10 research outputs found
Low-Latency Elliptic Curve Scalar Multiplication
This paper presents a low-latency algorithm designed for parallel computer architectures to compute the scalar multiplication of elliptic curve points based on approaches from cryptographic side-channel analysis. A graphics processing unit implementation using a standardized elliptic curve over a 224-bit prime field, complying with the new 112-bit security level, computes the scalar multiplication in 1.9ms on the NVIDIA GTX 500 architecture family. The presented methods and implementation considerations can be applied to any parallel 32-bit architectur
Breaking ECC2K-130
Elliptic-curve cryptography is becoming the standard public-key
primitive not only for mobile devices but also for high-security
applications.
Advantages are the higher cryptographic
strength per bit in comparison with RSA and the higher speed in
implementations.
To improve understanding of the exact strength of the elliptic-curve
discrete-logarithm problem, Certicom has published a series of
challenges. This paper describes breaking the ECC2K-130 challenge
using a parallelized version of Pollard\u27s rho method.
This is a major computation bringing together the contributions of
several clusters of conventional computers, PlayStation~3 clusters,
computers with powerful graphics cards and FPGAs. We also give
/preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation;
* detailed descriptions of the implementations on a multitude of
platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack
Bilinear map based one-time signature scheme with secret key exposure
Dijk et al. [6] presents Remote Attestation (RA) for secure
processor technology which is secure in the presence of an All Digital
State Observing (ADSO) adversary. The scheme uses a combination of
hardware security primitives and design principles together with a new
cryptographic primitive called a Public Key Session based One-Time
Signature Scheme with Secret Key Exposure (OTS-SKE). [6] shows a
hash based realization of OTS-SKE which is post quantum secure but
suffers long 8.704 KB signatures for 128-bit quantum security or 256-bit
classical security. From a classical cryptographic perspective we complete
the picture by introducing a bilinear map based OTS-SKE with short
0.125 KB signatures, 65 times shorter, and for which the security reduces
to the Computational Diffie-Hellman Problem (CDHP) â at the cost of
a 9Ă longer initialization phase in the RA scheme if implemented in
software (this can be improved with appropriate elliptic curve hardware
acceleration). Signing takes 560 ms at most 60% of the > 936 ms needed
for the hash based scheme
On the Cryptanalysis of Public-Key Cryptography
Nowadays, the most popular public-key cryptosystems are based on either the integer factorization or the discrete logarithm problem. The feasibility of solving these mathematical problems in practice is studied and techniques are presented to speed-up the underlying arithmetic on parallel architectures. The fastest known approach to solve the discrete logarithm problem in groups of elliptic curves over finite fields is the Pollard rho method. The negation map can be used to speed up this calculation by a factor â2. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. Furthermore, fast modular arithmetic is introduced which can take advantage of prime moduli of a special form using efficient "sloppy reduction." The effectiveness of these techniques is demonstrated by solving a 112-bit elliptic curve discrete logarithm problem using a cluster of PlayStation 3 game consoles: breaking a public-key standard and setting a new world record. The elliptic curve method (ECM) for integer factorization is the asymptotically fastest method to find relatively small factors of large integers. From a cryptanalytic point of view the performance of ECM gives information about secure parameter choices of some cryptographic protocols. We optimize ECM by proposing carry-free arithmetic modulo Mersenne numbers (numbers of the form 2M â 1) especially suitable for parallel architectures. Our implementation of these techniques on a cluster of PlayStation 3 game consoles set a new record by finding a 241-bit prime factor of 21181 â 1. A normal form for elliptic curves introduced by Edwards results in the fastest elliptic curve arithmetic in practice. Techniques to reduce the temporary storage and enhance the performance even further in the setting of ECM are presented. Our results enable one to run ECM efficiently on resource-constrained platforms such as graphics processing units
Secure Remote Attestation with Strong Key Insulation Guarantees
Recent years have witnessed a trend of secure processor design in both
academia and industry. Secure processors with hardware-enforced isolation can
be a solid foundation of cloud computation in the future. However, due to
recent side-channel attacks, the commercial secure processors failed to deliver
the promises of a secure isolated execution environment. Sensitive information
inside the secure execution environment always gets leaked via side channels.
