5 research outputs found
Fast, uniform, and compact scalar multiplication for elliptic curves and genus 2 Jacobians with applications to signature schemes
We give a general framework for uniform, constant-time one-and
two-dimensional scalar multiplication algorithms for elliptic curves and
Jacobians of genus 2 curves that operate by projecting to the x-line or Kummer
surface, where we can exploit faster and more uniform pseudomultiplication,
before recovering the proper "signed" output back on the curve or Jacobian.
This extends the work of L{\'o}pez and Dahab, Okeya and Sakurai, and Brier and
Joye to genus 2, and also to two-dimensional scalar multiplication. Our results
show that many existing fast pseudomultiplication implementations (hitherto
limited to applications in Diffie--Hellman key exchange) can be wrapped with
simple and efficient pre-and post-computations to yield competitive full scalar
multiplication algorithms, ready for use in more general discrete
logarithm-based cryptosystems, including signature schemes. This is especially
interesting for genus 2, where Kummer surfaces can outperform comparable
elliptic curve systems. As an example, we construct an instance of the Schnorr
signature scheme driven by Kummer surface arithmetic
Lightweight Swarm Authentication
In this paper we describe a provably secure authentication protocol for resource limited devices. The proposed algorithm performs whole-network authentication using very few rounds and in a time logarithmic in the number of nodes. Compared to one-to-one node authentication and previous proposals, our protocol is more efficient: it requires less communication and computation and, in turn, lower energy consumption
Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman
Diffie-Hellman groups are a widely used component in cryptographic protocols in which a
shared secret is needed. These protocols are typically proven to be secure under the assumption they
are implemented with prime order Diffie Hellman groups. However, in practice, many implementations
either choose to use non-prime order groups for reasons of efficiency, or can be manipulated into
operating in non-prime order groups. This leaves a gap between the proofs of protocol security, which
assume prime order groups, and the real world implementations. This is not merely a theoretical
possibility: many attacks exploiting small subgroups or invalid curve points have been found in the
real world.
While many advances have been made in automated protocol analysis, modern tools such as Tamarin
and ProVerif represent DH groups using an abstraction of prime order groups. This means they, like
many cryptographic proofs, may miss practical attacks on real world protocols.
In this work we develop a novel extension of the symbolic model of Diffie-Hellman groups. By more
accurately modelling internal group structure, our approach captures many more differences between
prime order groups and their actual implementations. The additional behaviours that our models
capture are surprisingly diverse, and include not only attacks using small subgroups and invalid curve
points, but also a range of proposed mitigation techniques, such as excluding low order elements,
single coordinate ladders, and checking the elliptic curve equation. Our models thereby capture a
large family of attacks that were previously outside the symbolic model.
We implement our improved models in the Tamarin prover. We find a new attack on the Secure
Scuttlebutt Gossip protocol, independently discover a recent attack on Tendermint’s secure handshake,
and evaluate the effectiveness of the proposed mitigations for recent Bluetooth attacks
Quantum State Estimation and Symmetric Informationally Complete POMs
Ph.DDOCTOR OF PHILOSOPH