spa resistant exponentiation based on brun s gcd algorithm
play

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie - PowerPoint PPT Presentation

Aug 14, 2022 •449 likes •1.16k views

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas Plantard Paris Diderot Universit e, University of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF,

  1. SPA resistant Exponentiation based on Brun’s GCD algorithm Val´ erie Berth´ e , Thomas Plantard Paris Diderot Universit´ e, University of Wollongong http://www.uow.edu.au/˜ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 1 / 31

  2. Introduction Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 2 / 31

  3. Introduction Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 3 / 31

  4. Exponentiation Exponentiation RSA: in ( Z / ( N Z )) ∗ , compute g e mod N using Modular Multiplication and Squaring. ECC: on a group, compute kP using 2 P and P + Q . Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 4 / 31

  5. Exponentiation Exponentiation RSA: in ( Z / ( N Z )) ∗ , compute g e mod N using Modular Multiplication and Squaring. ECC: on a group, compute kP using 2 P and P + Q . Generic Algorithm Right To Left Left To Right Radix-R exponentiation Radix-R exponentiation with Odd Coefficient Sliding Window Montgomery Ladder Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 4 / 31

  6. Specific Group For ( Z / N Z ) Multiply Always Square Always Square And Multiply Always: 1 replace by N + 1 Exponentiation using multiplicative half-size splitting Montgomery Ladder with Common Operand Multiplication Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 5 / 31

  7. Specific Group For ( Z / N Z ) Multiply Always Square Always Square And Multiply Always: 1 replace by N + 1 Exponentiation using multiplicative half-size splitting Montgomery Ladder with Common Operand Multiplication For ECC NAF Exponentiation: using − P Addition Chain Exponentiation: No Doubling Double Base: exponent in base 2 a 3 b Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 5 / 31

  8. Specific Case Exponentiation with g constant Radix-R exponentiation: exponent in base R = 2 t NAF Representation Comb Method RNS Digit Exponent: exponent represented in base m 0 m 1 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 6 / 31

  9. Specific Case Exponentiation with g constant Radix-R exponentiation: exponent in base R = 2 t NAF Representation Comb Method RNS Digit Exponent: exponent represented in base m 0 m 1 Exponentiation with e random Addition Chain Double Base Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 6 / 31

  10. In this Work Exponentiation Generic Group SPA Protection g variable e given Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 7 / 31

  11. In this Work Exponentiation Generic Group SPA Protection g variable e given Current Solution Radix-R Memorise g i , i ∈ [1 , R ] Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 7 / 31

  12. Exponentiation: g e with e < 2 k Left To Right Exponentiation a ← 1 for i = k − 1 to 0 do a ← a 2 if e i = 1 then a ← a × g Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 8 / 31

  13. Exponentiation: g e with e < 2 k Left To Right Exponentiation a ← 1 for i = k − 1 to 0 do a ← a 2 if e i = 1 then a ← a × g Right To Left Exponentiation a ← 1 , b ← g for i = 0 to k − 1 do if e i = 1 then a ← a × b b ← b 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 8 / 31

  14. SPA Attack Recognising Operations XXXXXXXXXXXXXXXXXXXXXXXX Modular Squaring (S): a ← a 2 Modular Multiplication (M): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 9 / 31

  15. SPA Attack Recognising Operations XXXXXXXXXXXXXXXXXXXXXXXX Modular Squaring (S): a ← a 2 Modular Multiplication (M): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS Regroup Operations SSMSMSSMSMSSSMSMSMSSSSMS (S)(SM)(SM)(S)(SM)(SM)(S)(S)(SM)(SM)(SM)(S)(S)(S)(SM)(S) Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 9 / 31

  16. SPA Counter Measure Classic Solution: Constant Time Algorithm Goal: Unlink Sequence of Operations to Secret Key Solution: Same Sequence for all secret key Drawback: Average Case=Worst Case Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 10 / 31

  17. SPA Counter Measure Classic Solution: Constant Time Algorithm Goal: Unlink Sequence of Operations to Secret Key Solution: Same Sequence for all secret key Drawback: Average Case=Worst Case A second Solution: Stop parenthesing Phase Goal: Stop Attacker to be able to regroup operations Solution: Use Sequence of Equivalent Operations Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 10 / 31

