48 research outputs found
Approximation of the discrete logarithm in finite fields of even characteristic by real polynomials
summary:We obtain lower bounds on degree and additive complexity of real polynomials approximating the discrete logarithm in finite fields of even characteristic. These bounds complement earlier results for finite fields of odd characteristic
Interpolation of the discrete logarithm in by Boolean functions and by polynomials in several variables modulo a divisor of
Recently, Shparlinski proved several results on the interpolation of the discrete logarithm in finite prime fields by Boolean functions. In the first part of the paper, these results are extended to arbitrary finite fields of odd characteristic. More precisely, we prove some complexity lower bounds for Boolean functions representing the least significant bit of the discrete logarithm in a finite field. In the second part of the paper we obtain lower bounds on the sparsity and the degree of polynomials over Fq in several variables computing the discrete logarithm modulo a prime divisor of q-1. These results are valid for even characteristic, as well
Efficient Computation with Sparse and Dense Polynomials
Computations with polynomials are at the heart of any computer algebra system and also have many applications in engineering, coding theory, and cryptography. Generally speaking, the low-level polynomial computations of interest can be classified as arithmetic operations, algebraic computations, and inverse symbolic problems. New algorithms are presented in all these areas which improve on the state of the art in both theoretical and practical performance.
Traditionally, polynomials may be represented in a computer in one of two ways: as a "dense" array of all possible coefficients up to the polynomial's degree, or as a "sparse" list of coefficient-exponent tuples. In the latter case, zero terms are not explicitly written, giving a potentially more compact representation.
In the area of arithmetic operations, new algorithms are presented for the multiplication of dense polynomials. These have the same asymptotic time cost of the fastest existing approaches, but reduce the intermediate storage required from linear in the size of the input to a constant amount. Two different algorithms for so-called "adaptive" multiplication are also presented which effectively provide a gradient between existing sparse and dense algorithms, giving a large improvement in many cases while never performing significantly worse than the best existing approaches.
Algebraic computations on sparse polynomials are considered as well. The first known polynomial-time algorithm to detect when a sparse polynomial is a perfect power is presented, along with two different approaches to computing the perfect power factorization.
Inverse symbolic problems are those for which the challenge is to compute a symbolic mathematical representation of a program or "black box". First, new algorithms are presented which improve the complexity of interpolation for sparse polynomials with coefficients in finite fields or approximate complex numbers. Second, the first polynomial-time algorithm for the more general problem of sparsest-shift interpolation is presented.
The practical performance of all these algorithms is demonstrated with implementations in a high-performance library and compared to existing software and previous techniques
Hardware processors for pairing-based cryptography
Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an extension of the finite field on which the curves are defined. The finite fields must, however, be large to ensure adequate security. The complicated group structure of the curves and the expensive field operations result in time consuming computations that are an impediment to the practicality of pairing-based systems. The Tate pairing can be computed efficiently using the Ι³T method. Hardware architectures can be used to accelerate the required operations by exploiting the parallelism inherent to the algorithmic and finite field calculations. The Tate pairing can be performed on elliptic curves of characteristic 2 and 3 and on genus 2 hyperelliptic curves of characteristic 2. Curve selection is dependent on several factors including desired computational speed, the area constraints of the target device and the required security level. In this thesis, custom hardware processors for the acceleration of the Tate pairing are presented and implemented on an FPGA. The underlying hardware architectures are designed with care to exploit available parallelism while ensuring resource efficiency. The characteristic 2 elliptic curve processor contains novel units that return a pairing result in a very low number of clock cycles. Despite the more complicated computational algorithm, the speed of the genus 2 processor is comparable. Pairing computation on each of these curves can be appealing in applications with various attributes. A flexible processor that can perform pairing computation on elliptic curves of characteristic 2 and 3 has also been designed. An integrated hardware/software design and verification environment has been developed. This system automates the procedures required for robust processor creation and enables the rapid provision of solutions for a wide range of cryptographic applications
Modern Computer Arithmetic (version 0.5.1)
This is a draft of a book about algorithms for performing arithmetic, and
their implementation on modern computers. We are concerned with software more
than hardware - we do not cover computer architecture or the design of computer
hardware. Instead we focus on algorithms for efficiently performing arithmetic
operations such as addition, multiplication and division, and their connections
to topics such as modular arithmetic, greatest common divisors, the Fast
Fourier Transform (FFT), and the computation of elementary and special
functions. The algorithms that we present are mainly intended for
arbitrary-precision arithmetic. They are not limited by the computer word size,
only by the memory and time available for the computation. We consider both
integer and real (floating-point) computations. The book is divided into four
main chapters, plus an appendix. Our aim is to present the latest developments
in a concise manner. At the same time, we provide a self-contained introduction
for the reader who is not an expert in the field, and exercises at the end of
each chapter. Chapter titles are: 1, Integer Arithmetic; 2, Modular Arithmetic
and the FFT; 3, Floating-Point Arithmetic; 4, Elementary and Special Function
Evaluation; 5 (Appendix), Implementations and Pointers. The book also contains
a bibliography of 236 entries, index, summary of notation, and summary of
complexities.Comment: Preliminary version of a book to be published by Cambridge University
Press. xvi+247 pages. Cite as "Modern Computer Arithmetic, Version 0.5.1, 5
March 2010". For further details, updates and errata see
http://wwwmaths.anu.edu.au/~brent/pub/pub226.html or
http://www.loria.fr/~zimmerma/mca/pub226.htm
Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks
As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices.
Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device.
Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level.
As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations.
In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to ΞΌTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4Γ4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method
λνμνΈμ νλ‘κ·Έλ¨ λΉλ° λΆμ
νμλ
Όλ¬Έ (λ°μ¬)-- μμΈλνκ΅ λνμ : μ리과νλΆ, 2015. 8. μ²μ ν¬.λν μνΈλ 볡νΈν κ³Όμ μ κ±°μΉμ§ μκ³ μνΈν λ μνμμ μνΈλ¬ΈλΌλ¦¬ μ°μ°μ ν΅ν΄ λ°μ΄ν°μ μλ£ μ²λ¦¬λ₯Ό κ°λ₯νκ² νλ μνΈ κΈ°μ λ‘ μ΅κ·Ό λ§μ΄ μ¬μ©λκ³ μλ ν΄λΌμ°λ μλΉμ€ νκ²½μμ λ°μ ν μ μλ 보μ λ¬Έμ λ€μ ν΄κ²° ν μ μλ μνΈμμ€ν
μΌλ‘ μ£Όλͺ© λ°κ³ μλ€.
λ³Έ νμ λ
Όλ¬Έμμλ λν μνΈ μμ© κΈ°μ μ°κ΅¬μ ν¨κ» μλ‘μ΄ λνμνΈ μκ³ λ¦¬μ¦ κ°λ°μ λν΄ μ°κ΅¬νλ€. μμ©κΈ°μ μ°κ΅¬μμλ Naccache-Stern λ§μ
λν μνΈλ₯Ό μ΄μ©νμ¬ νλΌμ΄λ²μλ₯Ό 보쑴νλ ν©μ§ν© μ°μ° νλ‘ν μ½κ³Ό RLWEκΈ°λ° BGV λνμνΈλ₯Ό μ΄μ©νμ¬ λΉλ° νλ‘κ·Έλ¨ μ μ λΆμ λ°©λ²μ μ μνλ€.
ν¨μ¨μ μΈ ν©μ§ν© μ°μ°μ μ§μνκΈ° μν΄, μ°Έμ¬μμ μ§ν©μμλ€μ νννλ νΉλ³ν μΈμ½λ© ν¨μ μ μνκ³ , μ μν μΈμ½λ© ν¨μλ₯Ό μ μ©νμ¬ μ μΌ μΈμ λΆν΄ μ μ(unique factorization domain)μ΄ μλ 곡κ°μμλ λ€νμλ€μ κ·Όμ ν¨μ¨μ μΌλ‘ 볡ꡬ ν μ μλ λ°©λ²μ μ μνλ€. μ΄λ₯Ό λ°νμΌλ‘, νμ‘΄νλ κ°μ₯ ν¨μ¨μ μΈ μμλΌμ΄λμ ν©μ§ν© μ°μ° νλ‘ν μ½μ μ μνλ€.
