1,315 research outputs found
Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security
In our paper at PROOFS 2013, we formally studied a few known countermeasures
to protect CRT-RSA against the BellCoRe fault injection attack. However, we
left Vigilant's countermeasure and its alleged repaired version by Coron et al.
as future work, because the arithmetical framework of our tool was not
sufficiently powerful. In this paper we bridge this gap and then use the same
methodology to formally study both versions of the countermeasure. We obtain
surprising results, which we believe demonstrate the importance of formal
analysis in the field of implementation security. Indeed, the original version
of Vigilant's countermeasure is actually broken, but not as much as Coron et
al. thought it was. As a consequence, the repaired version they proposed can be
simplified. It can actually be simplified even further as two of the nine
modular verifications happen to be unnecessary. Fortunately, we could formally
prove the simplified repaired version to be resistant to the BellCoRe attack,
which was considered a "challenging issue" by the authors of the countermeasure
themselves.Comment: arXiv admin note: substantial text overlap with arXiv:1401.817
Recommended from our members
An Improved Pseudorandom Generator Based on Hardness of Factoring
We present a simple to implement and efficient pseudorandom generator based on the factoring assumption. It outputs more than pn/2 pseudorandom bits per p exponentiations, each with the same base and an exponent shorter than n/2 bits. Our generator is based on results by Hastad, Schrift and Shamir
[HSS93], but unlike their generator and its improvement by Goldreich and Rosen [GR00], it does not use hashing or extractors, and is thus simpler and somewhat more efficient.
In addition, we present a general technique that can be used to speed up pseudorandom generators based on iterating one-way permutations. We construct our generator by applying this technique to results of [HSS93]. We also show how the generator given by Gennaro [Gen00] can be simply derived from results of Patel and Sundaram [PS98a] using our technique.Engineering and Applied Science
Cloud-based Quadratic Optimization with Partially Homomorphic Encryption
The development of large-scale distributed control systems has led to the
outsourcing of costly computations to cloud-computing platforms, as well as to
concerns about privacy of the collected sensitive data. This paper develops a
cloud-based protocol for a quadratic optimization problem involving multiple
parties, each holding information it seeks to maintain private. The protocol is
based on the projected gradient ascent on the Lagrange dual problem and
exploits partially homomorphic encryption and secure multi-party computation
techniques. Using formal cryptographic definitions of indistinguishability, the
protocol is shown to achieve computational privacy, i.e., there is no
computationally efficient algorithm that any involved party can employ to
obtain private information beyond what can be inferred from the party's inputs
and outputs only. In order to reduce the communication complexity of the
proposed protocol, we introduced a variant that achieves this objective at the
expense of weaker privacy guarantees. We discuss in detail the computational
and communication complexity properties of both algorithms theoretically and
also through implementations. We conclude the paper with a discussion on
computational privacy and other notions of privacy such as the non-unique
retrieval of the private information from the protocol outputs
Normal Elliptic Bases and Torus-Based Cryptography
We consider representations of algebraic tori over finite fields.
We make use of normal elliptic bases to show that, for infinitely many
squarefree integers and infinitely many values of , we can encode
torus elements, to a small fixed overhead and to -tuples of
elements, in quasi-linear time in .
This improves upon previously known algorithms, which all have a
quasi-quadratic complexity. As a result, the cost of the encoding phase is now
negligible in Diffie-Hellman cryptographic schemes
Generalised Mersenne Numbers Revisited
Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and
feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve
cryptography. Their form is such that modular reduction is extremely efficient,
thus making them an attractive choice for modular multiplication
implementation. However, the issue of residue multiplication efficiency seems
to have been overlooked. Asymptotically, using a cyclic rather than a linear
convolution, residue multiplication modulo a Mersenne number is twice as fast
as integer multiplication; this property does not hold for prime GMNs, unless
they are of Mersenne's form. In this work we exploit an alternative
generalisation of Mersenne numbers for which an analogue of the above property
--- and hence the same efficiency ratio --- holds, even at bitlengths for which
schoolbook multiplication is optimal, while also maintaining very efficient
reduction. Moreover, our proposed primes are abundant at any bitlength, whereas
GMNs are extremely rare. Our multiplication and reduction algorithms can also
be easily parallelised, making our arithmetic particularly suitable for
hardware implementation. Furthermore, the field representation we propose also
naturally protects against side-channel attacks, including timing attacks,
simple power analysis and differential power analysis, which is essential in
many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio
Security systems based on Gaussian integers : Analysis of basic operations and time complexity of secret transformations
Many security algorithms currently in use rely heavily on integer arithmetic modulo prime numbers. Gaussian integers can be used with most security algorithms that are formulated for real integers. The aim of this work is to study the benefits of common security protocols with Gaussian integers. Although the main contribution of this work is to analyze and improve the application of Gaussian integers for various public key (PK) algorithms, Gaussian integers were studied in the context of image watermarking as well.
The significant benefits of the application of Gaussian integers become apparent when they are used with Discrete Logarithm Problem (DLP) based PK algorithms. In order to quantify the complexity of the Gaussian integer DLP, it is reduced to two other well known problems: DLP for Lucas sequences and the real integer DLP. Additionally, a novel exponentiation algorithm for Gaussian integers, called Lucas sequence Exponentiation of Gaussian integers (LSEG) is introduced and its performance assessed, both analytically and experimentally. The LSEG achieves about 35% theoretical improvement in CPU time over real integer exponentiation. Under an implementation with the GMP 5.0.1 library, it outperformed the GMP\u27s mpz_powm function (the particularly efficient modular exponentiation function that comes with the GMP library) by 40% for bit sizes 1000-4000, because of low overhead associated with LSEG. Further improvements to real execution time can be easily achieved on multiprocessor or multicore platforms. In fact, over 50% improvement is achieved with a parallelized implementation of LSEG. All the mentioned improvements do not require any special hardware or software and are easy to implement. Furthermore, an efficient way for finding generators for DLP based PK algorithms with Gaussian integers is presented.
In addition to DLP based PK algorithms, applications of Gaussian integers for factoring-based PK cryptosystems are considered. Unfortunately, the advantages of Gaussian integers for these algorithms are not as clear because the extended order of Gaussian integers does not directly come into play. Nevertheless, this dissertation describes the Extended Square Root algorithm for Gaussian integers used to extend the Rabin Cryptography algorithm into the field of Gaussian integers. The extended Rabin Cryptography algorithm with Gaussian integers allows using fewer preset bits that are required by the algorithm to guard against various attacks. Additionally, the extension of RSA into the domain of Gaussian integers is analyzed. The extended RSA algorithm could add security only if breaking the original RSA is not as hard as factoring. Even in this case, it is not clear whether the extended algorithm would increase security.
Finally, the randomness property of the Gaussian integer exponentiation is utilized to derive a novel algorithm to rearrange the image pixels to be used for image watermarking. The new algorithm is more efficient than the one currently used and it provides a degree of cryptoimmunity. The proposed method can be used to enhance most picture watermarking algorithms
- …