towards one cycle per bit asymmetric encryption code
play

Towards One Cycle per Bit Asymmetric Encryption: Code-Based - PowerPoint PPT Presentation

Apr 08, 2023 •362 likes •590 views

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Gneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim

  1. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu CHES 2012 – Leuven, Belgium 11.09.2012 Ruhr-University Bochum | Embedded Security 1

  2. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 2

  3. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Introduction  We need alternatives to classical schemes for larger diversification and to resist (possible?) quantum computer attacks  Nearly all alternative PKCS are hindered by large keys  Already shown that they can be fast  How fast can we get?  Is McEliece or Niederreiter faster (in standard scenario)? Ruhr-University Bochum | Embedded Security 3

  4. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 4

  5. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Goppa Codes  Subgroup of error correcting code  Belongs to the huge family of alternant codes  Can be described by Goppa polynomial g(z) of degree s and a list of field elements called support L . Ruhr-University Bochum | Embedded Security 5

  6. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Parity check matrix of Goppa Codes  By evaluation g(z) in the elements of the support L we can construct the parity check matrix H as Ruhr-University Bochum | Embedded Security 6

  7. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Generator matrix of Goppa Codes  Bringing H to systematic form H=(Q|ID) (by Gauss) we can derive the generator matrix G as G=(ID|-Q T )  G*H T = 0  m*G=c is code word of the goppa code  m*G+e = c+e is code word with errors ( up to t errors can be corrected)  For binary Goppa codes t=s=degree of g(z), else t=floor(s/2)  c*H T =syn(z) called syndrome , because it only depends on the error e  If syn(z) ≠ 0 decoding algorithm (Patterson,Berlekamp-Massey,...) gives you corrected codeword and the error. Ruhr-University Bochum | Embedded Security 7

  8. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 8

  9. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter I  Classical McEliece  Modern McEliece • Public key G’=S*G*P • Public key G’ in systematic form • Secret key (corresponding parity check matrix H defined • Secret key (corresponding by Goppa polynomial g(z) and parity check matrix H defined support L ) by Goppa polynomial g(z) and DO NOT USE MCELIECE THIS WAY. permuted support P*L ) • Encryption • Encryption YOU NEED a CCA2 SECURE CONVERSION! • c=m*G’+e • c=m*G’+e • Decryption • Decryption • c’=c*P -1 • Decode directly c to m • Decode c’ to m’ • S can be omitted • m=m’*S -1 • P merged into decoding algorithm Ruhr-University Bochum | Embedded Security 9

  10. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter II  Classical Niederreiter  Modern Niederreiter • Public key H’=M*H*P • Public key H’=M*H in systematic form • Secret key (Goppa polynomial g(z) and support L ) • Secret key (Goppa polynomial g(z) and permuted support L ) • Encryption • Encryption • Convert m into e YOU CAN USE NIEDERREITER LIKE THIS. • Convert m into e • c=H’*e • c=H’*e • Decryption • Decryption • c’=M -1 *c • c’=M -1 *c • Decode c’ to e’ • Decode c’ directly to e • e=P -1 *e’ • Convert e to m • Convert e to m Ruhr-University Bochum | Embedded Security 10

  11. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Security parameters Public key is a (n-k)*k bit matrix (only non-identity part) Ruhr-University Bochum | Embedded Security 11

  12. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu McEliece vs. Niederreiter: existing work  McEliece (using binary Goppa codes) • PC (HyMES ‘08) : 140 cycles/bit enc 2714 cycles/bit dec • µ C (CHES’09) : 7200 cycles/bit enc 11300 cycles/bit dec • FPGA (ASAP’09) : 160 cycles/bit enc 446 cycles/bit dec  Niederreiter • PC : (there is one-> seg fault) • µ C (PQCrypto‘11 ) : 267 cycles/bit enc 30000 cycles/bit dec • FPGA : (only for signature scheme: 0.86s/sig) Ruhr-University Bochum | Embedded Security 12

  13. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 13

  14. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Niederreiter encryption  c=H’*e is just a XOR of t=27 out of 2048 rows of H’  Hard part is “computational expensive” mapping of m to e  Error e is so called constant weight word of length n=2048 and hamming weight t=27 Ruhr-University Bochum | Embedded Security 14

  15. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Hardware architecture for encryption Ruhr-University Bochum | Embedded Security 15

  16. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Niederreiter decryption  Far more complex than encryption  Multiplication with M -1 also just binary XOR of ~(n-k)/2 rows  Uses Patterson algorithm for Goppa decoding  Involved root searching is done with parallel Chien search in 3*2 m clock cycles Ruhr-University Bochum | Embedded Security 16

  17. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Hardware architecture for decryption Ruhr-University Bochum | Embedded Security 17

  18. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Outline  Introduction  Background in code based crypto  McEliece vs. Niederreiter  Our implementation  Results and conclusion Ruhr-University Bochum | Embedded Security 18

  19. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Results Ruhr-University Bochum | Embedded Security 19

  20. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Results  Encryption of 192 bits in ~200 clock cycles means ~1 cycle/bit  800 times faster than McEliece  4000 times faster than ECC  Forget RSA  Typical scenario would require a 774 GByte/sec interface for public keys  Decryption in 14,500 clock cycles means ~75 cycles/bit  140 times faster than McEliece  30 times faster than ECC Ruhr-University Bochum | Embedded Security 20

  21. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Future work  General alternant decoding (smaller and faster, despite we a working with twice as large polynomials?)  Quasi dyadic (Goppa/Srivastava) codes in hardware  Non typical scenario of encryption huge amounts of data with PKS (Niederreiter vs. McEliece) Ruhr-University Bochum | Embedded Security 21

