148 research outputs found
Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols (Extended Version)
Public key cryptography protocols, such as RSA and elliptic curve cryptography, will be rendered insecure by Shor’s algorithm when large-scale quantum computers are built. Cryptographers are working on quantum-resistant algorithms, and lattice-based cryptography has emerged as a prime candidate. However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on low-power embedded devices. To address this challenge, we present Sapphire – a lattice cryptography processor with configurable parameters. Efficient sampling, with a SHA-3-based PRNG, provides two orders of magnitude energy savings; a single-port RAM-based number theoretic transform memory architecture is proposed, which provides 124k-gate area savings; while a low-power modular arithmetic unit accelerates polynomial computations. Our test chip was fabricated in TSMC 40nm low-power CMOS process, with the Sapphire cryptographic core occupying 0.28 mm2 area consisting of 106k logic gates and 40.25 KB SRAM. Sapphire can be programmed with custom instructions for polynomial arithmetic and sampling, and it is coupled with a low-power RISC-V micro-processor to demonstrate NIST Round 2 lattice-based CCA-secure key encapsulation and signature protocols Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations. All key building blocks of Sapphire are constant-time and secure against timing and simple power analysis side-channel attacks. We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware
Post-Quantum Cryptography for Internet of Things: A Survey on Performance and Optimization
Due to recent development in quantum computing, the invention of a large
quantum computer is no longer a distant future. Quantum computing severely
threatens modern cryptography, as the hard mathematical problems beneath
classic public-key cryptosystems can be solved easily by a sufficiently large
quantum computer. As such, researchers have proposed PQC based on problems that
even quantum computers cannot efficiently solve. Generally, post-quantum
encryption and signatures can be hard to compute. This could potentially be a
problem for IoT, which usually consist lightweight devices with limited
computational power. In this paper, we survey existing literature on the
performance for PQC in resource-constrained devices to understand the
severeness of this problem. We also review recent proposals to optimize PQC
algorithms for resource-constrained devices. Overall, we find that whilst PQC
may be feasible for reasonably lightweight IoT, proposals for their
optimization seem to lack standardization. As such, we suggest future research
to seek coordination, in order to ensure an efficient and safe migration toward
IoT for the post-quantum era.Comment: 13 pages, 3 figures and 7 tables. Formatted version submitted to ACM
Computer Survey
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
A quantum-resistant advanced metering infrastructure
This dissertation focuses on discussing and implementing a Quantum-Resistant Advanced
Metering Infrastructure (QR-AMI) that employs quantum-resistant asymmetric and symmetric
cryptographic schemes to withstand attacks from both quantum and classical computers. The
proposed solution involves the integration of Quantum-Resistant Dedicated Cryptographic
Modules (QR-DCMs) within Smart Meters (SMs). These QR-DCMs are designed to embed
quantum-resistant cryptographic schemes suitable for AMI applications. In this sense, it
investigates quantum-resistant asymmetric cryptographic schemes based on strong cryptographic
principles and a lightweight approach for AMIs. In addition, it examines the practical deployment
of quantum-resistant schemes in QR-AMIs. Two candidates from the National Institute of
Standards and Technology (NIST) post-quantum cryptography (PQC) standardization process,
FrodoKEM and CRYSTALS-Kyber, are assessed due to their adherence to strong cryptographic
principles and lightweight approach. The feasibility of embedding these schemes within QRDCMs in an AMI context is evaluated through software implementations on low-cost hardware,
such as microcontroller and processor, and hardware/software co-design implementations using
System-on-a-Chip (SoC) devices with Field-Programmable Gate Array (FPGA) components.
Experimental results show that the execution time for FrodoKEM and CRYSTALS-Kyber schemes
on SoC FPGA devices is at least one-third faster than software implementations. Furthermore, the
achieved execution time and resource usage demonstrate the viability of these schemes for AMI
applications. The CRYSTALS-Kyber scheme appears to be a superior choice in all scenarios,
except when strong cryptographic primitives are necessitated, at least theoretically. Due to the
lack of off-the-shelf SMs supporting quantum-resistant asymmetric cryptographic schemes, a QRDCM embedding quantum-resistant scheme is implemented and evaluated. Regarding hardware
selection for QR-DCMs, microcontrollers are preferable in situations requiring reduced processing
power, while SoC FPGA devices are better suited for those demanding high processing power.
