motivation
play

Motivation Status quo Providing efficient PKC in embedded systems - PowerPoint PPT Presentation

Jul 19, 2023 •232 likes •493 views

Faster Hash-based Signatures with Bounded Leakage SAC 2013, Burnaby, Canada Thomas Eisenbarth 1 , Ingo von Maurich 2 and Xin Ye 1 1 Worcester Polytechnic Institute, Worcester, MA, USA 2 Horst Grtz Institute for IT-Security, Ruhr University

  1. Faster Hash-based Signatures with Bounded Leakage SAC 2013, Burnaby, Canada Thomas Eisenbarth 1 , Ingo von Maurich 2 and Xin Ye 1 1 Worcester Polytechnic Institute, Worcester, MA, USA 2 Horst Görtz Institute for IT-Security, Ruhr University Bochum, Germany August 15, 2013

  2. Motivation Status quo  Providing efficient PKC in embedded systems is challenging  Side-channel attacks are a serious threat, protection is costly  RSA, ECC, (EC-)DSA, …, breakable by quantum computers → Need for an efficient, post -quantum signature scheme with limited side-channel leakage Idea  Leakage-resilient schemes aim for inherent SCA resistance  Candidate: Merkle signature scheme (MSS) with Winternitz one- time signatures (W-OTS) • Efficient in embedded systems [RED + 08, HBB12] • Possible choice for a time-limited signature scheme • No efficient attacks on quantum computers (with right parameters) SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 2

  3. Overview Motivation Background Optimized Authentication Path Computation Implementation and Leakage Analysis Conclusions SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 3

  4. Overview Motivation Background Optimized Authentication Path Computation Implementation and Leakage Analysis Conclusions SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 4

  5. Hash-based Signatures: Principle one time public key “ y ”, “ x ”  transfer the money ? y = f ( x ) Key Setup 1. Select random x 2. Calculate: y = f ( x ) How much information is signed? Choice: disclose x ? SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 5

  6. One-time Signature Scheme one time public key “ y 1 , y 2 , …, y n ”, ,“ x 1 , x 4 ”  signature of “1 , 0“ Key Setup y 1 ? = f ( x 1 ) 1. Select random x 1 , x 2 , …, x n y 2 2. Calculate: y i = f ( x i ) y 3 ? = f ( x 4 ) 0 = 1 y 4 , x 3 , x 4 = x 1 , x 2 SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 6

  7. Winternitz One-Time Signatures  Uses hash chains to sign chunks of bits at once  Reduces signature length (main drawback of Hash-based OTS) Feature?  Can only be used once  leaks information only once Practicalities  Secret signing key X is generated using PRNG  Generation of public verification key Y requires generation of X and all hash chains  Leakage: Each generation of Y causes one full leakage of X SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 7

  8. Background on Hash-based Signatures SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 8

  9. Background on Hash-based Signatures SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 9

  10. Background on Hash-based Signatures MSS Signature Verification  Given digest and signature  Verify underlying one-time signature  Reconstruct root of the Merkle tree  Current (hashed) verification key  Authentication nodes  Reconstructed nodes SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 10

  11. Practical MSS Leakage Resilient MSS  Simply generating and storing all OTS keys independently will yield a leakage resilient signature scheme  All computations in Merkle tree are public  No Leakage  Memory consumption is too high, so: Practical MSS  Uses PRNG to generate OTS keys  Allows for just-in-time generation of OTS verification keys for authentication path  Several optimized algorithms for efficient authentication path generation have been proposed SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 11

  12. Authentication Path Computation Currently best solution: BDS algorithm [BDS09]  Left authentication nodes are easy to compute: either leaf or both child nodes are part of previous authentication paths → store and reuse  Right authentication nodes computed from scratch  Two ways to determine right authentication nodes • Nodes close to the top are most expensive to compute → store them • Use instances of the Treehash algorithm [Mer89, Szy04] to compute lower right nodes — one instance per tree level SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 12

  13. Drawbacks of the BDS Algorithm Unbalanced leaf computations  Some leaves are generated various times, others are barely touched  Each computation means additional leakage! SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 13

  14. Overview Motivation Background Optimized Authentication Path Computation Implementation and Leakage Analysis Conclusions SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 14

  15. Optimized Authentication Path Computation SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 15

  16. Comparison Average : Before Average : Now Leakage is halved SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 16

  17. Overview Motivation Background Optimized Authentication Path Computation Implementation and Leakage Analysis Conclusions SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 17