  22. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Güneysu CHES 2012 – Leuven, Belgium 11.09.2012 Thank ¡you ¡for ¡your ¡a,en.on! ¡ Any ¡Ques.ons? ¡ Ruhr-University Bochum | Embedded Security 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1 Setting: End-to-end encrypted messaging Hello From: Alice To: Bob

1k views • 75 slides
Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

I5020 Computer Security Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

740 views • 53 slides
The Internet: Encryption & Public Keys (6:39, start at 2:12)

The Internet: Encryption & Public Keys (6:39, start at 2:12)

Encryption Sit in teams of 4 students from your lab. At least one person on your team needs to set up an account on code.org http://code.org Click "Sign in" to create your own account and join our class using the code KLCXNY Review the

221 views • 6 slides
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall Symmetric Cryptography Before

1.93k views • 145 slides
Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption Algorithms Symmetric Algorithms: DES and AES Asymmetric Algorithm: RSA Pretty Good Privacy (PGP) Chapter 5 Symmetric vs. Asymmetric

363 views • 8 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. Mihir Bellare UCSD 2

917 views • 59 slides
Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha) Boldyreva S R Public-key encryption 1 2 Public-key (asymmetric) setting Asymmetric encryption schemes A scheme AE is specified a key generation

280 views • 4 slides
Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A

Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A

Recommended Book ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. Mihir Bellare UCSD 1 Mihir Bellare UCSD 2

363 views • 24 slides
Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers

Cycle counts for authenticated encryption D. J. Bernstein http://cr.yp.to /streamciphers /timings.html Standard construction: encrypt with stream cipher; authenticate the ciphertext by appending encrypted hash. How to hash the ciphertext?

323 views • 4 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9

A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9

A 1.1V, 667MHz Random Cycle, , y , Asymmetric 2T Gain Cell Embedded DRAM with a 99 9 Percentile Retention DRAM with a 99.9 Percentile Retention Time of 110sec Ki Chul Chun Pulkit Jain Ki Chul Chun, Pulkit Jain, Tae-Ho Kim, and Chris H.

244 views • 21 slides
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Bck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE, ECDHE 2. Symmetric encryption 2

956 views • 28 slides
Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012

Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012

Understanding and Implementing Encryption Backdoors By Derek Kern CSC7002 March 31, 2012 Contents The Setup History: The Zimmerman Telegram The Conceit Where to conceal the backdoor Asymmetric vs. Symmetric RSA

711 views • 46 slides
Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke Falko Strenzke Cryptography and Computeralgebra, Department of Computer Science, Technische Universit at Darmstadt, Germany,

1.73k views • 160 slides
Cryptosystems That Resist Quantum Fourier Sampling Attacks Hang Dinh Indiana University South

Cryptosystems That Resist Quantum Fourier Sampling Attacks Hang Dinh Indiana University South

McEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks Hang Dinh Indiana University South Bend joint work with Cristopher Moore Alexander Russell University of New Mexico University of Connecticut Post-quantum

401 views • 18 slides
Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Mathematical Methods for Cryptography 2017, Svolvaer, Lofoten, Norway 1 / 41 Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1 Department of ECE, INMC, Seoul National University, Seoul, Korea 2 Chosun

565 views • 41 slides
A distinguisher for high-rate McEliece Cryptosystems J.C. Faug` ere (INRIA, SALSA project),

A distinguisher for high-rate McEliece Cryptosystems J.C. Faug` ere (INRIA, SALSA project),

A distinguisher for high-rate McEliece Cryptosystems J.C. Faug` ere (INRIA, SALSA project), Val erie Gauthier (Math. dep. Tech. Univ. of Denmark), A. Otmani (Universit e Caen- INRIA, SECRET project), L. Perret (INRIA, SALSA project),

734 views • 35 slides
Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR,

Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR,

Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR, Universit de Rennes 1 Journes Nationales de Calcul Formel 2020 03/03/2020 Outline 1. McEliece cryptosystem and variants 2. Attack on the ReedSolomon

782 views • 52 slides
On the security of Some Compact Keys for McEliece Scheme lise Barelli INRIA Saclay and LIX,

On the security of Some Compact Keys for McEliece Scheme lise Barelli INRIA Saclay and LIX,

On the security of Some Compact Keys for McEliece Scheme lise Barelli INRIA Saclay and LIX, CNRS UMR 7161 cole Polytechnique, 91120 Palaiseau Cedex June 16, 2017 E. Barelli (INRIA Saclay and LIX) Security of Compact McEliece Scheme June

1.01k views • 61 slides
Decoding challenge Assessing the practical hardness of syndrome decoding for code-based

Decoding challenge Assessing the practical hardness of syndrome decoding for code-based

Decoding challenge Assessing the practical hardness of syndrome decoding for code-based cryptography Matthieu Lequesne Sorbonne Universit Inria Paris, team Cosmiq February 27, 2020 All you ever wanted to know about code-based crypto

1.53k views • 132 slides
Efficient Algorithm for the Linear Complexity of Sequences and Some Related Consequences Johan

Efficient Algorithm for the Linear Complexity of Sequences and Some Related Consequences Johan

Introduction A General Method for Binary Sequence Implementation Efficient Algorithm for the Linear Complexity of Sequences and Some Related Consequences Johan Chrisnata ISIT 2020 Joint work with: Yeow Meng Chee Tuvi Etzion Han Mao Kiah

786 views • 64 slides

More recommend