modular exponentiation
play

Modular Exponentiation In the browser !? P.h.D. semester project, - PowerPoint PPT Presentation

Jan 10, 2023 •25 likes •215 views

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1 Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and

  1. Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1

  2. Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and requires physical presence... Can we make people vote from their bed in a secure way ?? 2

  3. CHVote Geneva is developing a next-gen voting solution for its canton: CHVote. Lot of people living abroad are expected to use the solution. Full formal specifications written by people from the e-Voting group, RISIS, in BFH. Implementation in progress by the DGSI (“Direction générale des systèmes d'information”) 3

  4. Encrypted vote in the browser... Secure voting requires encryption of the vote at the client’s side ● Up to hundreds of votes to encrypt for one client RSA encryption uses modular exponentiation with 1024,2048 or 4096 bit keys. g^s mod q Modular exponentiation is a slow operation. 4

  5. Modular exp. in Javascript ? Javascript is an interpreted language and runs in the browser ● It it *not* fast ● Garbage collected ● Not to mention all the security issues... Nevertheless, a better choice than sending a vote in the clear! 5

  6. What can we do ? Outsource the heavy computation to remote servers (honest-but-curious). In this context: (1) Partial exponentiation ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally with multiplication 6

  7. What can we do ? Offload the heavy computation to remote (2) Local Reconstruction servers (honest-but-curious) ! In this context: ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally with multiplication 7

  8. What can we do ? Offload the heavy computation to remote servers (honest-but-curious)! In this context: (2) Local Reconstruction ● Base is the public key so it is public ● Exponent is private (encoded vote) ● Modulo is public (security parameter) Partial exponentiation request & Fast reconstruction locally 8

  9. Splitting the computation Partial exponentiation: v = <vote> a = <public key> q = <modulo> s_i = <random> (i: 0...n-1) s_n = v - SUM(s_i) (i: 0 … n-1) Each server i computes: r_i = a^(s_i) mod q 9

  10. Splitting the computation Partial exponentiation: Local Reconstruction: v = <vote> e = <encrypted vote> a = <public key> q = <modulo> e = MUL(r_i) (i: 0 … n) s_i = <random> (i: 0...n-1) = a ^ (SUM(s_i)) mod q s_n = v - SUM(s_i) (i: 0 … n-1) = a ^ [SUM(s_i) + v - SUM(s_i)] Each server i computes: = a ^ v mod q r_i = a^(s_i) mod q 10

  11. Evaluation: Comparison between: ● Pure Javascript ● Using JSBN library from Tom Wu at ● Split method Stanford (fastest library ?) ● WebAssembly ● Simple one line of code... 11

  12. Evaluation: Comparison between: ● Front end in JS (share splitting + JSON encoding) ● Pure Javascript ○ ~50 lines ● Split method ● Backend in Go using binding to GMP ● WebAssembly ○ Less than 100 lines ● Optimized to send the minimum amount of data 12

  13. Evaluation: Comparison between: ● Pure Javascript ● Split method ● WebAssembly ● Compiled GMP to Wasm in 32 bit ○ Using LLVM 32 bit ○ Without assembly code :( ● Small wrapper in C for mod. Exp. ● Copy data to Wasm heap from JS ○ All in one call 13

  14. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 14

  15. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 15

  16. Results: Comparison between: ● Pure Javascript ● Split method ● WebAssembly For different key sizes: ● 1024 bits ● 2048 bits ● 4096 bits 16

  17. Future work ● Look at verifiable computation (NIZK) ○ Is it possible ? ○ Is it expensive ? ○ Look at recent progress such as “ CExp: secure and verifiable outsourcing of composite modular exponentiation with single untrusted server “ (Shuai Li) ● Code optimized hand-written WebAssembly code for modular exponentiation ● Experience with a varying number of servers (3 so far) 17

  18. Conclusions Outsourcing the heavy computation is good in this context ● Performs an order of magnitude better than other solutions ● No need for verification of correct output 18