The resource usage and execution time outcomes demonstrate the feasibility of implementing
AMI based on QR-DCMs (i.e., QR-AMI) using microcontrollers or SoC FPGA devices.Esta tese de doutorado foca na discussão e implementação de uma Infraestrutura de Medição
Avançada com Resistência Quântica (do inglês, Quantum-Resistant Advanced Metering Infrastructure - QR-AMI), que emprega esquemas criptográficos assimétricos e simétricos com
resistência quântica para suportar ataques proveniente tanto de computadores quânticos, como
clássicos. A solução proposta envolve a integração de um Módulo Criptográfico Dedicado
com Resistência Quântica (do inglês, Quantum-Resistant Dedicated Cryptographic Modules
- QR-DCMs) com Medidores Inteligentes (do inglês, Smart Meter - SM). Os QR-DCMs são
projetados para embarcar esquemas criptográficos com resistência quântica adequados para
aplicação em AMI. Nesse sentido, é investigado esquemas criptográficos assimétricos com
resistência quântica baseado em fortes princípios criptográficos e abordagem com baixo uso
de recursos para AMIs. Além disso, é analisado a implantação prática de um esquema com
resistência quântica em QR-AMIs. Dois candidatos do processo de padronização da criptografia
pós-quântica (do inglês, post-quantum cryptography - PQC) do Instituto Nacional de Padrões e
Tecnologia (do inglês, National Institute of Standards and Technology - NIST), FrodoKEM e
CRYSTALS-Kyber, são avaliados devido à adesão a fortes princípios criptográficos e abordagem
com baixo uso de recursos. A viabilidade de embarcar esses esquemas em QR-DCMs em um
contexto de AMI é avaliado por meio de implementação em software em hardwares de baixo
custo, como um microcontrolador e processador, e implementações conjunta hardware/software
usando um sistema em um chip (do inglês, System-on-a-Chip - SoC) com Arranjo de Porta
Programável em Campo (do inglês, Field-Programmable Gate Array - FPGA). Resultados
experimentais mostram que o tempo de execução para os esquemas FrodoKEM e CRYSTALSKyber em dispositivos SoC FPGA é, ao menos, um terço mais rápido que implementações em
software. Além disso, os tempos de execuções atingidos e o uso de recursos demonstram a
viabilidade desses esquemas para aplicações em AMI. O esquema CRYSTALS-Kyber parece
ser uma escolha superior em todos os cenários, exceto quando fortes primitivas criptográficas
são necessárias, ao menos teoricamente. Devido à falta de SMs no mercado que suportem
esquemas criptográficos assimétricos com resistência quântica, um QR-DCM embarcando
esquemas com resistência quântica é implementado e avaliado. Quanto à escolha do hardware
para os QR-DCMs, microcontroladores são preferíveis em situações que requerem poder de
processamento reduzido, enquanto dispositivos SoC FPGA são mais adequados para quando é
demandado maior poder de processamento. O uso de recurso e o resultado do tempo de execução
demonstram a viabilidade da implementação de AMI baseada em QR-DCMs, ou seja, uma
QR-AMI, usando microcontroladores e dispositivos SoC FPGA
A 334µW 0.158mm2 ASIC for Post-Quantum Key-Encapsulation Mechanism Saber with Low-latency Striding Toom-Cook Multiplication Extended Version
The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard \& Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice based cryptography. Because public key cryptography is mostly used to establish common secret keys, focus is on compact area, power and energy budget and to a lesser extent on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT) based multiplications, in this paper we highly optimize a Toom-Cook based multiplier. We demonstrate that a memory-efficient striding Toom-Cook with lazy interpolation, results in a highly compact, low power implementation, which on top enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating and shift-add multiplier has helped to achieve 38\% less power than state-of-the art PQC core, 4 less memory, 36.8\% reduction in multiplier energy and 118 reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes active area which is lowest reported till date despite process disadvantages of the state-of-the-art designs
- …