  18. Implementation Choices SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 18

  19. Side Channel Analysis of XMEGA-AES  AVR XMEGA has unprotected AES co-processor DPA results  [Kiz09] suggests approx. 2500 traces for key recovery  No strong leakage at S box output  Instead HD of 2 inputs (ghost peaks)  Our results match [Kiz09]  Our correlation is slightly higher: .27 instead of .18 @10k traces This implies slightly better measurement setup 300 traces suffice SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 19

  20. Quantifying Single Measurements Template Attack  Univariate templates  Built from 10k traces  Point selection via DPA PRNG Leakage Quantification  10 leakages on 2 different inputs  5000 experiments  Guessing Entropy (av. key rank) 85.06 or 6.41 bit  Less than one bit per byte SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 20

  21. Implementation Results SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 21

  22. Conclusions  Algorithmic improvement for auth. path computation in MSS  Balanced leaf computations  Reduced side-channel leakage  Efficient implementations on two common platforms  Practically verified the theoretic performance gains and bounded leakage on an embedded device SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 22

  23. Faster Hash-based Signatures with Bounded Leakage SAC 2013, Burnaby, Canada Thomas Eisenbarth 1 , Ingo von Maurich 2 and Xin Ye 1 1 Worcester Polytechnic Institute, Worcester, MA, USA 2 Horst Görtz Institute for IT-Security, Ruhr University Bochum, Germany August 15, 2013 Thank you! Questions?

  24. References [BDS09] J. Buchmann, E. Dahmen, and M. Szydlo. Hash -based Digital Signature Schemes. In D. J. Bernstein, J. Buchmann, and E. Dahmen, editors, Post-Quantum Cryptography , pages 35 – 93. Springer Berlin Heidelberg, 2009. [HBB12] A. Hülsing, C. Busold, and J. Buchmann. Forward Secure Signatures on Smart Cards. In L. R. Knudsen and H. Wu, editors, Selected Areas in Cryptography , volume 7707 of Lecture Notes in Computer Science , pages 66 – 80. Springer, 2012. [Kiz09] I. Kizhvatov. Side Channel Analysis of AVR XMEGA Crypto Engine. In Proceedings of the 4th Workshop on Embedded Systems Security, WESS ’09, pages 8:1– 8:7, New York, NY, USA, 2009. ACM. [LM11] J. Lee and M. Stam. MJH: A Faster Alternative to MDC - 2. In A. Kiayias, editor, Topics in Cryptology CT-RSA 2011 , volume 6558 of Lecture Notes in Computer Science , pages 213– 236. Springer Berlin / Heidelberg, 2011. [MMO85] S. M. Matyas, C. H. Meyer, and J. Oseas. Generating strong one -way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin , 27(10A):5658 – 5659, 1985. SAC 2013 | Faster Hash-based Signatures with Bounded Leakage | Thomas Eisenbarth, Ingo von Maurich, Xin Ye 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

5. Motivation Motivation: Big Questions Where does motivation come from? Can

5. Motivation Motivation: Big Questions Where does motivation come from? Can

5. Motivation Motivation: Big Questions Where does motivation come from? Can motivation be created or increased? What motivates school- age children? 5.1 Behavioral Theory 5.2 Human Needs Theory 5.3 Attribution Theory

831 views • 45 slides
with Polynomial Filters Josiah Manson and Scott Schaefer Texas A&M University Motivation

with Polynomial Filters Josiah Manson and Scott Schaefer Texas A&M University Motivation

Analytic Rasterization of Curves with Polynomial Filters Josiah Manson and Scott Schaefer Texas A&M University Motivation Motivation Motivation Motivation Motivation Motivation Motivation Constant colors Color gradients Motivation

976 views • 70 slides
Sketch Model Review MotoThresher Empowering Tanzanian Farmers Motivation Motivation

Sketch Model Review MotoThresher Empowering Tanzanian Farmers Motivation Motivation

Sketch Model Review MotoThresher Empowering Tanzanian Farmers Motivation Motivation Motivation Motivation Motivation Motivation Motivation + thresher $3000 price [$] MotoThresher $115 50 100 300 throughput [kg/hr] Motivation Can

372 views • 22 slides
Bringing Portraits to Life CS448V: Lecture 13 Motivation Motivation Motivation Bring Your

Bringing Portraits to Life CS448V: Lecture 13 Motivation Motivation Motivation Bring Your

Bringing Portraits to Life CS448V: Lecture 13 Motivation Motivation Motivation Bring Your Profile to Life Facebook (2015) Motivation Breathing Profile Motivation Reactive Profile Approach Target Image ( ! ) Output Video ( , = {! ' , !