  19. https://github.com/dedis/students_17_geneva Conclusions Outsourcing the heavy computation IS good in WebAssembly is not ready for prime time yet . this context ● Performs much better in an infinite loop ● Performs an order of magnitude better (graphics) than other solutions ● Compiles only in 32 bit ● No need for verification of correct output ● Can’t compile hand-written assembly 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

0 12 1 Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and Remainder, GCD, Euclid s algorithm, L(a,b) { au + bv | u,v Z } = { n gcd(a,b) | n Z } Primes, Fundamental Theorem of

272 views • 14 slides
THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e , and n , the following algorithm quickly computes the reduced power a e % n . ( Initialize ) Set ( x, y, f ) = (1 , a, e ). ( Loop ) While f &gt;

175 views • 5 slides
Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2) CCISR, SCIT, University of Wollongong,

708 views • 43 slides
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe NEGRE ( 1 ) , Thomas PLANTARD ( 2 ) and Jean-Marc ROBERT ( 1 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, (University of

1.25k views • 69 slides
a (mod m ) b is congruent to modulo a m b mod mod a m b m

a (mod m ) b is congruent to modulo a m b mod mod a m b m

Number Theory and its Applications Modular Exponentiation Euclidean Algorithm for GCD Solving Linear Congruences Chinese Remainder Theorem and Application to Arithmetic with large numbers Covered in Sections 3.6 and 3.7 Based

489 views • 19 slides
ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In collaboration with Marco S. Bianchi arXiv:1403.3398 N=4 SYM Exponentiation Consider color ordered MHV 4p amplitude in We define the ratio

415 views • 29 slides
CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

Announcements Reading assignments Today and Monday: CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up to p. 191 5 th Edition Lecture 11 Wednesday Modular Exponentiation and Primes

345 views • 5 slides
CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis

CPSC 490 DP Part 2: Max-IS on Arrays, LCS, Recovery, and Binary Exponentiation Lucca Siaudzionis and Jack Spalding-Jamieson 2020/01/23 University of British Columbia Announcements Again, assignment 1 is due this Saturday!!!!!!!!

490 views • 31 slides
Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene

Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene

Introduction Square Always Parallelization Conclusion Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1 , 2 Georges Gagnerot 1 , 2 ene Roussellet 2 Vincent Verneuil 2 , 3 Myl` 1 XLIM-Universit e de Limoges, France 2 INSIDE

1.05k views • 60 slides
1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

TEMPORARY MODULAR HOUSING Temporary Modular Housing Community Information Session 7430 7460 Heather Street ( formerly 650 West 57 th Avenue) ) 1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

701 views • 32 slides
CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with a simple algorithm: ans = 1 i = y while i &gt; 0: ans = ans * x i-- Runtime? 2 Just like with multiplication, let's consider large

698 views • 22 slides
Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA

S6349 - XMP LIBRARY INTERNALS Niall Emmart University of Massachusetts Follow on to S6151 XMP: An NVIDIA CUDA Accelerated Big Integer Library High Performance Modular Exponentiation A^K mod P Where A, K and P are hundreds to thousands

737 views • 24 slides
SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas Plantard Paris Diderot Universit e, University of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF,

1.16k views • 69 slides
Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like any other homes. Today's technology has allowed modular manufacturers to build almost any style of house, from a simple ranch to a highly customized

522 views • 15 slides
Decrease by a Constant Factor Examples that we have already seen: Binary Search

Decrease by a Constant Factor Examples that we have already seen: Binary Search

Decrease by a constant factor Decrease by a variable amount A FEW LEFTOVER DECREASE AND CONQUER ALGORITHMS Decrease by a Constant Factor Examples that we have already seen: Binary Search Exponentiation (ordinary and modular) by

216 views • 6 slides
Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) -

Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) -

Modular Arithmetic Modular Arithmetic: refresher. Notation x ( mod m ) or mod ( x , m ) - remainder of x divided by m in { 0 ,..., m 1 } . x is congruent to y modulo m or x y ( mod m ) if and only if ( x y ) is divisible by m .

