security on the line modern curve based cryptography
play

Security on the Line: Modern Curve-based Cryptography Joost Renes - PowerPoint PPT Presentation

Sep 16, 2022 •404 likes •1.39k views

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019 Modern curve-based cryptography Modern curve-based cryptography 1 / 11 Modern curve-based cryptography Internet of Things Size & speed

  1. Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

  2. Modern curve-based cryptography “Modern” curve-based cryptography 1 / 11

  3. Modern curve-based cryptography Internet of Things Size & speed ... Genus 2 Kummer varieties “Modern” curve-based cryptography 1 / 11

  4. Modern curve-based cryptography Classical setting (Ben Smith’s talk) Internet of Things Size & speed ... Genus 2 Kummer varieties “Modern” curve-based cryptography 1 / 11

  5. Modern curve-based cryptography Classical setting (Ben Smith’s talk) Internet of Things Size & speed ... Genus 2 Kummer varieties “Modern” curve-based cryptography Isogeny-based cryptography 1 / 11

  6. Elliptic curves in cryptography Discrete-log-based elliptic-curve cryptography [Mil86; Kob87] 2 / 11

  7. Elliptic curves in cryptography Discrete-log-based elliptic-curve cryptography [Mil86; Kob87] Ordinary isogeny-based group actions [Cou06; RS06; DKS18] 2 / 11

  8. Elliptic curves in cryptography Discrete-log-based elliptic-curve cryptography [Mil86; Kob87] Ordinary isogeny-based group actions [Cou06; RS06; DKS18] Supersingular isogeny-based cryptography / F p 2 [CLG09; JF11] 2 / 11

  9. Elliptic curves in cryptography Discrete-log-based elliptic-curve cryptography [Mil86; Kob87] Ordinary isogeny-based group actions [Cou06; RS06; DKS18] Supersingular isogeny-based cryptography / F p 2 [CLG09; JF11] Supersingular isogeny-based group actions / F p [Cas+18] 2 / 11

  10. Elliptic curves & isogenies (1) Fixed: prime p E a , b : y 2 = x 3 + ax + b 3 / 11

  11. Elliptic curves & isogenies (1) Fixed: prime p E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  12. Elliptic curves & isogenies (1) Fixed: prime p  isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .      E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  13. Elliptic curves & isogenies (1) Fixed: prime p  ℓ -isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = ℓ     and deg ( g ) = ℓ − 1 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  14. Elliptic curves & isogenies (1) Fixed: prime p  1-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 1     and deg ( g ) = 0 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  15. Elliptic curves & isogenies (1) Fixed: prime p  2-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 2     and deg ( g ) = 1 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  16. Elliptic curves & isogenies (1) Fixed: prime p  3-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 3     and deg ( g ) = 2 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  17. Elliptic curves & isogenies (1) Fixed: prime p  5-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 5     and deg ( g ) = 4 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  18. Elliptic curves & isogenies (1) Fixed: prime p  7-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 7     and deg ( g ) = 6 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  19. Elliptic curves & isogenies (1) Fixed: prime p  11-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 11     and deg ( g ) = 10 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  20. Elliptic curves & isogenies (1) Fixed: prime p  13-isogeny    x �→ f ( x ) / g ( x ) , y �→ . . .  with deg ( f ) = 13     and deg ( g ) = 12 E c , d : y 2 = x 3 + cx + d E a , b : y 2 = x 3 + ax + b 3 / 11

