And Tim Bennett, Kentucky Location: 100 Majestic Drive Suite 400 Westby, WI Phone: 608-634-6060 Employees: Craig Johnson, Executive Director

954 views • 27 slides
Support Services CAS Self-Study Summary Summary: The Self-assessment Process The SSS CAS

Support Services CAS Self-Study Summary Summary: The Self-assessment Process The SSS CAS

Student Support Services CAS Self-Study Summary Summary: The Self-assessment Process The SSS CAS Self-Assessment Team formed March 2012 and completed its work May 15, 2012. Team was comprised of 7 people: Dr. Kim Patterson, Chair 1.

573 views • 8 slides
An Introduction to the Court of Arbitration for Sport Anti- Doping Division (CAS ADD) and Other

An Introduction to the Court of Arbitration for Sport Anti- Doping Division (CAS ADD) and Other

An Introduction to the Court of Arbitration for Sport Anti- Doping Division (CAS ADD) and Other CAS Doping Procedures Prepared for the Public Seminar hosted by the SDRCC and CAS Brent J. Nowicki, Managing Counsel (CAS) 30 January 2020, Hotel

642 views • 12 slides
MIAMI VALLEY HOSPITAL CADDY UVC HOOD SYSTEM AND CAS AIR CLEANING SYSTEM MIAMI VALLEY HOSPITAL

MIAMI VALLEY HOSPITAL CADDY UVC HOOD SYSTEM AND CAS AIR CLEANING SYSTEM MIAMI VALLEY HOSPITAL

MIAMI VALLEY HOSPITAL CADDY UVC HOOD SYSTEM AND CAS AIR CLEANING SYSTEM MIAMI VALLEY HOSPITAL KITCHEN IS UNDERGROUND IN THE RIGHT SIDE TOWER THE UVC SYSTEM CONTROL PANEL AND THE CAS CONTROL PANEL UVC PANEL CONSTRUCTION CAS PANEL CONSTRUCTION

357 views • 15 slides
Fire Safety and Prevention: A Resource Guide for Child Welfare Professionals Presenter Notes

Fire Safety and Prevention: A Resource Guide for Child Welfare Professionals Presenter Notes

Fire Safety and Prevention: A Resource Guide for Child Welfare Professionals Presenter Notes [Note to Educator: It is recommended that you have the following resources when delivering this presentation: The Fire Safety and Prevention: A

747 views • 28 slides
Convergent Aeronautics Solutions (CAS) Project Overview Isaac Lpez NASA Glenn Research Center

Convergent Aeronautics Solutions (CAS) Project Overview Isaac Lpez NASA Glenn Research Center

Convergent Aeronautics Solutions (CAS) Project Overview Isaac Lpez NASA Glenn Research Center CAS Project Manager AIAA Aviation Conference 2017 June 8, 2017 www.nasa.gov Learn to Fly DELIVER Digital Twin Cross-strapped Power

272 views • 16 slides
Documentation C&amp;G Presentation for BRAiN Meeting June 2018 Overall Objective To provide

Documentation C&amp;G Presentation for BRAiN Meeting June 2018 Overall Objective To provide

Documentation C&amp;G Presentation for BRAiN Meeting June 2018 Overall Objective To provide better audit trails: Robust documentation Justifications Line item descriptions Equipment allocation Correctly or Accurately

422 views • 17 slides
AECOM Independent Assessment of WRPS CAS Effectiveness Results Michael Peloquin (509)

AECOM Independent Assessment of WRPS CAS Effectiveness Results Michael Peloquin (509)

Tank Operations Contract AECOM Independent Assessment of WRPS CAS Effectiveness Results Michael Peloquin (509) 539-5357 Michael_G_Peloquin@rl.gov WRPS Contractor Assurance Manager November 7, 2017 1 Tank Operations CAS EFFECTIVENESS

402 views • 18 slides
Presentation to the Colorado State Board of Education January 2017 Orient State Board members

Presentation to the Colorado State Board of Education January 2017 Orient State Board members

Presentation to the Colorado State Board of Education January 2017 Orient State Board members to the standards review and revision plan Provide an update to State Board members on stakeholder engagement Preliminary results from the

