tweaking code based cryptography for embedded systems
play

Tweaking Code-Based Cryptography for Embedded Systems DIMACS - PowerPoint PPT Presentation

Feb 05, 2023 •200 likes •920 views

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Gneysu, Ingo von Maurich 1/12/2015 Horst Grtz Institute for IT-Security, Ruhr-Universitt Bochum, Germany Motivation

  1. Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Güneysu, Ingo von Maurich 1/12/2015 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany

  2. Motivation  High demand for security in the Internet of Things (IoT)  Requirements • Highly embedded/cost-sensitive • Long life-time/security • Diversity of target platforms • Simple physical accessibility  Consequences • Quantum-computer resistant cryptography • Implementations for a wide range of cheap embedded devices Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 2

  3. Motivation  Cryptography in the era of quantum computing • Symmetric: Security level for key lengths is halved (Grover) … not good but we can fix it. • Asymmetric: Polytime attacks on RSA and Elliptic Curve exist (Shor) … so it’s essential to have alternatives ready!  Task : Deploy new asymmetric schemes that are • resistant to attacks from quantum computing • as efficient as RSA and ECC on our today’s and future computing platforms • available with many implementations  Code-based Crypto on Embedded Platforms Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 3

  4. Overview Motivation Background Efficient Decoding Techniques Implementing QC-MDPC McEliece Side-Channel Attacks Countermeasures Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 4

  5. Cryptography on Embedded Devices Common computing platforms of embedded devices  Microcontrollers (µC) • Small 8/16/32- bit CPU, small RAM (≈ 512B -256KB), a bit more Flash ( ≈ 4KB-1MB)  Reconfigurable Hardware (FPGA) • LUT-based logic functions, flip-flops, some 18/36 kBit block memories and DSP units  Application-Specific Integrated Circuits (ASIC) • Dedicated hardware design of an individual application Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 5

  6. Cryptography on Embedded Devices Microcontroller Architecture FPGA Architecture AVR & ARM M4 architectures Altera/Xilinx FPGA Flexible routing paths Dedicated multiplier or DSP block A slice contains • 2-4 Look-Up Tables (LUT) as logic function generators • 2-8 flip flops for data storage Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 6

  7. Cryptography with Linear Codes? • Error-Correcting Codes are well-known in a large variety of applications • Detection/Correction of errors in noisy channels by adding redundancy • Observation : Some problems in code-based theory are NP-complete  Possible Foundation of Code-Based Cryptosystems (CBC) Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 9

  8. Linear Codes and Cryptography • Generator and parity check matrices for encoding and decoding • Matrices in systematic form minimize time and storage Matrix size of G: k x n • Rows of G form a basis for the code C[n [n, , k, , d] of length n n with dimension k k and minimum distance d Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 10

  9. Linear Codes and Cryptography • Parity check matrix H is a (n- k) ∙ k matrix orthogonal to G • Defines the dual C of the code C via scalar product • A codeword c ∈ C if and only if Hc = 0 • The term s = Hc ’ = Hc + He is the syndrome of the error Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 11

  10. McEliece Encryption Scheme [1978] Key Generation Given a [𝑜, 𝑙] -code 𝐷 with generator matrix 𝐻 and error correcting capability 𝑢 Private Key: (𝑇, 𝐻, 𝑄) , where 𝑇 is a scrambling and 𝑄 is a permutation matrix Public Key: 𝐻′ = 𝑇 · 𝐻 · 𝑄 Encryption 𝑙 , error vector e ∈ 𝑆 𝔾 2 𝑜 , wt e ≤ 𝑢 Message 𝑛 ∈ 𝔾 2 x ← 𝑛𝐻′ + e Decryption Let Ψ 𝐼 be a 𝑢 -error-correcting decoding algorithm. 𝑛 · 𝑇 ← Ψ 𝐼 𝑦 · 𝑄 −1 , removes the error e · 𝑄 −1 Extract 𝑛 by computing 𝑛 · 𝑇 · 𝑇 −1 Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 12