νλ‘κ·Έλ¨ λΉλ° λΆμμμλ λνμνΈλ₯Ό μ΄μ©νμ¬ λΉλ° ν¬μΈν° λΆμλ°©λ²μ μ μνλ€. νλ‘κ·Έλ¨ λ³μμ νμ
μ 보λ₯Ό μ΄μ©νμ¬, λνμνΈ μ°μ°μ νμν κ³± μ°μ°μ νμλ₯Ό μμ λ‘ νκΈ°μ μΌλ‘ μ€μΌ μ μλ λ°©λ²μ μ μνκ³ , μ΄λ₯Ό λ°νμΌλ‘ μ€μ μνμ μ΄μ© κ°λ₯ν μμ€μ νλ‘κ·Έλ¨ λΉλ° λΆμ λ°©λ²μ μ μνλ€. μ΄λ₯Ό ν΅ν΄ λΆμκ°λ μνΈνλ νλ‘κ·Έλ¨ μ 보λ₯Ό μ΄μ©νμ¬ νλ‘κ·Έλ¨μ μλ ν¬μΈν° λ³μκ° μ€ν μ€ μ΄λ λ³μ νΉμ μ μ₯ μ₯μλ₯Ό κ°λ¦¬ν¬ μ μλ μ§μ λν λΆμμ΄ κ°λ₯ν΄μ§λ€.
λ§μ§λ§μΌλ‘ μλ‘μ΄ μνΈνμ λμ μΈ λ€νμ κ·Όμ¬κ³΅μ½μ λ¬Έμ λ₯Ό μ μνκ³ , μ΄ λ¬Έμ μ κΈ°λ°νλ μλ‘μ΄ λνμνΈλ₯Ό μ μνλ€. μ μν λνμνΈλ Djik λ±μ΄ μ μν λνμνΈμ λ€νμ λ²μ μΌλ‘ λ³Ό μ μμΌλ©°, μ΄μ λ°λΌ λ°μ΄ν° λ³λ ¬μ²λ¦¬λΏλ§ μλλΌ ν° μ μ μ°μ° μ§μνλ νΉμ§μ κ°μ§κ³ μλ€. Djik λ±μ΄ μ μν λνμνΈκ³μ΄μ μμ λνμνΈλ€μ λΉλ°ν€λ₯Ό λλλ μ°μ°μ μ 곡νκΈ° μν΄ λΆλΆν© λ¬Έμ κ° μ΄λ ΅λ€λ κ°μ μ μ¬μ©νλ λ°λ©΄, μ μν λνμνΈλ 볡νΈν κ³Όμ μμ λΉλ° μ 보λ₯Ό λλλ κ³Όμ μ΄ νμ μκΈ° λλ¬Έμ λΆλΆν© λ¬Έμ μ κ°μ μ νμλ‘ νμ§ μλλ€.Homomorphic encryption enables computing certain functions on encrypted data without decryption.
Many cloud-based services need efficient homomorphic encryption schemes to provide security to the data in cloud computing.
In this thesis, we focus on applications of homomorphic encryptions for set operation and program analysis, and we suggest a new construction of homomorphic encryption.
First, we present a new privacy preserving set union protocol and a secure points-to analysis method as applications of homomorphic encryptions.
Our set union protocol is based on the additive homomorphic encryption scheme by Naccache and Stern, whose message space is which is a product of small primes.
We introduce a special polynomial representation such that if a polynomial is represented as this form, then it is factorized uniquely in .
From this representation, we obtain an efficient constant round set union protocol without honest majority assumption.
We adopt a somewhat homomorphic encryption to perform static analysis on encrypted programs.
In our method, a somewhat homomorphic encryption scheme of depth is able to evaluate Andersen's pointer analysis with homomorphic matrix multiplications, for the number of pointer
variables when the maximal pointer level is bounded.
Finally, we propose a somewhat homomorphic encryption scheme over the polynomial ring.
The security of the proposed scheme is based on the polynomial approximate common divisor problem
which can be seen as a polynomial analogous of a base problem of DGHV fully homomorphic encryption and its extension.
Our scheme is conceptually simple and does not require a complicated re-linearization process.
For this reason, our scheme is more efficient than RLWE-based homomorphic encryption over the polynomial ring when evaluating low degree polynomial of large integers.