373 views • 23 slides
RO ROBO BOT IN IN TK TKA: A: KEEP IT EEP IT CONVENTIONAL NVENTIONAL. IT . IT HAS HAS

RO ROBO BOT IN IN TK TKA: A: KEEP IT EEP IT CONVENTIONAL NVENTIONAL. IT . IT HAS HAS

RO ROBO BOT IN IN TK TKA: A: KEEP IT EEP IT CONVENTIONAL NVENTIONAL. IT . IT HAS HAS WOR WORKE KED FOR D FOR YEARS Doug ouglas las A. D Denn nnis is, M , M.D. Adjun junct ct Prof ofes essor or, Dept. t. of Bio iomed

584 views • 23 slides
Lausanne 21 September 2018 ON CHALLENGES OF ARBITRATORS UNDER THE CAS SYSTEM presented by O.L.O.

Lausanne 21 September 2018 ON CHALLENGES OF ARBITRATORS UNDER THE CAS SYSTEM presented by O.L.O.

CAS/SAV/FSA Seminar Lausanne 21 September 2018 ON CHALLENGES OF ARBITRATORS UNDER THE CAS SYSTEM presented by O.L.O. de Witt Wijnen (version of 26 September 2018, adapted after the presentation) 1 2 Challenges based on age: Too old?

881 views • 55 slides
Renaissance College Scholarship Information Evening 21

Renaissance College Scholarship Information Evening 21

Renaissance College Scholarship Information Evening 21 January 2020 http://www.rchk.edu.hk/general-information/

447 views • 27 slides
CAS MARKETING ROUNDTABLE AGENDA Introductions Name, department, role CAS updates

CAS MARKETING ROUNDTABLE AGENDA Introductions Name, department, role CAS updates

CAS MARKETING ROUNDTABLE AGENDA Introductions Name, department, role CAS updates Staff updates Instagram (@uwartsci) Marketing Updates Giving Day overview Prospective student communications update Open

390 views • 8 slides
Emulsion Stability Matt Vanden Eynden, Ph.D. Formulaction, Inc. Presentation Outline

Emulsion Stability Matt Vanden Eynden, Ph.D. Formulaction, Inc. Presentation Outline

Effect of Fragrances on Perfume Emulsion Stability Matt Vanden Eynden, Ph.D. Formulaction, Inc. Presentation Outline Fragrances, once introduced into cosmetic and personal care applications, can occasionally impact the cohesion and

549 views • 24 slides
The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382 U.S.A. Tel:

The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382 U.S.A. Tel:

The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382 U.S.A. Tel: 1-610-430-7537 Email: contact@theesusgroup.com Web: www.theesusgroup.com

401 views • 9 slides
CONTACT INFORMATION The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382

CONTACT INFORMATION The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382

CONTACT INFORMATION The Esus Group, Inc. 929 S. High St., Suite 171 West Chester, PA 19382 U.S.A. Tel: 1-610-430-7537 Email: contact@theesusgroup.com Web: www.theesusgroup.com

654 views • 9 slides
Cashew Nuts in Indian Ethnic Industry De e pta Gupta E xe c utive Vic e Pre side nt Bikane

Cashew Nuts in Indian Ethnic Industry De e pta Gupta E xe c utive Vic e Pre side nt Bikane

Cashew Nuts in Indian Ethnic Industry De e pta Gupta E xe c utive Vic e Pre side nt Bikane rvala F o o ds Private L imite d The company was found in Bikaner, Raj asthan and is 100 years old. The first retail shop was set up in 1954 in

940 views • 30 slides
RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW

RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW

RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY RAW CASHEW NUT QUALITY Mr DAOUDA GON COULIBALY ACE GLOBAL DEPOSITORY 24-26 Jan

306 views • 14 slides
Dinendra Nayana Kumara Sunbassinghe, Buddhi Industries T echnological Advancement to the Cashew

Dinendra Nayana Kumara Sunbassinghe, Buddhi Industries T echnological Advancement to the Cashew

Dinendra Nayana Kumara Sunbassinghe, Buddhi Industries T echnological Advancement to the Cashew Processing Industry CREATIONS OF BUDDHI INDUSTRIES SRI LANKA M 171-1 CASHEW SHELLING MACHINE Facts Best quality cashew nuts have a

451 views • 14 slides

More recommend