newhope for arm cortex m
play

NewHope for ARM Cortex-M Erdem Alkim 1 , Philipp Jakubeit 2 , Peter - PowerPoint PPT Presentation

Sep 01, 2022 •40 likes •670 views

NewHope for ARM Cortex-M Erdem Alkim 1 , Philipp Jakubeit 2 , Peter Schwabe 2 erdemalkim@gmail.com , phil.jakubeit@gmail.com , peter@cryptojedi.org 1 Ege University, Izmir, Turkey 2 Radboud University, Nijmegen, The Netherlands SPACE 2016 NewHope

  1. NewHope for ARM Cortex-M Erdem Alkim 1 , Philipp Jakubeit 2 , Peter Schwabe 2 erdemalkim@gmail.com , phil.jakubeit@gmail.com , peter@cryptojedi.org 1 Ege University, Izmir, Turkey 2 Radboud University, Nijmegen, The Netherlands SPACE 2016

  2. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  3. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  4. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  5. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  6. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alternatives: ◮ Problems which are not broken by quantum algorithms (yet) Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  7. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alternatives: ◮ Problems which are not broken by quantum algorithms (yet) ◮ Lattice based cryptography ◮ Ring-learning-with-errors problem Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  8. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alternatives: ◮ Problems which are not broken by quantum algorithms (yet) ◮ Lattice based cryptography ◮ Ring-learning-with-errors problem Steps taken: ◮ Tor considering (ECC+RLWE) Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  9. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alternatives: ◮ Problems which are not broken by quantum algorithms (yet) ◮ Lattice based cryptography ◮ Ring-learning-with-errors problem Steps taken: ◮ Tor considering (ECC+RLWE) ◮ Google experimented (ECC+RLWE) Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  10. NewHope Efficient Implementation Post-Quantum Cryptography Shor’s algorithm in 1994: ◮ Factorization problem – polynomial time ◮ Discrete logarithm problem – polynomial time ◮ Quantum computers are in reach: IBM estimates ≈ 15 years Threat: ◮ Record encrypted messages today ◮ Break encryption with quantum computers Alternatives: ◮ Problems which are not broken by quantum algorithms (yet) ◮ Lattice based cryptography ◮ Ring-learning-with-errors problem Steps taken: ◮ Tor considering (ECC+RLWE) ◮ Google experimented (ECC+RLWE) ◮ Slowest 5% increased by 20ms ◮ Slowest 1% increased by 150ms Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 2 / 16

  11. NewHope Efficient Implementation Ring-Learning-With-Errors Problem R q = Z q [ X ] / ( X n + 1), Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 3 / 16

  12. NewHope Efficient Implementation Ring-Learning-With-Errors Problem R q = Z q [ X ] / ( X n + 1), χ – an error distribution on R q Search version: $ Given: ( a i , b i ) for a i ∈ R q and b i = s · a i + e i for e i ← χ Wanted: s Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 3 / 16

  13. NewHope Efficient Implementation Ring-Learning-With-Errors Problem R q = Z q [ X ] / ( X n + 1), χ – an error distribution on R q Search version: $ Given: ( a i , b i ) for a i ∈ R q and b i = s · a i + e i for e i ← χ Wanted: s a 1 ∈ R q , b 1 = s · a 1 + e 1 a 2 ∈ R q , b 2 = s · a 2 + e 2 . . . Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 3 / 16

  14. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  15. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  16. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  17. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  18. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  19. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange 2010 Gaborit: Noisy Diffie-Hellman Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  20. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange 2010 Gaborit: Noisy Diffie-Hellman 2011 Linder, Peikert: (Approximate) Key Agreement Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  21. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange 2010 Gaborit: Noisy Diffie-Hellman 2011 Linder, Peikert: (Approximate) Key Agreement 2012 Ding: Reconciliation-based Key Exchange Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  22. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange 2010 Gaborit: Noisy Diffie-Hellman 2011 Linder, Peikert: (Approximate) Key Agreement 2012 Ding: Reconciliation-based Key Exchange 2014 Peikert: Tweak to obtain unbiased keys Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  23. NewHope Efficient Implementation Post-Quantum Key Exchange Use encryption scheme to send a chosen key 1998 Hoffstein, Pipher, Silverman: NTRU cryptosystem 2005 Regev: LWE 2010 Lyubashevsky, Peikert, Regev: RLWE Lattice based key exchange 2010 Gaborit: Noisy Diffie-Hellman 2011 Linder, Peikert: (Approximate) Key Agreement 2012 Ding: Reconciliation-based Key Exchange 2014 Peikert: Tweak to obtain unbiased keys 2015 Bos, Costello, Naehrig, Stebila: Instantiate, Implement, and integrate into OpenSSL Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 4 / 16

