Group theory in cryptography

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor typographical changes. To appear in Proceedings of Groups St Andrews 2009 in Bath, U

Data Security Model Employing Hyperelliptic Curve Cryptography (HECC) and Secure Hash Algorithm-3 (Sha-3) in Cloud Computing

Data owners use the huge space offered by ‘Cloud’ Computing for storage of data and also for carrying out computations. To eliminate the burden of storing file locally, cloud stores them on remote servers using virtualization concepts. Therein arises one of the major issues in the field of cloud computing: security. Data owners lack in having direct control over files stored in the cloud and consequently, the problem of data security arises. An efficient scheme to provide data security, while storing data in the cloud has been proposed which makes use of Hyperelliptic curve cryptography (HECC) for encryption and decryption and Secure Hash Algorithm-3 (SHA-3) for data integrity verification. Implementation results clearly illustrate that HECC remains as a good alternative asymmetric key technique rather than ECC and RSA when securing documents in cloud

Cryptographic Aspects of Real Hyperelliptic Curves

In this paper, we give an overview of cryptographic applications using real hyperelliptic curves. We review previously proposed cryptographic protocols, and discuss the infrastructure of a real hyperelliptic curve, the mathematical structure underlying all these protocols. We then describe recent improvements to infrastructure arithmetic, including explicit formulas for divisor arithmetic in genus 2; and advances in solving the infrastructure discrete logarithm problem, whose presumed intractability is the basis of security for the related cryptographic protocols

Application of Mordell-Weil lattices with large kissing numbers to acceleration of multi-scalar multiplication on elliptic curves

This article aims to speed up (the precomputation stage of) multi-scalar multiplication (MSM) on ordinary elliptic curves of $j$-invariant $0$ with respect to specific \u27\u27independent\u27\u27 (a.k.a. \u27\u27basis\u27\u27) points. For this purpose, so-called Mordell--Weil lattices (up to rank $8$) with large kissing numbers (up to $240$) are employed. In a nutshell, the new approach consists in obtaining more efficiently a considerable number (up to $240$) of certain elementary linear combinations of the ``independent\u27\u27 points. By scaling the point (re)generation process, it is thus possible to get a significant performance gain. As usual, the resulting curve points can be then regularly used in the main stage of an MSM algorithm to avoid repeating computations. Seemingly, this is the first usage of lattices with large kissing numbers in cryptography, while such lattices have already found numerous applications in other mathematical domains. Without exaggeration, the article results can strongly affect performance of today\u27s real-world elliptic cryptography, since MSM is a widespread primitive (often the unique bottleneck) in modern protocols. Moreover, the new (re)generation technique is prone to further improvements by considering Mordell--Weil lattices with even greater kissing numbers

A note on short invertible ring elements and applications to cyclotomic and trinomials number fields

Ring-SIS based $\Sigma$-protocols require a challenge set $\mathcal{C}$ in some ring $R$, usually an order in a number field $L$. These $\Sigma$-protocols impose various requirements on the subset $\mathcal{C}$, and finding a good, or even optimal, challenge set is a non-trivial task that involves making various trade-offs. Ring-SIS based $\Sigma$-protocols require a challenge set $\mathcal{C}$ in some ring $R$, usually an order in a number field $L$. These $\Sigma$-protocols impose various requirements on the subset $\mathcal{C}$, and finding a good, or even optimal, challenge set is a non-trivial task that involves making various trade-offs. In particular, (1) the set $\mathcal{C}$ should be `large', (2) elements in $\mathcal{C}$ should be `small', and (3) differences of distinct elements in $\mathcal{C}$ should be invertible modulo a rational prime $p$. Moreover, for efficiency purposes, it is desirable that (4) the prime $p$ is small, and that (5) it splits in many factors in the number field $L$. These requirements on $\mathcal{C}$ are subject to certain trade-offs, e.g., between the splitting behavior of the prime $p$ and its size. Lyubashevsky and Seiler (Eurocrypt 2018) have studied these trade-offs for subrings of cyclotomic number fields. Cyclotomic number fields possess convenient properties and as a result most Ring-SIS based protocols are defined over these specific fields. However, recent attacks have shown that, in certain protocols, these convenient properties can be exploited by adversaries, thereby weakening or even breaking the cryptographic protocols. In this work, we revisit the results of Lyubashevsky and Seiler and show that they follow from standard Galois theory, thereby simplifying their proofs. Subsequently, this approach leads to a natural generalization from cyclotomic to arbitrary number fields. We apply the generalized results to construct challenge sets in trinomial number fields of the form $\mathbb{Q}[X]/(f)$ with $f=X^n+aX^k+b \in \mathbb{Z}[X]$ irreducible. Along the way we prove a conjectured result on the practical applicability for cyclotomic number fields and prove the optimality of certain constructions. Finally, we find a new construction for challenge sets resulting in smaller prime sizes at the cost of slightly increasing the $\ell_2$-norm of the challenges

Fault attacks and countermeasures for elliptic curve cryptosystems

In this thesis we have developed a new algorithmic countermeasures that protect elliptic curve computation by protecting computation of the finite binary extension field, against fault attacks. Firstly, we have proposed schemes, i.e., a Chinese Remainder Theorem based fault tolerant computation in finite field for use in ECCs, as well as Lagrange Interpolation based fault tolerant computation. Our approach is based on the error correcting codes, i.e., redundant residue polynomial codes and the use of first original approach of Reed-Solomon codes. Computation of the field elements is decomposed into parallel, mutually independent, modular/identical channels, so that in case of faults at one channel, errors will not distribute to other channels. Based on these schemes we have developed new algorithms, namely fault tolerant residue representation modular multiplication algorithm and fault tolerant Lagrange representation modular multiplication algorithm, which are immune against error propagation under the fault models that we propose: Random Fault Model, Arbitrary Fault Model, and Single Bit Fault Model. These algorithms provide fault tolerant computation in GF (2k) for use in ECCs. Our new developed algorithms where inputs, i.e., field elements, are represented by the redundant residue representation/ redundant lagrange representation enables us to overcome the problem if during computation one, or both coordinates x, y GF (2k) of the point P E/GF (2k) /Fk are corrupted. We assume that during each run of an attacked algorithm, in one single attack, an adversary can apply any of the proposed fault models, i.e., either Random Fault Model, or Arbitrary Fault Model, or Single Bit Fault Model. In this way more channels can be targeted, i.e., different fault models can be used on different channels. Also, our proposed algorithms can have masked errors and will not be immune against attacks which can create those kind of errors, but it is a difficult problem to counter masked errors, since any anti-fault attack scheme will have some masked errors. Moreover, we have derived conditions that inflicted error needs to have in order to yield undetectable faulty point on non-supersingular elliptic curve over GF(2k). Our algorithmic countermeasures can be applied to any public key cryptosystem that performs computation over the finite field GF (2k)