  21. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) 3 / 11

  22. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 2 3 / 11

  23. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 2 3 / 11

  24. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 2 3 / 11

  25. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 3 3 / 11

  26. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 5 3 / 11

  27. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 7 3 / 11

  28. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 11 3 / 11

  29. Elliptic curves & isogenies (1) Fixed: prime p , End F p ( E a , b ) = O Q ( π ) , ℓ = 13 3 / 11

  30. Elliptic curves & isogenies (2) 2 4 / 11

  31. Elliptic curves & isogenies (2) 2 4 / 11

  32. Elliptic curves & isogenies (2) 2 4 / 11

  33. Elliptic curves & isogenies (2) 2 4 / 11

  34. Elliptic curves & isogenies (2) 2 4 / 11

  35. Elliptic curves & isogenies (2) 3 4 / 11

  36. Elliptic curves & isogenies (2) 3 4 / 11

  37. Elliptic curves & isogenies (2) 3 4 / 11

  38. Elliptic curves & isogenies (2) 3 4 / 11

  39. Elliptic curves & isogenies (2) 3 4 / 11

  40. Elliptic curves & isogenies (2) 5 4 / 11

  41. Elliptic curves & isogenies (2) 7 4 / 11

  42. Isogeny volcanoes 2 3 5 7 11 13 5 / 11

  43. Isogeny-based cryptography (1) 2 6 / 11

  44. Isogeny-based cryptography (1) 2 6 / 11

  45. Isogeny-based cryptography (1) 3 6 / 11

  46. Isogeny-based cryptography (1) 3 6 / 11

  47. Isogeny-based cryptography (1) 5 6 / 11

  48. Isogeny-based cryptography (1) 5 6 / 11

  49. Isogeny-based cryptography (1) 2 3 5 7 11 13 6 / 11

  50. Isogeny-based cryptography (1) 6 / 11

  51. Isogeny-based cryptography (1) # primes: 1 Work (per prime): ≤ t Work (total): ≤ t Entropy: t 6 / 11

  52. Isogeny-based cryptography (1) # primes: 1 Work (per prime): ≤ t Work (total): ≤ t Entropy: t 6 / 11

  53. Isogeny-based cryptography (1) # primes: 1 Work (per prime): ≤ t Work (total): ≤ t Entropy: t 6 / 11

  54. Isogeny-based cryptography (1) # primes: 2 Work (per prime): ≤ t Work (total): ≤ 2 · t t 2 Entropy: 6 / 11

  55. Isogeny-based cryptography (1) # primes: 3 Work (per prime): ≤ t Work (total): ≤ 3 · t t 3 Entropy: 6 / 11

  56. Isogeny-based cryptography (1) # primes: 4 Work (per prime): ≤ t Work (total): ≤ 4 · t t 4 Entropy: 6 / 11

  57. Isogeny-based cryptography (1) # primes: 5 Work (per prime): ≤ t Work (total): ≤ 5 · t t 5 Entropy: 6 / 11

  58. Isogeny-based cryptography (1) # primes: 6 Work (per prime): ≤ t Work (total): ≤ 6 · t t 6 Entropy: 6 / 11

  59. Isogeny-based cryptography (1) # primes: L Work (per prime): ≤ t Work (total): ≤ L · t t L Entropy: 6 / 11

  60. OIDH & CSIDH Two different ways to instantiate; 1. Ordinary isogeny Diffie–Hellman (OIDH) 2. Supersingular isogeny Diffie–Hellman (CSIDH) The idea for OIDH first by Couveignes in ’96 [Cou06] = ⇒ Post-quantum security with very small keys [DKS18] = ⇒ CSIDH almost identical but easier to instantiate [Cas+18] 7 / 11

  61. State of CSIDH ( ∼ NIST level I security) 1. CSIDH key exchange ◮ Non-interactive with 64-byte public keys ◮ ∼ 80 ms for full exchange (not constant-time) 8 / 11

  62. State of CSIDH ( ∼ NIST level I security) 1. CSIDH key exchange ◮ Non-interactive with 64-byte public keys ◮ ∼ 80 ms for full exchange (not constant-time) 2. Constant-time implementations [MCR18] (at ∼ 246 ms) 8 / 11

  63. State of CSIDH ( ∼ NIST level I security) 1. CSIDH key exchange ◮ Non-interactive with 64-byte public keys ◮ ∼ 80 ms for full exchange (not constant-time) 2. Constant-time implementations [MCR18] (at ∼ 246 ms) 3. SeaSign signatures [DG19] large and/or slow 8 / 11

  64. State of CSIDH ( ∼ NIST level I security) 1. CSIDH key exchange ◮ Non-interactive with 64-byte public keys ◮ ∼ 80 ms for full exchange (not constant-time) 2. Constant-time implementations [MCR18] (at ∼ 246 ms) 3. SeaSign signatures [DG19] large and/or slow 4. CSI-FiSh signatures [BKV19] smaller and faster (small p ) 8 / 11

  65. State of CSIDH ( ∼ NIST level I security) 1. CSIDH key exchange ◮ Non-interactive with 64-byte public keys ◮ ∼ 80 ms for full exchange (not constant-time) 2. Constant-time implementations [MCR18] (at ∼ 246 ms) 3. SeaSign signatures [DG19] large and/or slow 4. CSI-FiSh signatures [BKV19] smaller and faster (small p ) 5. Bunch of cryptanalysis [BS18; Ber+19] ◮ Quantum subexponential attacks! 8 / 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 15ws 1 / 72 Outline Cryptography

903 views • 88 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
iLab Modern cryptography for communications security a fast rush Benjamin Hof hof@in.tum.de

iLab Modern cryptography for communications security a fast rush Benjamin Hof hof@in.tum.de

iLab Modern cryptography for communications security a fast rush Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 16ss 1 / 38 Outline

504 views • 46 slides
Fundamental Ellip.c Curve Cryptography Algorithms

Fundamental Ellip.c Curve Cryptography Algorithms

Fundamental Ellip.c Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02 mcgrew@cisco.com kmigoe@nsa.gov Ellip.c Curve Cryptography Alterna.ve to integer-based Key

