2,705 research outputs found
Design and Reliability Performance Evaluation of Network Coding Schemes for Lossy Wireless Networks
This thesis investigates lossy wireless networks, which are wireless communication networks consisting of lossy wireless links, where the packet transmission via a lossy wireless link is successful with a certain value of probability. In particular, this thesis analyses all-to-all broadcast in lossy wireless networks, where every node has a native packet to transmit to all other nodes in the network. A challenge of all-to-all broadcast in lossy wireless networks is the reliability, which is defined as the probability that every node in the network successfully obtains a copy of the native packets of all other nodes. In this thesis, two novel network coding schemes are proposed, which are the neighbour network coding scheme and the random neighbour network coding scheme. In the two proposed network coding schemes, a node may perform a bit-wise exclusive or (XOR) operation to combine the native packet of itself and the native packet of its neighbour, called the coding neighbour, into an XOR coded packet. The reliability of all-to-all broadcast under both the proposed network coding schemes is investigated analytically using Markov chains. It is shown that the reliability of all-to-all broadcast can be improved considerably by employing the proposed network coding schemes, compared with non-coded networks with the same link conditions, i.e. same probabilities of successful packet transmission via wireless channels. Further, the proposed schemes take the link conditions of each node into account to maximise the reliability of a given network. To be more precise, the first scheme proposes the optimal coding neighbour selection method while the second scheme introduces a tuning parameter to control the probability that a node performs network coding at each transmission. The observation that channel condition can have a significant impact on the performance of network coding schemes is expected to be applicable to other network coding schemes for lossy wireless networks
CSIDH on the surface
For primes p≡3mod4, we show that setting up CSIDH on the surface, i.e., using supersingular elliptic curves with endomorphism ring Z[(1+−p−−−√)/2], amounts to just a few sign switches in the underlying arithmetic. If p≡7mod8 then horizontal 2-isogenies can be used to help compute the class group action. The formulas we derive for these 2-isogenies are very efficient (they basically amount to a single exponentiation in Fp) and allow for a noticeable speed-up, e.g., our resulting CSURF-512 protocol runs about 5.68% faster than CSIDH-512. This improvement is completely orthogonal to all previous speed-ups, constant-time measures and construction of cryptographic primitives that have appeared in the literature so far. At the same time, moving to the surface gets rid of the redundant factor Z3 of the acting ideal-class group, which is present in the case of CSIDH and offers no extra security
Detecting brute-force attacks on cryptocurrency wallets
Blockchain is a distributed ledger, which is protected against malicious
modifications by means of cryptographic tools, e.g. digital signatures and hash
functions. One of the most prominent applications of blockchains is
cryptocurrencies, such as Bitcoin. In this work, we consider a particular
attack on wallets for collecting assets in a cryptocurrency network based on
brute-force search attacks. Using Bitcoin as an example, we demonstrate that if
the attack is implemented successfully, a legitimate user is able to prove that
fact of this attack with a high probability. We also consider two options for
modification of existing cryptocurrency protocols for dealing with this type of
attacks. First, we discuss a modification that requires introducing changes in
the Bitcoin protocol and allows diminishing the motivation to attack wallets.
Second, an alternative option is the construction of special smart-contracts,
which reward the users for providing evidence of the brute-force attack. The
execution of this smart-contract can work as an automatic alarm that the
employed cryptographic mechanisms, and (particularly) hash functions, have an
evident vulnerability.Comment: 10 pages, 2 figures; published versio
Capabilities to support responsible research & innovation in European biotechnology
Emerging biotechnologies from fields such as synthetic biology and industrial biotechnology
raise challenges for governance. In response, public funders have developed new approaches to
govern these technologies before decisions are locked in and products emerge onto the market.
Over a decade of experience with these nascent forms of governance, such as Responsible Re-
search and Innovation (RRI), shows their value but also the limitations, particularly when im-
plemented without consideration of day-to-day working conditions, sector specific distinctions
and institutional structures shaping research in the biological sciences.
