3,037 research outputs found
Revisiting LFSMs
Linear Finite State Machines (LFSMs) are particular primitives widely used in
information theory, coding theory and cryptography. Among those linear
automata, a particular case of study is Linear Feedback Shift Registers (LFSRs)
used in many cryptographic applications such as design of stream ciphers or
pseudo-random generation. LFSRs could be seen as particular LFSMs without
inputs.
In this paper, we first recall the description of LFSMs using traditional
matrices representation. Then, we introduce a new matrices representation with
polynomial fractional coefficients. This new representation leads to sparse
representations and implementations. As direct applications, we focus our work
on the Windmill LFSRs case, used for example in the E0 stream cipher and on
other general applications that use this new representation.
In a second part, a new design criterion called diffusion delay for LFSRs is
introduced and well compared with existing related notions. This criterion
represents the diffusion capacity of an LFSR. Thus, using the matrices
representation, we present a new algorithm to randomly pick LFSRs with good
properties (including the new one) and sparse descriptions dedicated to
hardware and software designs. We present some examples of LFSRs generated
using our algorithm to show the relevance of our approach.Comment: Submitted to IEEE-I
Modeling Bitcoin Contracts by Timed Automata
Bitcoin is a peer-to-peer cryptographic currency system. Since its
introduction in 2008, Bitcoin has gained noticeable popularity, mostly due to
its following properties: (1) the transaction fees are very low, and (2) it is
not controlled by any central authority, which in particular means that nobody
can "print" the money to generate inflation. Moreover, the transaction syntax
allows to create the so-called contracts, where a number of
mutually-distrusting parties engage in a protocol to jointly perform some
financial task, and the fairness of this process is guaranteed by the
properties of Bitcoin. Although the Bitcoin contracts have several potential
applications in the digital economy, so far they have not been widely used in
real life. This is partly due to the fact that they are cumbersome to create
and analyze, and hence risky to use.
In this paper we propose to remedy this problem by using the methods
originally developed for the computer-aided analysis for hardware and software
systems, in particular those based on the timed automata. More concretely, we
propose a framework for modeling the Bitcoin contracts using the timed automata
in the UPPAAL model checker. Our method is general and can be used to model
several contracts. As a proof-of-concept we use this framework to model some of
the Bitcoin contracts from our recent previous work. We then automatically
verify their security in UPPAAL, finding (and correcting) some subtle errors
that were difficult to spot by the manual analysis. We hope that our work can
draw the attention of the researchers working on formal modeling to the problem
of the Bitcoin contract verification, and spark off more research on this
topic
Key exchange with the help of a public ledger
Blockchains and other public ledger structures promise a new way to create
globally consistent event logs and other records. We make use of this
consistency property to detect and prevent man-in-the-middle attacks in a key
exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates
an inconsistency in the world views of the two honest parties, and they can
detect it with the help of the ledger. Thus, there is no need for prior
knowledge or trusted third parties apart from the distributed ledger. To
prevent impersonation attacks, we require user interaction. It appears that, in
some applications, the required user interaction is reduced in comparison to
other user-assisted key-exchange protocols
Efficient unified Montgomery inversion with multibit shifting
Computation of multiplicative inverses in finite fields GF(p) and GF(2/sup n/) is the most time-consuming operation in elliptic curve cryptography, especially when affine co-ordinates are used. Since the existing algorithms based on the extended Euclidean algorithm do not permit a fast software implementation, projective co-ordinates, which eliminate almost all of the inversion operations from the curve arithmetic, are preferred. In the paper, the authors demonstrate that affine co-ordinate implementation provides a comparable speed to that of projective co-ordinates with careful hardware realisation of existing algorithms for calculating inverses in both fields without utilising special moduli or irreducible polynomials. They present two inversion algorithms for binary extension and prime fields, which are slightly modified versions of the Montgomery inversion algorithm. The similarity of the two algorithms allows the design of a single unified hardware architecture that performs the computation of inversion in both fields. They also propose a hardware structure where the field elements are represented using a multi-word format. This feature allows a scalable architecture able to operate in a broad range of precision, which has certain advantages in cryptographic applications. In addition, they include statistical comparison of four inversion algorithms in order to help choose the best one amongst them for implementation onto hardware
Shake well before use: Authentication based on Accelerometer Data
Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method
- …