384 views • 19 slides
All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof

All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof

All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 17ss 1 / 34

705 views • 44 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital signing Public

682 views • 26 slides
+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern Cryptography is based on computational assumptions. [Shannon 1950s] easy OWFs, a central player: f {0,1} n {0,1} n Easy to compute f(x) Hard to find x

686 views • 24 slides
CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

Cryptography is very old and very new Crypto is an ancient discipline Recall Julius Caesar, Enigma,... CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security exciting history Most of it

638 views • 4 slides
Curve-Based Cryptography Nicolas Thriault nicolas.theriault@usach.cl Departamento de

Curve-Based Cryptography Nicolas Thriault nicolas.theriault@usach.cl Departamento de

Curve-Based Cryptography Nicolas Thriault nicolas.theriault@usach.cl Departamento de Matemtica y Ciencia de la Computacin Universidad de Santiago de Chile Discrete Log Problem Computational Diffie-Hellman Problem: Given g 1 , [ a ] g 1 ,

897 views • 51 slides
MAPA Mapping Scorecard Calibration using a Monotone Adjacent Pooling Algorithm Presented at

MAPA Mapping Scorecard Calibration using a Monotone Adjacent Pooling Algorithm Presented at

MAPA Mapping Scorecard Calibration using a Monotone Adjacent Pooling Algorithm Presented at Edinburgh Credit Scoring and Control IX September 7-9, 2005 Raymond Anderson Standard Bank Group Johannesburg, South Africa On What Why Calibrate?

806 views • 14 slides
Revealed Political Power Jinhui Bai and Roger Lagunoff (Georgetown University) (Georgetown

Revealed Political Power Jinhui Bai and Roger Lagunoff (Georgetown University) (Georgetown

Revealed Political Power Jinhui Bai and Roger Lagunoff (Georgetown University) (Georgetown University) November, 2010 Introduction Political equality/egalitarianism is an ingrained governing philosophy in most democracies. Introduction

883 views • 72 slides
Moment distributions of phasetype Mogens Bladt Institute for Applied Mathematics and Systems

Moment distributions of phasetype Mogens Bladt Institute for Applied Mathematics and Systems

Moment distributions of phasetype Mogens Bladt Institute for Applied Mathematics and Systems National Autonomous University of Mexico Sandbjerg, 2/8/2011 Joint work with Bo Friis Nielsen Outline - In this talk we consider moment

601 views • 27 slides
From Statistical Decision Theory to Bell Nonlocality Francesco Buscemi * QECDT, University of

From Statistical Decision Theory to Bell Nonlocality Francesco Buscemi * QECDT, University of

From Statistical Decision Theory to Bell Nonlocality Francesco Buscemi * QECDT, University of Bristol, 26 July 2018 (videoconference) Dept. of Mathematical Informatics, Nagoya University, buscemi@i.nagoya-u.ac.jp Introduction Statistical

696 views • 30 slides
Torsion subgroups of rational elliptic curves over the compositum of all cubic fields Andrew V.

Torsion subgroups of rational elliptic curves over the compositum of all cubic fields Andrew V.

Torsion subgroups of rational elliptic curves over the compositum of all cubic fields Andrew V. Sutherland Massachusetts Institute of Technology October 2, 2015 joint work with Harris B. Daniels, Alvaro Lozano-Robledo, and Filip Najman

379 views • 19 slides
Historical Transitions in Transport Systems iTEAM4 Workshop, IIASA October 30, 2018 Arnulf

Historical Transitions in Transport Systems iTEAM4 Workshop, IIASA October 30, 2018 Arnulf

Historical Transitions in Transport Systems iTEAM4 Workshop, IIASA October 30, 2018 Arnulf Grubler Technological/Infrastructural Transitions: Main Messages End-use innovation driven (people!) Involves Hardware + Software + Orgware

648 views • 34 slides
Classification Classification and Prediction Classification: predict categorical class labels

Classification Classification and Prediction Classification: predict categorical class labels

Classification Classification and Prediction Classification: predict categorical class labels Build a model for a set of classes/concepts Classify loan applications (approve/decline) Prediction: model continuous-valued functions

554 views • 31 slides
for Sustainable Development arnulf gruebler@iiasa.ac.at IIT Bombay, January 22, 2018 101 of

for Sustainable Development arnulf gruebler@iiasa.ac.at IIT Bombay, January 22, 2018 101 of

Technological Innovations for Sustainable Development arnulf gruebler@iiasa.ac.at IIT Bombay, January 22, 2018 101 of Technological Change Technological change is a process involving multiple steps and feedbacks Uncertainty pervasive at

387 views • 19 slides

More recommend