Furthermore, we convert this scheme to a leveled fully homomorphic encryption scheme, and the resulting scheme has features similar to the variant of van Dijk et al.s scheme by Coron et al. Our scheme, however, does not use the subset sum, which makes its design much simpler.Abstract i
1 Introduction 1
2 Private Set Union Protocol 6
2.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1.1 Polynomial Representation of a Set . . . . . . . . . . . 8
2.1.2 Reversed Laurent Series . . . . . . . . . . . . . . . . . 9
2.1.3 Additive Homomorphic Encryption . . . . . . . . . . . 10
2.1.4 Root Finding Algorithms . . . . . . . . . . . . . . . . 12
2.2 New Polynomial Representation of a Set . . . . . . . . . . . . 12
2.2.1 New Invertible Polynomial Representation . . . . . . . 14
2.2.2 The Expected Number of Root Candidates . . . . . . . 17
2.2.3 The Proper Size of . . . . . . . . . . . . . . . . . . . 21
2.3 New Privacy-preserving Set Union Protocols . . . . . . . . . . 25
2.3.1 Application of Our Polynomial Representation . . . . . 25
2.3.2 Honest-But-Curious Model . . . . . . . . . . . . . . . 27
2.3.3 Malicious Model . . . . . . . . . . . . . . . . . . . . . 30
2.3.4 Extension to the Multi-set Union Protocol . . . . . . . 32
2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3 Secure Static Program Analysis 37
3.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.1.1 Homomorphic Encryption . . . . . . . . . . . . . . . . 39
3.1.2 The BGV-type Cryptosystem . . . . . . . . . . . . . . 42
3.1.3 Security Model . . . . . . . . . . . . . . . . . . . . . . 43
3.2 A Basic Construction of a Pointer Analysis in Secrecy . . . . . 44
3.2.1 Inclusion-based Pointer Analysis . . . . . . . . . . . . 44
3.2.2 The Pointer Analysis in Secrecy . . . . . . . . . . . . . 45
3.3 Improvement of the Pointer Analysis in Secrecy . . . . . . . . 48
3.3.1 Problems of the Basic Approach . . . . . . . . . . . . 49
3.3.2 Overview of Improvement . . . . . . . . . . . . . . . . 49
3.3.3 Level-by-level Analysis . . . . . . . . . . . . . . . . . . 50
3.3.4 Ciphertext Packing . . . . . . . . . . . . . . . . . . . . 53
3.3.5 Randomization of Ciphertexts . . . . . . . . . . . . . . 56
3.4 Experimental Result . . . . . . . . . . . . . . . . . . . . . . . 56
3.5 Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
4 New Fully Homomorphic Encryption 63
4.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.1.1 Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.1.2 Chinese Remaindering for Polynomials over Composite
Modulus . . . . . . . . . . . . . . . . . . . . . . . . 67
4.1.3 Distributions . . . . . . . . . . . . . . . . . . . . . . . 67
4.2 Our Fully Homomorphic Encryption Scheme . . . . . . . . . . 68
4.2.1 Basic Parameters . . . . . . . . . . . . . . . . . . . . . 68
4.2.2 The Somewhat Homomorphic Encryption Scheme . . . 69
4.2.3 Leveled Fully Homomorphic Encryption Scheme . . . . 71
4.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.3.1 The Polynomial ACD Problems . . . . . . . . . . . . . 76
4.3.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . 77
4.4 Analysis of the Polynomial ACD Problems . . . . . . . . . . . 80
4.4.1 Distinguishing Attack . . . . . . . . . . . . . . . . . . 80
4.4.2 Chen-Nguyens Attack . . . . . . . . . . . . . . . . . . 82
4.4.3 Coppersmiths Attack . . . . . . . . . . . . . . . . . . 83
4.4.4 Extension of Cohn-Heningers Attack . . . . . . . . . . 85
4.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.5.1 Public Key Compression . . . . . . . . . . . . . . . . . 90
4.5.2 Implementation Results . . . . . . . . . . . . . . . . . 92
4.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
5 Conclusions 96
Abstract (in Korean) 110Docto
Theory and Practice of Cryptography and Network Security Protocols and Technologies
In an age of explosive worldwide growth of electronic data storage and communications, effective protection of information has become a critical requirement. When used in coordination with other tools for ensuring information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information. This book presents a collection of research work in the field of cryptography. It discusses some of the critical challenges that are being faced by the current computing world and also describes some mechanisms to defend against these challenges. It is a valuable source of knowledge for researchers, engineers, graduate and doctoral students working in the field of cryptography. It will also be useful for faculty members of graduate schools and universities