  11. Security Parameters (Goppa Codes)  Original proposal : McEliece with binary Goppa codes  Code properties determine key size, matrices are often large  Code parameters revisited by Bernstein, Lange and Peters  Public key is a 𝑙 ∗ (𝑜 − 𝑙) bit matrix (redundant part only) Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 13

  12. Code-based Cryptography for Embedded Devices K pub =M y= Ψ (y, K priv ) y=Mx+e K priv (Matrix) Decrypt Encrypt x x y y • Selection of the employed code is a highly critical issue – Properties of code determine key size, short keys essential – Structures in codes reduce key size, but can enable attacks – Encoding is a fast operation on all platforms (matrix multiplication) – Decoding requires efficient techniques in terms of time and memory • Basic McEliece is only CPA-secure; conversion required • Protection against side-channel and fault-injection attacks Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 14

  13. Code-based Cryptosystems Suitable codes for code-based cryptography? Goppa Generalized Concatenated Elliptic Reed-Solomon LDPC/MDPC Reed Muller Srivastava Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 15

  14. Code-based Cryptosystems Suitable codes for code-based cryptography? Goppa Generalized Concatenated Elliptic Reed-Solomon LDPC/MDPC Reed Muller Srivastava See Anja‘s and Nicolas‘ talks on Wednesday! Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 16

  15. Code-based Cryptosystems Key sizes for ≈ 80 -bit Suitable codes for code-based cryptography? equivalent symmetric security. PK: 63 kB SK: 2.5 kB Goppa Generalized Concatenated Elliptic Reed-Solomon LDPC/MDPC Reed Muller Srivastava PK: 0.6 kB PK: 2.5 kB SK: 1.2 kB SK: 1.5 kB See Anja‘s and Nicolas‘ talks on Wednesday! Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 17

  16. QC-MDPC Codes for Cryptography [MTSB13]  𝑢 -error correcting (𝑜, 𝑠, 𝑥) -QC-MDPC code of length 𝑜 = 𝑜 0 𝑠  Parity-check matrix 𝐼 consists of 𝑜 0 blocks with fixed row weight 𝑥 Code/Key Generation 1. Generate 𝑜 0 first rows of parity-check matrix blocks 𝐼 𝑗 𝑜 0 −1 𝑠 of weight 𝑥 𝑗 , w = ℎ 𝑗 ∈ 𝑆 𝐺 𝑥 𝑗 2 𝑗=0 2. Obtain remaining rows by 𝑠 − 1 quasi-cyclic shifts of ℎ 𝑗 3. 𝐼 = [𝐼 0 |𝐼 1 | … |𝐼 𝑜 0 −1 ] 4. Generator matrix of systematic form 𝐻 = 𝐽 𝑙 𝑅 −1 ∗ 𝐼 0 ) 𝑈 (𝐼 𝑜 0 −1 −1 ∗ 𝐼 1 ) 𝑈 (𝐼 𝑜 0 −1 Q = … −1 ∗ 𝐼 𝑜 0 −2 ) 𝑈 (𝐼 𝑜 0 −1 See Marco‘s talk! Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 18

  17. Background on QC-MDPC Codes Parity check matrix 𝐼 𝑜 0 = 2 𝐼 1 𝐼 0 I Generator matrix 𝐻 Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 19

  18. (QC-)MDPC McEliece Encryption 𝑙 , error vector 𝑓 ∈ 𝑆 𝐺 𝑜 , 𝑥𝑢(𝑓) ≤ 𝑢 Message 𝑛 ∈ 𝐺 2 2 x ← 𝑛𝐻 + 𝑓 Decryption Let Ψ 𝐼 be a 𝑢 -error-correcting (QC-)MDPC decoding algorithm. 𝑛𝐻 ← Ψ 𝐼 𝑛𝐻 + 𝑓 Extract 𝑛 from the first k positions. Parameters for 80-bit equivalent symmetric security [MTSB13] 𝑜 0 = 2, 𝑜 = 9602, 𝑠 = 4801, 𝑥 = 90, 𝑢 = 84 Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 20