1.41k views • 53 slides
Motivation What is Motivation? How motivated are you now? What are your thoughts as you enter

Motivation What is Motivation? How motivated are you now? What are your thoughts as you enter

Motivation What is Motivation? How motivated are you now? What are your thoughts as you enter the Bank daily? Motivation It is the driving force for you to achieve your goal! It is an inner drive to act or behave in a certain manner.

686 views • 16 slides
All are participants of road traffic (also elderly), especially in city All are participants of

All are participants of road traffic (also elderly), especially in city All are participants of

Motivation: Motivation: Motivation: Motivation: Average age of the population in developed countries increase. Statistical analysis - today in USA people over 60 represent 19 % of population, in Europe 23 % in Slovenia 21.6 % of

368 views • 15 slides
Video Analytics Xavier Gir-i-Nieto Motivation 2 Motivation 3 Motivation 4 Outline 1.

Video Analytics Xavier Gir-i-Nieto Motivation 2 Motivation 3 Motivation 4 Outline 1.

Day 4 Lecture 4 Video Analytics Xavier Gir-i-Nieto Motivation 2 Motivation 3 Motivation 4 Outline 1. Scene Classification 2. Object Detection & Tracking 5 Scene Classification (Slides by Victor Campos) Karpathy, A., Toderici, G.,

966 views • 53 slides
Indoor Places Lukas Kuster Motivation GPS for localization [7] 2 Motivation Indoor

Indoor Places Lukas Kuster Motivation GPS for localization [7] 2 Motivation Indoor

Semantic Localization of Indoor Places Lukas Kuster Motivation GPS for localization [7] 2 Motivation Indoor navigation [8] 3 Motivation Crowd sensing [9] 4 Motivation Targeted Advertisement [10] 5 Motivation

870 views • 66 slides
MOTIVATION How to Find it and How to Keep it IN THE BEGINNING MOTIVATION IS THE PROCESS THAT

MOTIVATION How to Find it and How to Keep it IN THE BEGINNING MOTIVATION IS THE PROCESS THAT

OLIVIA WARD MOTIVATION How to Find it and How to Keep it IN THE BEGINNING MOTIVATION IS THE PROCESS THAT INITIATES, GUIDES, AND MAINTAINS GOAL-ORIENTED BEHAVIORS. IT IS WHAT CAUSES YOU TO ACTMOTIVATION INVOLVES THE BIOLOGICAL,

273 views • 14 slides
MOTIVATION MOTIVATION Dr. M. Thenmozhi Professor Department of Management Studies Indian

MOTIVATION MOTIVATION Dr. M. Thenmozhi Professor Department of Management Studies Indian

MOTIVATION MOTIVATION Dr. M. Thenmozhi Professor Department of Management Studies Indian Institute of Technology Madras Chennai 600 036 E-mail: mtm@iitm.ac.in MOTIVATION MOTIVATION Each person think and act like owners Each person think

362 views • 12 slides
Undergraduates and Public Service Motivation Student Motivation Literature Student

Undergraduates and Public Service Motivation Student Motivation Literature Student

Undergraduates and Public Service Motivation Student Motivation Literature Student Attributes Existing Motivation (Katt and Condly 2009) Extrinsic Rewards (Davis et al. 2006) Teacher Behaviors Immediacy (Edwards et al. 2008;

262 views • 5 slides
CT Analysis GROUP : PA4 Motivation The motivation of this project is to help the doctor to

CT Analysis GROUP : PA4 Motivation The motivation of this project is to help the doctor to

User Interface for Brain CT Analysis GROUP : PA4 Motivation The motivation of this project is to help the doctor to diagnose the disease more easily. Purpose To write Matlab programs to create the GUI for creating the 3D model of a

284 views • 10 slides
Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is everywhere Perfect Symmetry [Blum 64, 67] [Wolter 85] [Minovic 97] [Martinet 05] 3 Motivation Symmetry is everywhere Local Symmetry

741 views • 45 slides
MOTIVATION Watch this video on intrinsic versus extrinsic motivation Value x Expectation (of

MOTIVATION Watch this video on intrinsic versus extrinsic motivation Value x Expectation (of

MOTIVATION Watch this video on intrinsic versus extrinsic motivation Value x Expectation (of success) = Motivation What Values (Extrinsic or Intrinsic outcomes or experiences) do you rely on? Take 5 minutes to make a list of what motivates

303 views • 4 slides
7.2 Ray Tracing Hao Li http://cs420.hao-li.com 1 Motivation: Reflections 2 Motivation: Depth