  18. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  19. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Rewriting Modular Squaring (S) : a ← a 2 Modular Multiplication (SS): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  20. Squaring Always Taylor Formulae � 2 � 2 � A + B � A − B A × B = − 4 4 Rewriting Modular Squaring (S) : a ← a 2 Modular Multiplication (SS): a ← a × g SSMSMSSMSMSSSMSMSMSSSSMS SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS Drawback Cost of two S greater than M Only for ( Z / N Z ) Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 11 / 31

  21. Brun Algorithm Introduction 1 Exponentiation based on Euclid Algorithm 2 Exponentiation based on Brun Algorithm 3 Result/Conclusion/Future Works 4 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 12 / 31

  22. Exponentiation based on Euclid Algorithm Exponentiation k a ← g , b ← g 2 2 k k 2 , v ← e − u 2 v u ← e mod 2 2 , e = u + 2 k 2 while v � = 0 do if u > v then u ← u − v b ← b × a else v ← v − u a ← a × b a ← a u Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 13 / 31

  23. Correctness Invariant a u b v = g e Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  24. Correctness Invariant a u b v = g e Initialisation k 2 ) v ) = g u + v 2 k 2 = g e a u b v = g u ( g 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  25. Correctness Invariant a u b v = g e Initialisation k 2 ) v ) = g u + v 2 k 2 = g e a u b v = g u ( g 2 In the loop a u − v ( ab ) v = a u b v ( ab ) u b v − u = a u b v Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 14 / 31

  26. Example: g 3165 u v a b If u > v ? Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  27. Example: g 3165 u v a b If u > v ? g 1 g 64 29 49 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  28. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  29. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 29 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  30. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  31. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 9 20 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  32. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  33. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 9 11 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  34. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 g 194+129 g 129 9 11 F 9 11 − 9 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

  35. Example: g 3165 u v a b If u > v ? g 1 g 64 g 1+64 g 64 29 49 F 29 49 − 29 g 65 g 64 g 65 g 64+65 29 20 T 29 − 20 20 g 65 g 129 g 65+129 g 129 9 20 F 9 20 − 9 g 194 g 129 g 194+129 g 129 9 11 F 9 11 − 9 g 323 g 129 9 2 Berthe, Plantard (IRIF, UOW) Exponentiation based on Brun Algorithm 2019 15 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre

Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1) , Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2) CCISR, SCIT, University of Wollongong,

708 views • 43 slides
Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and

0 12 1 Numb3rs 11 2 10 3 Modular Exponentiation 9 4 8 5 7 6 Story So Far Quotient and Remainder, GCD, Euclid s algorithm, L(a,b) { au + bv | u,v Z } = { n gcd(a,b) | n Z } Primes, Fundamental Theorem of

272 views • 14 slides
a (mod m ) b is congruent to modulo a m b mod mod a m b m

a (mod m ) b is congruent to modulo a m b mod mod a m b m

Number Theory and its Applications Modular Exponentiation Euclidean Algorithm for GCD Solving Linear Congruences Chinese Remainder Theorem and Application to Arithmetic with large numbers Covered in Sections 3.6 and 3.7 Based

489 views • 19 slides
R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J

R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J

The High Power Targetry R&amp;D Roadmap for High Energy Physics Workshop @Fermilab, USA 31st May, 2017 R&amp;D on graphite based oxidation resistant materials and radiation resistant tungsten J PARC Center, High Energy Accelerator Research

625 views • 23 slides
THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e ,

THE MILLERRABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a , e , and n , the following algorithm quickly computes the reduced power a e % n . ( Initialize ) Set ( x, y, f ) = (1 , a, e ). ( Loop ) While f &gt;

175 views • 5 slides
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe NEGRE ( 1 ) , Thomas PLANTARD ( 2 ) and Jean-Marc ROBERT ( 1 ) 1: Team DALI/LIRMM, University of Perpignan, France 2: CCISR, SCIT, (University of

