Implementation of Generic and Efficient Architecture of Elliptic Curve Cryptography over Various GF(p) for Higher Data Security

Elliptic Curve Cryptography (ECC) has recognized much more attention over the last few years and has time-honored itself among the renowned public key cryptography schemes. The main feature of ECC is that shorter keys can be used as the best option for implementation of public key cryptography in resource-constrained (memory, power, and speed) devices like the Internet of Things (IoT), wireless sensor based applications, etc. The performance of hardware implementation for ECC is affected by basic design elements such as a coordinate system, modular arithmetic algorithms, implementation target, and underlying finite fields. This paper shows the generic structure of the ECC system implementation which allows the different types of designing parameters like elliptic curve, Galois prime finite field GF(p), and input type. The ECC system is analyzed with performance parameters such as required memory, elapsed time, and process complexity on the MATLAB platform. The simulations are carried out on the 8th generation Intel core i7 processor with the specifications of 8 GB RAM, 3.1 GHz, and 64-bit architecture. This analysis helps to design an efficient and high performance architecture of the ECC system on Application Specific Integrated Circuit (ASIC) and Field Programmable Gate Array (FPGA).Elliptic Curve Cryptography (ECC) has recognized much more attention over the last few years and has time-honored itself among the renowned public key cryptography schemes. The main feature of ECC is that shorter keys can be used as the best option for implementation of public key cryptography in resource-constrained (memory, power, and speed) devices like the Internet of Things (IoT), wireless sensor based applications, etc. The performance of hardware implementation for ECC is affected by basic design elements such as a coordinate system, modular arithmetic algorithms, implementation target, and underlying finite fields. This paper shows the generic structure of the ECC system implementation which allows the different types of designing parameters like elliptic curve, Galois prime finite field GF(p), and input type. The ECC system is analyzed with performance parameters such as required memory, elapsed time, and process complexity on the MATLAB platform. The simulations are carried out on the 8th generation Intel core i7 processor with the specifications of 8 GB RAM, 3.1 GHz, and 64-bit architecture. This analysis helps to design an efficient and high performance architecture of the ECC system on Application Specific Integrated Circuit (ASIC) and Field Programmable Gate Array (FPGA)

Cloud file sharing using PREaaS

This paper proposes a new method of features extraction for handwritten, printed and isolated numeral recognition. It is essential today for a company to store its data in an encrypted way when it uses Cloud Computing. However, the manipulation of this encrypted data remains complex, and it is very difficult in this case to be able to share the encrypted data between different users. One of the solutions for sharing encrypted data is to use PRE (Proxy Reencryption) which allows both the re-encryption of the data, but also the delegation of this operation by a third party via the use of a specific key. In this article, we propose a solution for sharing encrypted files between users that uses a classic storage system in the Cloud and PRE (re-encryption PRoxy). We present an improvement of an existing PRE algorithm by applying it to elliptical curves in order to improve its performance. Finally, we implement this architecture in the form of a cloud service called PREaaS (PRE as a Service) which allows this mechanism to be used on demand with an API

PQ-HPKE: Post-Quantum Hybrid Public Key Encryption

Public key cryptography is used to asymmetrically establish keys, authenticate or encrypt data between communicating parties at a relatively high performance cost. To reduce computational overhead, modern network protocols combine asymmetric primitives for key establishment and authentication with symmetric ones. Similarly, Hybrid Public Key Encryption, a relatively new scheme, uses public key cryptography for key derivation and symmetric key cryptography for data encryption. In this paper, we present the first quantum-resistant implementation of HPKE to address concerns that quantum computers bring to asymmetric algorithms. We propose PQ-only and PQ-hybrid HPKE variants and analyze their performance for two post-quantum key encapsulation mechanisms and various plaintext sizes. We compare these variants with RSA and classical HPKE and show that the additional post-quantum overhead is amortized over the plaintext size. Our PQ-hybrid variant with a lattice-based KEM shows an overhead of 52% for 1KB of encrypted data which is reduced to 17% for 1MB of plaintext. We report 1.83, 1.78, and 2.15 x10^6 clock cycles needed for encrypting 1MB of message based on classical, PQ-only, and PQ-hybrid HPKE respectively, where we note that the cost of introducing quantum-resistance to HPKE is relatively low

Set It and Forget It! Turnkey ECC for Instant Integration

Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus is on high speed, constant time, and formally verified implementations. While there are a handful of outliers where all these concepts join and land in real-world deployments, these are generally on a case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but not for all curves. In this work, we propose and implement a methodology that fully automates the implementation, testing, and integration of ECC stacks with the above properties. We demonstrate the flexibility and applicability of our methodology by seamlessly integrating into three real-world projects: OpenSSL, Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x, 13.3x, and 3.7x speedup on any given curve for key generation, key agreement, signing, and verifying, respectively. Furthermore, we showcase the efficacy of our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and a specification-level vulnerability in a Russian standard. Our work bridges the gap between significant applied cryptography research results and deployed software, fully automating the process

