Authenticated messages for a real-time fault-tolerant computer system

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 111-118).This thesis develops a message authentication scheme for a new version of the X-38 Fault-Tolerant Parallel Processor (FTPP), a high-performance real-time computer system designed for applications that need extreme reliability, such as control for human spaceflight. This computer system uses multiple replicated processors to ensure that the system as a whole continues to operate correctly even if some of the processors should fail. In order to maintain a synchronized state, the replicated processors must vote among themselves to make sure that they are using identical data. This thesis adds message authentication to the voting process. Using authenticated messages allows a system to achieve the same level of reliability with fewer replicas. This thesis analyzes where message authentication is needed in the voting process, then presents and evaluates several signature schemes for implementing message authentication. The X-38 FTPP uses radiation-hardened embedded processors, which have relatively limited computational power. Therefore, the challenge is to identify a scheme that is secure enough to guarantee that signatures cannot be forged, yet fast enough to sign messages at a high rate in real time.by David Chi-Shing Chau.M.Eng

Under Quantum Computer Attack: Is Rainbow a Replacement of RSA and Elliptic Curves on Hardware?

Among cryptographic systems, multivariate signature is one of the most popular candidates since it has the potential to resist quantum computer attacks. Rainbow belongs to the multivariate signature, which can be viewed as a multilayer unbalanced Oil-Vinegar system. In this paper, we present techniques to exploit Rainbow signature on hardware meeting the requirements of efficient high-performance applications. We propose a general architecture for efficient hardware implementations of Rainbow and enhance our design in three directions. First, we present a fast inversion based on binary trees. Second, we present an efficient multiplication based on compact construction in composite fields. Third, we present a parallel solving system of linear equations based on Gauss-Jordan elimination. Via further other minor optimizations and by integrating the major improvement above, we implement our design in composite fields on standard cell CMOS Application Specific Integrated Circuits (ASICs). The experimental results show that our implementation takes 4.9 us and 242 clock cycles to generate a Rainbow signature with the frequency of 50 MHz. Comparison results show that our design is more efficient than the RSA and ECC implementations

SFLASHv3, a fast asymmetric signature scheme

SFLASH-v2 is one of the three asymmetric signature schemes recommended by the European consortium for low-cost smart cards. The latest implementation report published at PKC 2003 shows that SFLASH-v2 is the fastest signature scheme known. This is a detailed specification of SFLASH-v3 produced in 2003 for fear of v2 being broken. HOWEVER after detailed analysis by Chen Courtois and Yang [ICICS04], Sflash-v2 is not broken and we still recommend the previous version Sflash-v2, already recommended by Nessie, instead of this version

New Directions in Multivariate Public Key Cryptography

Most public key cryptosystems used in practice are based on integer factorization or discrete logarithms (in finite fields or elliptic curves). However, these systems suffer from two potential drawbacks. First, they must use large keys to maintain security, resulting in decreased efficiency. Second, if large enough quantum computers can be built, Shor\u27s algorithm will render them completely insecure. Multivariate public key cryptosystems (MPKC) are one possible alternative. MPKC makes use of the fact that solving multivariate polynomial systems over a finite field is an NP-complete problem, for which it is not known whether there is a polynomial algorithm on quantum computers. The main goal of this work is to show how to use new mathematical structures, specifically polynomial identities from algebraic geometry, to construct new multivariate public key cryptosystems. We begin with a basic overview of MPKC and present several significant cryptosystems that have been proposed. We also examine in detail some of the most powerful attacks against MPKCs. We propose a new framework for constructing multivariate public key cryptosystems and consider several strategies for constructing polynomial identities that can be utilized by the framework. In particular, we have discovered several new families of polynomial identities. Finally, we propose our new cryptosystem and give parameters for which it is secure against known attacks on MPKCs