  19. Overview Motivation Background Efficient Decoding Techniques Implementing QC-MDPC McEliece Side-Channel Attacks Countermeasures Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 21

  20. Efficient Decoding of MDPC Codes Decoders for LDPC/MDPC codes: bit flipping and belief propagation “Bit - Flipping” Decoder Compute syndrome 𝑡 of the ciphertext 1. 2. Count unsatisfied parity-check-equations # 𝑣𝑞𝑑 for each ciphertext bit Flip ciphertext bits that violate ≥ 𝑐 equations 3. 4. Recompute syndrome Repeat until 𝑡 = 0 or reaching max. iterations (decoding failure) 5.  How to determine threshold 𝑐 ? • Precompute 𝑐 𝑗 for each iteration [Gal62] • 𝑐 = 𝑛𝑏𝑦 𝑣𝑞𝑑 [HP03] • 𝑐 = 𝑛𝑏𝑦 𝑣𝑞𝑑 − δ [MTSB13] Tweaking code-based cryptography for embedded systems | DIMACS‘15 | Tim Güneysu, Ingo von Maurich 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded Devices 4 th Code based Cryptography Workshop 2013, Rocquencourt, France Stefan Heyse, Ingo von Maurich and Tim Gneysu Horst Grtz Institute for

500 views • 39 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Code-based Cryptography Selected publications [1] Carlos Aguilar, Philippe Gaborit, and Julien

Code-based Cryptography Selected publications [1] Carlos Aguilar, Philippe Gaborit, and Julien

1 Code-based Cryptography Code-based Cryptography Selected publications [1] Carlos Aguilar, Philippe Gaborit, and Julien Schrek. A new zero-knowledge code based identification scheme with reduced communication. In ITW 2011 , pages 648

284 views • 6 slides
The Support Splitting Algorithm and its Application to Code-based Cryptography Dimitris E. Simos

The Support Splitting Algorithm and its Application to Code-based Cryptography Dimitris E. Simos

The Support Splitting Algorithm and its Application to Code-based Cryptography Dimitris E. Simos ( joint work with Nicolas Sendrier) Project-Team SECRET INRIA Paris-Rocquencourt May 9, 2012 3rd Code-based Cryptography Workshop Technical

301 views • 17 slides
Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
How the analysis of electrical current consumption of embedded systems could lead to code

How the analysis of electrical current consumption of embedded systems could lead to code

How the analysis of electrical current consumption of embedded systems could lead to code reversing ? Code extraction via Power analysis Focus on Embedded systems Yann ALLAIN / Julien MOINARD AGENDA Who we are Research

979 views • 71 slides
Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria,

Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria,

Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria, team-project SECRET April 9, 2018 introduction 1. Code based cryptography Difficult problem in coding theory Problem 1. [Decoding] Input: n, r,

800 views • 53 slides
Code-Based Cryptography for FPGAs Dr. Ruben Niederhagen, February 8, 2018 Introduction Global

Code-Based Cryptography for FPGAs Dr. Ruben Niederhagen, February 8, 2018 Introduction Global

Code-Based Cryptography for FPGAs Dr. Ruben Niederhagen, February 8, 2018 Introduction Global Map public-key cryptography classic post-quantum lattice code multivariate hash isogenies . . . McEliece Niederreiter . . . GRS codes

1.04k views • 73 slides
Efficient implementation of Objectives code-based cryptography Set new speed records D. J.

Efficient implementation of Objectives code-based cryptography Set new speed records D. J.