1.25k views • 69 slides
Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis Christophe Negre ici joined work with T. Plantard (U. of Wollongong, Australia) Journees Nationales GDR IM January 19-th, 2016 1 / 39 Outline Regular

1.15k views • 90 slides
CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with

CS 1501 www.cs.pitt.edu/~nlf4/cs1501/ More Math Exponentiation x y Can easily compute with a simple algorithm: ans = 1 i = y while i &gt; 0: ans = ans * x i-- Runtime? 2 Just like with multiplication, let's consider large

698 views • 22 slides
Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC

Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC

Hierarchy Construction Schemes within the Scale Set Framework Jean-Hugues PRUVOT, Luc BRUN GreyC Laboratory, Image Team CNRS UMR 6072 ENSICAEN 6th IAPR -TC-15 Workshop on Graph-based Representations in Pattern Recognition J.H. PRUVOT, L.BRUN

656 views • 51 slides
ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In

ON ABJM BDS EXPONENTIATION Matias Leoni Universidad de Buenos Aires &amp; CONICET In collaboration with Marco S. Bianchi arXiv:1403.3398 N=4 SYM Exponentiation Consider color ordered MHV 4p amplitude in We define the ratio

415 views • 29 slides
Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of

Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of

Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of Field Multiplier Operands Poulami Das, Debapriya Basu Roy and, Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur 29 / 09 / 2017 Debapriya

1k views • 74 slides
MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight

MA/CSSE 473 Day 06 Euclid's Algorithm MA/CSSE 473 Day 06 Student Questions Odd Pie Fight Modular exponentiation Euclid's algorithm (if there is time) extended Euclid's algorithm 1 Quick look at review topics in textbook REVIEW

314 views • 10 slides
Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1 Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and

215 views • 19 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that

Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that

Quiz I Give the SVD-based algorithm for solving least squares, and I justify the algorithm by that showing it outputs the correct answer. I Under what circumstances would this algorithm be preferred over the QR-based algorithm? The Eigenvector

905 views • 18 slides
Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao Paulo da Silva , Ricardo Dahab, Julio L opez Institute of Computing University of Campinas Latin American Week on Coding and Information

558 views • 32 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER

The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER

The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER The BaseCode Podcast The BaseCode Podcast basecodefieldguide.com/podcast Social wish list and gift reminders Social wish list and gift reminders

1.05k views • 92 slides
Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University

Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University

Political Finance and its Impact on Public Policy and Decision Making ProcessesHow to Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University Professor Center for Congressional and Presidential Studies

621 views • 37 slides
Motivation VM VM VM VM VMM 2 15-02-02 The Storage Performance Analyzer (SPA) Motivation

Motivation VM VM VM VM VMM 2 15-02-02 The Storage Performance Analyzer (SPA) Motivation

Storage Performance Analyzer (SPA) Measuring, Monitoring, and Modeling of I/O Performance in Virtualized Environments Feb 2, 2015 Qais Noorshams, Axel Busch , Samuel Kounev, Ralf Reussner Austin, Texas, USA SOFTWARE DESIGN AND QUALITY GROUP

569 views • 12 slides
LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent

LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent

2/12/16 There are so LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent Send me $9.95 and iden%ty the* and I will tell you what avoid becoming a to watch out for! financial scam vic;m. 1 2/12/16

476 views • 10 slides
SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda

SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda

SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda 1. Intro 2. Coding 3. Summary Intro Intro Broken code #1 Broken code #1 &lt;script&gt; {% if user.is_authenticated %} var USER = {

638 views • 28 slides
Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives

Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives

Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives Bonner 8 Themes Curriculum Do you have adequate professional self-care? 1 4 7 Why Dont You Take Care of Yourself? Caring for myself is

372 views • 14 slides
Wireless Link Capacity under Shadowing and Fading Tigran Tonoyan, Postdoc at

Wireless Link Capacity under Shadowing and Fading Tigran Tonoyan, Postdoc at

Wireless Link Capacity under Shadowing and Fading Tigran Tonoyan, Postdoc at ICE-TCS, School of Computer Science, Reykjavik University (with Magns M. Halldrsson) Spatial

521 views • 8 slides

More recommend