  24. NewHope Efficient Implementation NewHope – The Protocol Parameters: q = 12289 < 2 14 , n = 1024 Error distribution: ψ n 16 Alice (server) Bob (client) ← { 0 , . . . , 255 } 32 $ seed a ← Parse(SHAKE-128( seed )) $ $ ← ψ n ← ψ n s , e s ′ , e ′ , e ′′ 16 16 ( seed , b ) b ← as + e − − − − − − → a ← Parse(SHAKE-128( seed )) 1824 Bytes u ← as ′ + e ′ v ← bs ′ + e ′′ ( u , r ) $ v ′ ← us ← − − − − − − r ← HelpRec( v ) 2048 Bytes ν ← Rec( v ′ , r ) ν ← Rec( v , r ) µ ← SHA3-256( ν ) µ ← SHA3-256( ν ) Alkim, Jakubeit, Schwabe 2016 A new hope on ARM Cortex-M 5 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1)

Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1)

Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1) Prestriate cortex, Extrastriate cortex (Visual association coretx ) Second level association areas in the temporal and parietal lobes

454 views • 24 slides
Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network

Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network

Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network models of the mirror neuron action selection not included system Igor Farka Centre for Cognitive Science DAI FMPI Comenius University

239 views • 4 slides
Agenda Technical updates Project Cortex availability Project Cortex partners

Agenda Technical updates Project Cortex availability Project Cortex partners

Agenda Technical updates Project Cortex availability Project Cortex partners Q&amp;A Joining us today Sean Squires Taxonomy service updates (MMS) Administration End User Developer Tagging &amp; filtering end-user

724 views • 24 slides
Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence

Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence

Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence 1.12 Gross anatomy of the forebrain. (Part 3) Haines, Fund. Neuro., Fig 16 10 Figure A21 The ventricular system of the human brain (Part 1) Box

589 views • 36 slides
Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior

Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior

Exploring the Design of the Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior Product Manager 1 Cortex-A15: Next Generation Leadership Cortex-A class multi-processor 1 TB physical addressing

717 views • 33 slides
Exchange on Low-Cost FPGAs Tobias Oder and Tim Gneysu Ruhr-University Bochum Latincrypt 2017

Exchange on Low-Cost FPGAs Tobias Oder and Tim Gneysu Ruhr-University Bochum Latincrypt 2017

Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs Tobias Oder and Tim Gneysu Ruhr-University Bochum Latincrypt 2017 20.09.2017 Public-Key Crypto and Long-Term Security NewHope on FPGA | Tobias Oder and Tim Gneysu |

562 views • 24 slides
Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3

Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3

Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3 285 millions visually impaired people Retina Visual cortex 3 285 millions visually impaired people Retina Visual cortex

744 views • 63 slides
Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com https://github.com/weaveworks/cortex https://www.youtube.com/watch?v=3Tb4Wc0kfCM Prometheus HA Grafana Cortex: Prometheus as a Service Alertmanager

541 views • 35 slides
ARM A55 Cortex Austin Bae, Harrison Ding 12/5/2018 Introduction Implements the ARM v8.2-A

ARM A55 Cortex Austin Bae, Harrison Ding 12/5/2018 Introduction Implements the ARM v8.2-A

ARM A55 Cortex Austin Bae, Harrison Ding 12/5/2018 Introduction Implements the ARM v8.2-A Instruction Set Successor of ARM Cortex A53 15% improved power efficiency 18% improved performance ARM stands for its 3 different

519 views • 16 slides
ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter

ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter

ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter 9.1 9.2 ARM Cortex-M Users Manual, Chapter 3 1 CPU instruction types Data movement operations (Chapter 5) memory-to-register and

391 views • 13 slides
ARM Cortex-M4 Programming Model Logical and Shift Instructions References: Textbook Chapter 4,

ARM Cortex-M4 Programming Model Logical and Shift Instructions References: Textbook Chapter 4,

ARM Cortex-M4 Programming Model Logical and Shift Instructions References: Textbook Chapter 4, Sections 4.1, 4.2, 4.3, 4.5, 4.6, 4.9 ARM Cortex-M Users Manual, Chapter 3 1 CPU instruction types Data movement operations

312 views • 17 slides
ARM Cortex-M4 Programming Model Flow Control Instructions Textbook: Chapter 4, Section 4.9 (CMP

ARM Cortex-M4 Programming Model Flow Control Instructions Textbook: Chapter 4, Section 4.9 (CMP

ARM Cortex-M4 Programming Model Flow Control Instructions Textbook: Chapter 4, Section 4.9 (CMP , TEQ,TST) Chapter 6 ARM Cortex-M Users Manual, Chapter 3 1 CPU instruction types Data movement operations memory-to-register and

905 views • 23 slides
Modeling Visual Cortex V4 in Naturalistic Conditions with Invariant and Sparse Image

Modeling Visual Cortex V4 in Naturalistic Conditions with Invariant and Sparse Image

Modeling Visual Cortex V4 in Naturalistic Conditions with Invariant and Sparse Image Representations Bin Yu Departments of Statistics and EECS University of California at Berkeley Rutgers University, May 2, 2014 Modeling Visual Cortex V4 in

861 views • 56 slides
ARM Cortex-M4 Programming Model Stacks and Subroutines Textbook: Chapter 8.1 - Subroutine

ARM Cortex-M4 Programming Model Stacks and Subroutines Textbook: Chapter 8.1 - Subroutine