Fast Prime Field Elliptic Curve Cryptography with 256 Bit Primes

Abstract. This paper studies software optimization of Elliptic Curve Cryptography with 256-bit prime fields. We propose a constant-time implementation of the NIST and SECG standardized curve P-256, that can be seamlessly integrated into OpenSSL. This accelerates Perfect Forward Secrecy TLS handshakes that use ECDSA and/or ECDHE, and can help improving the efficiency of TLS servers. We report significant performance improvements for ECDSA and ECDH, on several architectures. For example, on the latest Intel Haswell microarchitecture, our ECDSA sign is 2.33x faster than OpenSSL’s implementation

Post-quantum cryptosystems for internet-of-things: A survey on lattice-based algorithms

The latest quantum computers have the ability to solve incredibly complex classical cryptography equations particularly to decode the secret encrypted keys and making the network vulnerable to hacking. They can solve complex mathematical problems almost instantaneously compared to the billions of years of computation needed by traditional computing machines. Researchers advocate the development of novel strategies to include data encryption in the post-quantum era. Lattices have been widely used in cryptography, somewhat peculiarly, and these algorithms have been used in both; (a) cryptoanalysis by using lattice approximation to break cryptosystems; and (b) cryptography by using computationally hard lattice problems (non-deterministic polynomial time hardness) to construct stable cryptographic functions. Most of the dominant features of lattice-based cryptography (LBC), which holds it ahead in the post-quantum league, include resistance to quantum attack vectors, high concurrent performance, parallelism, security under worst-case intractability assumptions, and solutions to long-standing open problems in cryptography. While these methods offer possible security for classical cryptosytems in theory and experimentation, their implementation in energy-restricted Internet-of-Things (IoT) devices requires careful study of regular lattice-based implantation and its simplification in lightweight lattice-based cryptography (LW-LBC). This streamlined post-quantum algorithm is ideal for levelled IoT device security. The key aim of this survey was to provide the scientific community with comprehensive information on elementary mathematical facts, as well as to address real-time implementation, hardware architecture, open problems, attack vectors, and the significance for the IoT networks

A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol

Since its introduction by Jao and De Feo in 2011, the supersingular isogeny Diffie-Hellman (SIDH) key exchange protocol has positioned itself as a promising candidate for post-quantum cryptography. One salient feature of the SIDH protocol is that it requires exceptionally short key sizes. However, the latency associated to SIDH is higher than the ones reported for other post-quantum cryptosystem proposals. Aiming to accelerate the SIDH runtime performance, we present in this work several algorithmic optimizations targeting both elliptic-curve and field arithmetic operations. We introduce in the context of the SIDH protocol a more efficient approach for calculating the elliptic curve operation P + [k]Q. Our strategy achieves a factor 1.4 speedup compared with the popular variable-three-point ladder algorithm regularly used in the SIDH shared secret phase. Moreover, profiting from pre-computation techniques our algorithm yields a factor 1.7 acceleration for the computation of this operation in the SIDH key generation phase. We also present an optimized evaluation of the point tripling formula, and discuss several algorithmic and implementation techniques that lead to faster field arithmetic computations. A software implementation of the above improvements on an Intel Skylake Core i7-6700 processor gives a factor 1.33 speedup against the state-of-the-art software implementation of the SIDH protocol reported by Costello-Longa-Naehrig in CRYPTO 2016

FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime

We introduce FourQ, a high-security, high-performance elliptic curve that targets the 128-bit security level. At the highest arithmetic level, cryptographic scalar multiplications on FourQ can use a four-dimensional Gallant-Lambert-Vanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edwards coordinates and can therefore exploit the fastest known elliptic curve addition formulas over large prime characteristic fields. Finally, at the finite field level, arithmetic is performed modulo the extremely fast Mersenne prime $p=2^{127}-1$. We show that this powerful combination facilitates scalar multiplications that are significantly faster than all prior works. On Intel\u27s Broadwell, Haswell, Ivy Bridge and Sandy Bridge architectures, our software computes a variable-base scalar multiplication in 50,000, 56,000, 69,000 cycles and 72,000 cycles, respectively; and, on the same platforms, our software computes a Diffie-Hellman shared secret in 80,000, 88,000, 104,000 cycles and 112,000 cycles, respectively. These results show that, in practice, FourQ is around four to five times faster than the original NIST P-256 curve and between two and three times faster than curves that are currently under consideration as NIST alternatives, such as Curve25519

Montgomery Arithmetic from a Software Perspective

This chapter describes Peter L. Montgomery\u27s modular multiplication method and the various improvements to reduce the latency for software implementations on devices which have access to many computational units