This work considers the most powerful software-based side-channel attackers,
i.e., an All Digital State Observing (ADSO) adversary who can observe all
digital states, including all digital states in secure enclaves. Traditional
signature schemes are not secure in ADSO adversarial model. We introduce a new
cryptographic primitive called One-Time Signature with Secret Key Exposure
(OTS-SKE), which ensures no one can forge a valid signature of a new message or
nonce even if all secret session keys are leaked. OTS-SKE enables us to sign
attestation reports securely under the ADSO adversary. We also minimize the
trusted computing base by introducing a secure co-processor into the system,
and the interaction between the secure co-processor and the attestation
processor is unidirectional. That is, the co-processor takes no inputs from the
processor and only generates secret keys for the processor to fetch. Our
experimental results show that the signing of OTS-SKE is faster than that of
Elliptic Curve Digital Signature Algorithm (ECDSA) used in Intel SGX
FinTracer: A privacy-preserving mechanism for tracing electronic money
Information sharing between financial institutions can uncover complex financial crimes such as money laundering and fraud. However, such information sharing is often not possible due to privacy and commercial considerations, and criminals can exploit this intelligence gap in order to hide their activities by distributing them between institutions, a form of the practice known as ``layering\u27\u27.
We describe an algorithm that allows financial intelligence analysts to trace the flow of funds in suspicious transactions across financial institutions, without this impinging on the privacy of uninvolved individuals and without breaching the tipping off offence provisions between financial institutions. The algorithm is lightweight, allowing it to work even at nation-scale, as well as for it to be used as a building-block in the construction of more sophisticated algorithms for the detection of complex crime typologies within the financial data. We prove the algorithm\u27s scalability by timing measurements done over a full-sized deployment
Accéleration des traitements de la sécurité mobile avec le calcul parallÚle
LâaccĂ©lĂ©ration des traitements relatifs Ă la sĂ©curitĂ© mobile est devenue lâun des problĂšmes les plus importants vu la croissance exponentielle et lâimpact important des attaques ciblant ces plateformes. Il est important de protĂ©ger les informations sensibles au sein des tĂ©lĂ©phones mobiles Ă travers lâimplantation de systĂšmes de dĂ©tection de malwares ainsi que le chiffrement des donnĂ©es dans le but de maintenir un plus haut niveau de sĂ©curitĂ©. En effet, pour dĂ©tecter les applications malveillantes, un antivirus analyse un flux de donnĂ©es important et le compare avec une base de donnĂ©es de signatures de malwares. Malheureusement, comme le nombre de menaces augmente continuellement, le nombre de signatures de codes malveillants augmente proportionnellement. Ceci rend le processus de dĂ©tection plus complexe pour les tĂ©lĂ©phones mobiles, surtout quâils sont limitĂ©s en termes de mĂ©moire, de batterie et de capacitĂ© de traitement. Comme le niveau de sĂ©curitĂ© de ces systĂšmes sâaggrave, la capacitĂ© de calcul parallĂšle pour les tĂ©lĂ©phones mobiles est de mieux en mieux amĂ©liorĂ©e avec lâĂ©volution des unitĂ©s de traitement graphiques mobiles (GPU).
Dans ce mĂ©moire, nous allons porter lâaccent sur comment nous pouvons tirer profit de lâĂ©volution des capacitĂ©s de traitement parallĂšle des appareils mobiles afin dâaccĂ©lĂ©rer la dĂ©tection des logiciels malveillants ainsi que les traitements de cryptographie sur les tĂ©lĂ©phones Android. Dans ce but, nous avons conçu et mis en oeuvre une architecture parallĂšle pour les appareils mobiles qui exploite les capacitĂ©s de calcul des GPUs mobiles et le traitement distribuĂ© sur les clusters. Une sĂ©rie de techniques de calcul et dâoptimisation de la mĂ©moire est proposĂ©e pour augmenter lâefficacitĂ© de la dĂ©tection et le dĂ©bit dâexĂ©cution.
Les rĂ©sultats de ce travail de recherche nous mĂšnent Ă conclure que les GPUs mobiles peuvent ĂȘtre utilisĂ©es efficacement pour accĂ©lĂ©rer la dĂ©tection des malwares pour les tĂ©lĂ©phones mobiles ainsi que les traitements cryptographiques. Les rĂ©sultats montrent Ă©galement que lâarchitecture locale proposĂ©e sur les tĂ©lĂ©phones mobiles peut ĂȘtre Ă©tendue Ă une architecture de cluster afin dâavoir un taux dâaccĂ©lĂ©ration de traitement plus important lorsque les ressources du tĂ©lĂ©phone mobile sont occupĂ©es