ARM Cortex-M4 Programming Model Stacks and Subroutines Textbook: Chapter 8.1 - Subroutine call/return Chapter 8.2,8.3 Stack operations Chapter 8.4, 8.5 Passing arguments to/from subroutines ARM Cortex-M Users Manual, Chapter 3

875 views • 32 slides
Operating Modes &amp; Interrupt Handling ARM Cortex-M4 User Guide (Interrupts, exceptions, NVIC)

Operating Modes &amp; Interrupt Handling ARM Cortex-M4 User Guide (Interrupts, exceptions, NVIC)

ARM and STM32L4xx Operating Modes &amp; Interrupt Handling ARM Cortex-M4 User Guide (Interrupts, exceptions, NVIC) STM32L4xx Microcontrollers Technical Reference Manual 1 Cortex-M structure Nested Vectored Interrupt Controller 2 CMSIS =

408 views • 38 slides
10 mm Cytoarchitecture and function layer 4: input layer 5: output Motor cortex: expanded layer

10 mm Cytoarchitecture and function layer 4: input layer 5: output Motor cortex: expanded layer

10 mm Cytoarchitecture and function layer 4: input layer 5: output Motor cortex: expanded layer 5, Primary visual cortex: expanded reduced layer 4 layer 4 with three sublayers Korbinian Brodmann ( 1868 - 1918 )

685 views • 46 slides
Explaining Cortical Adaptation with a Statistically Optimized Normalization Mo del Martin

Explaining Cortical Adaptation with a Statistically Optimized Normalization Mo del Martin

Explaining Cortical Adaptation with a Statistically Optimized Normalization Mo del Martin W ain wrigh t Eero Simoncelli Vision Sciences Cen ter for Neural Science Harv ard Univ ersit y Couran t Institute New Y ork

390 views • 15 slides
Cortex-M4 optimizations for { R,M } LWE schemes Erdem Alkm 1,2 Yusuf Alper Bilgin 3,4 Murat Cenk

Cortex-M4 optimizations for { R,M } LWE schemes Erdem Alkm 1,2 Yusuf Alper Bilgin 3,4 Murat Cenk

Cortex-M4 optimizations for { R,M } LWE schemes Erdem Alkm 1,2 Yusuf Alper Bilgin 3,4 Murat Cenk 4 erard 5 Fran cois G 1 Department of Computer Engineering, Ondokuz Mays University, Turkey 2 Fraunhofer SIT, Darmstadt, Germany 3 Aselsan

636 views • 29 slides
Vision: From Eye to Brain (Chap 3, Part II) Lecture 7 Jonathan Pillow Sensation &amp;

Vision: From Eye to Brain (Chap 3, Part II) Lecture 7 Jonathan Pillow Sensation &amp;

Vision: From Eye to Brain (Chap 3, Part II) Lecture 7 Jonathan Pillow Sensation &amp; Perception (PSY 345 / NEU 325) Princeton University, Spring 2019 1 lateral geniculate nucleus (LGN): one on each side of the brain this is where

483 views • 36 slides
Interrupt-Driven Input/Output on the STM32F407 Microcontroller Textbook: Chapter 11 (Interrupts)

Interrupt-Driven Input/Output on the STM32F407 Microcontroller Textbook: Chapter 11 (Interrupts)

Interrupt-Driven Input/Output on the STM32F407 Microcontroller Textbook: Chapter 11 (Interrupts) ARM Cortex-M4 User Guide (Interrupts, exceptions, NVIC) Sections 2.1.4, 2.3 Exceptions and interrupts Section 4.2 Nested Vectored

415 views • 29 slides
Paper number: 136 A deep learning approach to segmentation of the developing cortex in fetal

Paper number: 136 A deep learning approach to segmentation of the developing cortex in fetal

Paper number: 136 A deep learning approach to segmentation of the developing cortex in fetal brain MRI with minimal manual labeling AE Fetit , A Alansary, L Cordero-Grande, J Cupitt, AB Davidson, AD Edwards, JV Hajnal, E Hughes, K Kamnitsas, V

676 views • 11 slides
A common high-dimensional linear model of representational spaces in human cortex Jim Haxby Center

A common high-dimensional linear model of representational spaces in human cortex Jim Haxby Center

A common high-dimensional linear model of representational spaces in human cortex Jim Haxby Center for Cognitive Neuroscience, Dartmouth College Center for Mind/Brain Sciences (CIMeC), University of Trento Supported by NSF CRCNS German-US

542 views • 25 slides
Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David Houngninou Southern Methodist University Table of content 1. Target device: MCBSTM32C 2. References 3. GPIO ports: registers and pins 4. Interfacing

585 views • 31 slides
RA RACE CE A softw A softwar are e fr framew amewor ork k for inter or interope

RA RACE CE A softw A softwar are e fr framew amewor ork k for inter or interope

RA RACE CE A softw A softwar are e fr framew amewor ork k for inter or interope operable, ble, plug-and plug and-play play, , distributed r distributed robotic obotic sys systems tems-of of-sys systems tems Robert Skilton

382 views • 19 slides

More recommend