Drawing on three workshops with members of the ERA CoBioTech funding programme, we
show how a new approach, grounded in the idea of human capabilities, can help to integrate the
skills, knowledge and institutional conditions needed to enact upstream governance in the
design of future funding programmes. We identify the goals researchers associated with RRI in
the life sciences, outline five sets of capabilities that enable researchers, managers and adminis-
trators to practise responsible research and innovation, and unearth a corresponding set of re-
sources that these capabilities depend upon. Funders that learn to design programmes to max-
imise and expand the five capability sets are likely to enable more substantive forms of upstream
governance than before
A Family of Lightweight Twisted Edwards Curves for the Internet of Things
We introduce a set of four twisted Edwards curves that satisfy common security requirements and allow for fast implementations of scalar multiplication on 8, 16, and 32-bit processors. Our curves are defined by an equation of the form -x^2 + y^2 = 1 + dx^2y^2 over a prime field Fp, where d is a small non-square modulo p. The underlying prime fields are based on "pseudo-Mersenne" primes given by p = 2^k - c and have in common that p is congruent to 5 modulo 8, k is a multiple of 32 minus 1, and c is at most eight bits long. Due to these common features, our primes facilitate a parameterized implementation of the low-level arithmetic so that one and the same arithmetic function is able to process operands of different length. Each of the twisted Edwards curves we introduce in this paper is birationally equivalent to a Montgomery curve of the form -(A+2)y^2 = x^3 + Ax^2 + x where 4/(A+2) is small. Even though this contrasts with the usual practice of choosing A such that (A+2)/4 is small, we show that the Montgomery form of our curves allows for an equally efficient implementation of point doubling as Curve25519. The four curves we put forward roughly match the common security levels of 80, 96, 112 and 128 bits. In addition, their Weierstraß representations are isomorphic to curves of the form y^2 = x^3 - 3x + b so as to facilitate inter-operability with TinyECC and other legacy software
A Constant Time Full Hardware Implementation of Streamlined NTRU Prime
This paper presents a constant time hardware implementation of the NIST round 2 post-quantum cryptographic algorithm Streamlined NTRU Prime. We implement the entire KEM algorithm, including all steps for key generation, encapsulation and decapsulation, and all en- and decoding. We focus on optimizing the resources used, as well as applying optimization and parallelism available due to the hardware design. We show the core en- and decapsulation requires only a fraction of the total FPGA fabric resource cost, which is dominated by that of the hash function, and the en- and decoding algorithm. For the NIST Security Level 3, our implementation uses a total of 1841 slices on a Xilinx Zynq Ultrascale+ FPGA, together with 14 BRAMs and 19 DSPs. The maximum achieved frequency is 271 MHz, at which the key generation, encapsulation and decapsulation take 4808 μs, 524 μs and 958 μs respectively. To our knowledge, this work is the first full hardware implementation where the entire algorithm is implemented
Efficient noninteractive certification of RSA moduli and beyond
In many applications, it is important to verify that an RSA public key (N; e) speci es a
permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated
public keys. We design and implement a simple and e cient noninteractive zero-knowledge
protocol (in the random oracle model) for this task. Applications concerned about adversarial
key generation can just append our proof to the RSA public key without any other modi cations
to existing code or cryptographic libraries. Users need only perform a one-time veri cation of
the proof to ensure that raising to the power e is a permutation of the integers modulo N. For
typical parameter settings, the proof consists of nine integers modulo N; generating the proof
and verifying it both require about nine modular exponentiations.
We extend our results beyond RSA keys and also provide e cient noninteractive zero-
knowledge proofs for other properties of N, which can be used to certify that N is suitable
for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to
the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for
similar languages, our protocols are more e cient and do not require interaction, which enables
a broader class of applications.https://eprint.iacr.org/2018/057First author draf
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
Assessing and countering reaction attacks against post-quantum public-key cryptosystems based on QC-LDPC codes
Code-based public-key cryptosystems based on QC-LDPC and QC-MDPC codes are
promising post-quantum candidates to replace quantum vulnerable classical
alternatives. However, a new type of attacks based on Bob's reactions have
recently been introduced and appear to significantly reduce the length of the
life of any keypair used in these systems. In this paper we estimate the
complexity of all known reaction attacks against QC-LDPC and QC-MDPC code-based
variants of the McEliece cryptosystem. We also show how the structure of the
secret key and, in particular, the secret code rate affect the complexity of
these attacks. It follows from our results that QC-LDPC code-based systems can
indeed withstand reaction attacks, on condition that some specific decoding
algorithms are used and the secret code has a sufficiently high rate.Comment: 21 pages, 2 figures, to be presented at CANS 201
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
- …