397 views • 5 slides
A leading European learning and media company SANOMA AS AN INVESTMENT: Growing dividends A

A leading European learning and media company SANOMA AS AN INVESTMENT: Growing dividends A

Roadshow presentation August-September 2019 A leading European learning and media company SANOMA AS AN INVESTMENT: Growing dividends A leading European learning and media company Strong and Continued balanced focus on business

1.06k views • 56 slides
The presentation of the terms of Invalda AB split-off Vilnius, February 27, 2013 Disclaimer

The presentation of the terms of Invalda AB split-off Vilnius, February 27, 2013 Disclaimer

The presentation of the terms of Invalda AB split-off Vilnius, February 27, 2013 Disclaimer Disclaimer Disclaimer Disclaimer This presentation has been prepared on the basis of Invalda AB (the Company) split off terms (the Terms) and has

180 views • 17 slides
Forward looking statements This presentation contains forward-looking statements. Forward-looking

Forward looking statements This presentation contains forward-looking statements. Forward-looking

Forward looking statements This presentation contains forward-looking statements. Forward-looking statements often include words such as anticipate&quot;, &quot;expect&quot;, &quot;intend&quot;, &quot;plan&quot;, &quot;believe ,

368 views • 17 slides
31 December 2016 Interim Results Investor Presentation Paul Swinney CEO plc Liz Dixon FD Page

31 December 2016 Interim Results Investor Presentation Paul Swinney CEO plc Liz Dixon FD Page

31 December 2016 Interim Results Investor Presentation Paul Swinney CEO plc Liz Dixon FD Page 1 Financial Highlights Page plc 2 Revenue up 22% to 9.75m (2015: 8.01m) Overseas sales up 45% to 4.2m (2015: 2.9m), representing

227 views • 19 slides
Annual Shareholders Meeting on April il 8, 2014 14 Combined Extraordinary &amp; Ordinary

Annual Shareholders Meeting on April il 8, 2014 14 Combined Extraordinary &amp; Ordinary

Welcome | Bienvenue | Benvenuti | Bienvenido | Willkommen | Welcome | Bienvenue | Benvenuti Annual Shareholders Meeting on April il 8, 2014 14 Combined Extraordinary &amp; Ordinary Shareholders Meeting on April il 5, 2016 16 Bienvenue |

456 views • 27 slides
RECORD SALES AND PROFIT, GROWTH IN ALL REGIONS IN THE FIRST NINE MONTHS 2016 SIKA INVESTOR

RECORD SALES AND PROFIT, GROWTH IN ALL REGIONS IN THE FIRST NINE MONTHS 2016 SIKA INVESTOR

RECORD SALES AND PROFIT, GROWTH IN ALL REGIONS IN THE FIRST NINE MONTHS 2016 SIKA INVESTOR PRESENTATION NOVEMBER 2016 1. HIGHLIGHTS AND RESULTS FIRST NINE MONTHS 2016 RECORD SALES AND PROFIT, GROWTH IN ALL REGIONS IN THE FIRST NINE MONTHS 2016

413 views • 37 slides
Reef Fish Amendment 36B: August 2019 Purpose and Need Program Goals Action 1

Reef Fish Amendment 36B: August 2019 Purpose and Need Program Goals Action 1

Tab B, No. 7(b) Reef Fish Amendment 36B: August 2019 Purpose and Need Program Goals Action 1 Require shareholders to have a commercial reef fish permit (Action 1.1) and establish a process for share divestment for those unable

571 views • 23 slides
THE SPECIALIST WAREHOUSE INVESTOR HALF YEAR RESULTS 5 NOVEMBER 2019 WAREHOUSE REIT PLC

THE SPECIALIST WAREHOUSE INVESTOR HALF YEAR RESULTS 5 NOVEMBER 2019 WAREHOUSE REIT PLC

November 2019 THE SPECIALIST WAREHOUSE INVESTOR HALF YEAR RESULTS 5 NOVEMBER 2019 WAREHOUSE REIT PLC TILSTONE November 2019 AGENDA Externally managed by an experienced team Key Highlights 3 Tilstone Partners Investment Adviser

538 views • 31 slides

More recommend