Efficient implementation of Objectives code-based cryptography Set new speed records D. J. Bernstein for public-key cryptography. University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou

868 views • 73 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n > k noisy channel noisy

783 views • 52 slides
Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i

Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i

Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i Acknowledgements Full papers: Two in Designs, Codes and Cryptography (also as preprints OWP 2012-01 at MFO) and one in Journal of Symbolic Computation.

1.14k views • 67 slides
Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven Post-Quantum Cryptography Winter School 23 February 2016 Error correction Digital media is exposed to memory

519 views • 38 slides
Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters

Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 02 July 2019 Error correction Digital media is exposed to memory

1.83k views • 96 slides
McBits: Objectives fast constant-time Set new speed records code-based cryptography for

McBits: Objectives fast constant-time Set new speed records code-based cryptography for

McBits: Objectives fast constant-time Set new speed records code-based cryptography for public-key cryptography. D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou

746 views • 73 slides
Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Mathematical Methods for Cryptography 2017, Svolvaer, Lofoten, Norway 1 / 41 Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1 Department of ECE, INMC, Seoul National University, Seoul, Korea 2 Chosun

565 views • 41 slides
pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks

Syndrome Based Collision Resistant Hashing Matthieu Finiasz pq Outline Description of the FSB Hash Function Classic Attacks Recent Attacks Proposed Improvements and Parameters pq 1 Description of the FSB Hash Function pq

286 views • 28 slides
Post-quantum cryptography Tanja Lange 23 March 2016 BeNeLux Mathematical Congress

Post-quantum cryptography Tanja Lange 23 March 2016 BeNeLux Mathematical Congress

Post-quantum cryptography Tanja Lange 23 March 2016 BeNeLux Mathematical Congress Cryptography Motivation #1: Communication channels are spying on our data. Motivation #2: Communication channels are modifying our data. Bob

845 views • 43 slides
diagnoszta szemvel (avagy a szrs ballasztja) dr. Nahm Krisztina Uzsoki utcai Krhz Magyar

diagnoszta szemvel (avagy a szrs ballasztja) dr. Nahm Krisztina Uzsoki utcai Krhz Magyar

Intervallum rkok a diagnoszta szemvel (avagy a szrs ballasztja) dr. Nahm Krisztina Uzsoki utcai Krhz Magyar Szenolgiai Trsasg Tudomnyos Fruma Inrcs 2017. prilis 21-22. Defincik Mammogrfis szrs : terleti

453 views • 31 slides
2019 Transportation Project Delivery Conference 2019 Transportation Project Delivery Conference

2019 Transportation Project Delivery Conference 2019 Transportation Project Delivery Conference

2019 Transportation Project Delivery Conference 2019 Transportation Project Delivery Conference October 2019 October 2019 Welcome! 2019 Transportation Project Delivery Conference October 2019 2 Safety Briefing Double Tree by Hilton

2.15k views • 198 slides
LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes Marco Baldi 1 ,

LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes Marco Baldi 1 ,

LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes Marco Baldi 1 , Alessandro Barenghi 2 , Franco Chiaraluce 1 , Gerardo Pelosi 2 , Paolo Santini 1 1 Universit` a Politecnica delle Marche (m.baldi@univpm.it,

674 views • 52 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May 11-12, 2011 1/45 CONTENTS I Error-correcting codes; the basics II Quasi-cyclic codes; codes generated by circulants III Cyclic codes

556 views • 45 slides
WiFi Basics & Security Matthias Vallentin vallentin@net.in.tum.de Vorlesung

WiFi Basics & Security Matthias Vallentin vallentin@net.in.tum.de Vorlesung

WiFi Basics & Security Matthias Vallentin vallentin@net.in.tum.de Vorlesung Internetprotokolle SS06 Prof. Anja Feldmann, Ph.D. Outline 802.11 (WiFi) Basics Standards: 802.11{a,b,g,h,i} CSMA/CA WiFi Security

998 views • 42 slides

More recommend