Hash-based Multivariate Public Key Cryptosystems

Many efficient attacks have appeared in recent years, which have led to serious blow for the traditional multivariate public key cryptosystems. For example, the signature scheme SFLASH was broken by Dubois et al. at CRYPTO\u2707, and the Square signature (or encryption) scheme by Billet et al. at ASIACRYPTO\u2709. Most multivariate schemes known so far are insecure, except maybe the sigature schemes UOV and HFEv-. Following these new developments, it seems that the general design principle of multivariate schemes has been seriously questioned, and there is a rather pressing desire to find new trapdoor construction or mathematical tools and ideal. In this paper, we introduce the hash authentication techniques and combine with the traditional MQ-trapdoors to propose a novel hash-based multivariate public key cryptosystems. The resulting scheme, called EMC (Extended Multivariate Cryptosystem), can also be seen as a novel hash-based cryptosystems like Merkle tree signature. And it offers the double security protection for signing or encrypting. By the our analysis, we can construct the secure and efficient not only signature scheme but also encryption scheme by using the EMC scheme combined some modification methods summarized by Wolf. And thus we present two new schems: EMC signature scheme (with the Minus method ``- ) and EMC encryption scheme (with the Plus method ``+ ). In addition, we also propose a reduced scheme of the EMC signature scheme (a light-weight signature scheme). Precise complexity estimates for these schemes are provided, but their security proofs in the random oracle model are still an open problem

Tame transformation signatures with topsy-turvy hashes

[[conferencetype]]國內[[conferencedate]]20021030~2002103

A study of big field multivariate cryptography.

As the world grapples with the possibility of widespread quantum computing, the cryptosystems of the day need to be up to date. Multivariate Public Key Cryptography is a leading option for security in a post quantum society. One goal of this work is to classify the security of multivariate schemes, especially C*variants. We begin by introducing Multivariate Public Key Cryptography and will then discuss different multivariate schemes and the main types of attacks that have been proven effective against multivariate schemes. Once we have developed an appropriate background, we analyze security of different schemes against particular attacks. Specifically, we will analyze differential security of HFEv- and PFLASH schemes. We then introduce a variant of C* that may be used as an encryption scheme, not just as a signature scheme. Finally, we will analyze the security and efficiency of a (n,d,s,a,p,t) scheme in general. This allows for individuals to generally discuss security and performance of any C* variant

TOT, a Fast Multivariate Public Key Cryptosystem with Basic Secure Trapdoor

In this paper, we design a novel one-way trapdoor function, and then propose a new multivariate public key cryptosystem called $\rm TOT$, which can be used for encryption, signature and authentication. Through analysis, we declare that $\rm TOT$ is secure, because it can resist current known algebraic attacks if its parameters are properly chosen. Some practical implementations for $\rm TOT$ are also given, and whose security level is at least $2^{90}$. The comparison shows that $\rm TOT$ is more secure than $\rm HFE$, $\rm HFEv$ and $\rm Quartz$ (when $n \ge 81$ and $D_{HFE} \ge 129$, $\rm HFE$ is still secure), and it can reach almost the same speed of computing the secret map by $\rm C^\ast$ and $\rm Sflash^{v2}$ (even though $\rm C^\ast$ was broken, its high speed has been affirmed)

Small Odd Prime Field Multivariate PKCs

We show that Multivariate Public Key Cryptosystems (MPKCs) over fields of small odd prime characteristic, say 31, can be highly efficient. Indeed, at the same design security of $2^{80}$ under the best known attacks, odd-char MPKC is generally faster than prior MPKCs over \GF{2^k}, which are in turn faster than ``traditional\u27\u27 alternatives. This seemingly counter-intuitive feat is accomplished by exploiting the comparative over-abundance of small integer arithmetic resources in commodity hardware, here embodied by SSE2 or more advanced special multimedia instructions on modern x86-compatible CPUs. We explain our implementation techniques and design choices in implementing our chosen MPKC instances modulo small a odd prime. The same techniques are also applicable in modern FPGAs which often contains a large number of multipliers