7.2 Ray Tracing Hao Li http://cs420.hao-li.com 1 Motivation: Reflections 2 Motivation: Depth

Fall 2018 CSCI 420: Computer Graphics 7.2 Ray Tracing Hao Li http://cs420.hao-li.com 1 Motivation: Reflections 2 Motivation: Depth of Field 3 Local Illumination Object illuminations are independent No light scattering between objects

557 views • 34 slides
Intrinsic Motivation Ho How to to G Get et You our r Kid ids s Mo Moti tivate ted d

Intrinsic Motivation Ho How to to G Get et You our r Kid ids s Mo Moti tivate ted d

Intrinsic Motivation Ho How to to G Get et You our r Kid ids s Mo Moti tivate ted d WITHOUT THOUT Sta tars rs and Sti tick cker ers What is Intrinsic Motivation? Intrinsic motivation refers to behavior that is driven by internal

704 views • 12 slides
Congruences and the Thue-Morse sequence Emeric Deutsch Department of Mathematics Polytechnic

Congruences and the Thue-Morse sequence Emeric Deutsch Department of Mathematics Polytechnic

Congruences and the Thue-Morse sequence Emeric Deutsch Department of Mathematics Polytechnic University Brooklyn, NY 11201, USA deutsch@duke.poly.edu Bruce E. Sagan Department of Mathematics Michigan State University East Lansing, MI

359 views • 8 slides
Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS 2020 November 5, 2020 Ronald Tse, Ribose Jointly prepared by Daniel Wyatt, Nickolay Olshevsky, Jeffrey Lau Mozilla Thunderbirds OpenPGP email is

392 views • 14 slides
Landscape and Jurisdictional Initiatives Private Sector Engagement Webinar Date: 17 November,

Landscape and Jurisdictional Initiatives Private Sector Engagement Webinar Date: 17 November,

Landscape and Jurisdictional Initiatives Private Sector Engagement Webinar Date: 17 November, 2020 Private Sector Engagement in Landscape & Jurisdictional Initiatives: Why and where should companies engage? Time (mins) Scope 00-05 mins

475 views • 35 slides
Connecticut Paint Stewardship Program Connecticut Coalition for Sustainable Materials Management

Connecticut Paint Stewardship Program Connecticut Coalition for Sustainable Materials Management

Connecticut Paint Stewardship Program Connecticut Coalition for Sustainable Materials Management October 22, 2020 PaintCare Inc. Non-profit 501(c)(3) organization Established in 2009 Subsidiary of the American Coatings Association

325 views • 7 slides
Learning Dynamic Manipulation Skills under Unknown Dynamics with Guided Policy Search Sergey

Learning Dynamic Manipulation Skills under Unknown Dynamics with Guided Policy Search Sergey

Learning Dynamic Manipulation Skills under Unknown Dynamics with Guided Policy Search Sergey Levine Pieter Abbeel UC Berkeley UC Berkeley Team TROOPER: Lockheed Martin, University of Pennsylvania, Philipp Krahenbuhl, Stanford University

205 views • 18 slides
LOG-STRUCTURED MERGE-TRIE PART 1 Xingbo Wu and Yuehai Xu, Wayne State University; Zili Shao, The

LOG-STRUCTURED MERGE-TRIE PART 1 Xingbo Wu and Yuehai Xu, Wayne State University; Zili Shao, The

LOG-STRUCTURED MERGE-TRIE PART 1 Xingbo Wu and Yuehai Xu, Wayne State University; Zili Shao, The Hong Kong Polytechnic University; Song Jiang, Wayne State University Presented by: Joel Friberg LSM-Trie Overview 32MB Htable KV-item

264 views • 10 slides
Some thoughts on publishing in AOS Galway March 2019 Caveat: I was editor-in-chief, I am an

Some thoughts on publishing in AOS Galway March 2019 Caveat: I was editor-in-chief, I am an

Prof. Chris Chapman Some thoughts on publishing in AOS Galway March 2019 Caveat: I was editor-in-chief, I am an editor, but I 2 make these comments based on personal experience not as a statement of journal policy Some pieces I have

265 views • 7 slides
Computable Real Functions Parameterized Uniform Parameterized Uniform From NP -hard to polytime

Computable Real Functions Parameterized Uniform Parameterized Uniform From NP -hard to polytime

Computable Real Functions Parameterized Uniform Parameterized Uniform From NP -hard to polytime from smooth to analytic Akitoshi Akitoshi Complexity in Numerics: Complexity in Numerics: Kawamura, , Kawamura A computable A computable f

597 views • 4 slides

More recommend