167 research outputs found
Efficiency and Implementation Security of Code-based Cryptosystems
This thesis studies efficiency and security problems of implementations of code-based
cryptosystems. These cryptosystems, though not currently used in the field, are of great
scientific interest, since no quantum algorithm is known that breaks them essentially
faster than any known classical algorithm. This qualifies them as cryptographic schemes
for the quantum-computer era, where the currently used cryptographic schemes are
rendered insecure.
Concerning the efficiency of these schemes, we propose a solution for the handling of
the public keys, which are, compared to the currently used schemes, of an enormous size.
Here, the focus lies on resource-constrained devices, which are not capable of storing a
code-based public key of communication partner in their volatile memory. Furthermore,
we show a solution for the decryption without the parity check matrix with a passable
speed penalty. This is also of great importance, since this matrix is of a size that is
comparable to that of the public key. Thus, the employment of this matrix on memory-constrained devices
is not possible or incurs a large cost.
Subsequently, we present an analysis of improvements to the generally most
time-consuming part of the decryption operation, which is the determination of the roots of
the error locator polynomial. We compare a number of known algorithmic variants and
new combinations thereof in terms of running time and memory demands. Though the
speed of pure software implementations must be seen as one of the strong sides of code-based schemes,
the optimisation of their running time on resource-constrained devices
and servers is of great relevance.
The second essential part of the thesis studies the side channel security of these
schemes. A side channel vulnerability is given when an attacker is able to retrieve
information about the secrets involved in a cryptographic operation by measuring physical
quantities such as the running time or the power consumption during that operation.
Specifically, we consider attacks on the decryption operation, which either target the
message or the secret key. In most cases, concrete countermeasures are proposed and
evaluated. In this context, we show a number of timing vulnerabilities that are linked to
the algorithmic variants for the root-finding of the error locator polynomial mentioned
above. Furthermore, we show a timing attack against a vulnerability in the Extended
Euclidean Algorithm that is used to solve the so-called key equation during the decryption
operation, which aims at the recovery of the message. We also present a related
practical power analysis attack. Concluding, we present a practical timing attack that
targets the secret key, which is based on the combination of three vulnerabilities, located
within the syndrome inversion, a further suboperation of the decryption, and the already
mentioned solving of the key equation.
We compare the attacks that aim at the recovery of the message with the analogous
attacks against the RSA cryptosystem and derive a general methodology for the discovery
of the underlying vulnerabilities in cryptosystems with specific properties.
Furthermore, we present two implementations of the code-based McEliece cryptosystem:
a smart card implementation and flexible implementation, which is based on a
previous open-source implementation. The previously existing open-source implementation
was extended to be platform independent and optimised for resource-constrained
devices. In addition, we added all algorithmic variants presented in this thesis, and
we present all relevant performance data such as running time, code size and memory
consumption for these variants on an embedded platform. Moreover, we implemented
all side channel countermeasures developed in this work.
Concluding, we present open research questions, which will become relevant once
efficient and secure implementations of code-based cryptosystems are evaluated by the
industry for an actual application
Tamper-Resistant Arithmetic for Public-Key Cryptography
Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines
A Side-Channel Attack Against the Secret Permutation on an Embedded McEliece Cryptosystem
International audience—In this paper, based on a thorough analysis of the state of the art, we point out a missing solution for embedded devices to secure the syndrome computation. We show that this weakness can open the door to a side-channel attack targeting the secret permutation. Indeed, brute-force attack iterations are dramatically decreased when the secret permutation is recovered. We demonstrate the feasibility of this attack against the McEliece cryptosystem implemented on an ARM Cortex-M3 microprocessor using Goppa codes. We explain how to recover the secret permutation on a toy example. Finally, we propose a promising countermeasure, which can be implemented in embedded devices to prevent this attack
Implementation Attacks on Post-Quantum Cryptographic Schemes
Post-quantum cryptographic schemes have been developed in the last decade in response to the rise of quantum computers. Fortunately, several schemes have been developed with quantum resistance. However, there is very little effort in evaluating and comparing these schemes in the embedded settings. Low cost embedded devices represents a highly-constraint environment that challenges all post-quantum cryptographic schemes. Moreover, there are even fewer efforts in evaluating the security of these schemes against implementation attacks including side-channel and fault attacks. It is commonly accepted that, any embedded cryptographic module that is built without a sound countermeasure, can be easily broken. Therefore, we investigate the question: Are we ready to implement post-quantum cryptographic schemes on embedded systems? We present an exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks. Unfortunately, the study shows that: we are not ready yet to implement any post-quantum cryptographic scheme in practical embedded systems. There is still a considerable amount of research that needs to be conducted before reaching a satisfactory level of security
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Countermeasure against the SPA attack on an embedded McEliece cryptosystem
International audience—In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosys-tem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a " chosen ciphertext attack " method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption
Toward an Asymmetric White-Box Proposal
This article presents a proposal for an asymmetric white-box scheme. While symmetric white-box is a well studied topic (in particular for AES white-box) with a rich literature, there is almost no public article on the topic of asymmetric white-box. However, asymmetric white-box designs are used in practice by the industry and are a real challenge. Proprietary implementations can be found in the wild but are usually heavily obfuscated and their design is not public, which makes their study impractical. The lack of public research on that topic makes it hard to assess the security of those implementations and can cause serious security issues. Our main contribution is to bring a public proposal for an asymmetric white-box scheme. Our proposal is a lattice-based cryptographic scheme that combines classical white-box techniques and arithmetic techniques to offer resilience to the white-box context. In addition, thanks to some homomorphic properties of our scheme, we use homomorphic encoding techniques to increase the security of our proposal in a white-box setting. The resulting scheme successfully performs a decryption function without exposing its secret key while its weight remains under 20 MB. While some of our techniques are designed around specific characteristics of our proposal, some of them may be adapted to other asymmetric cryptosystems. Moreover, those techniques can be used and improved in a less restrictive model than the white-box one: the grey-box model. This proposal aims to raise awareness from the research community on the study of asymmetric white-box cryptography
Theory and Practice of Cryptography and Network Security Protocols and Technologies
In an age of explosive worldwide growth of electronic data storage and communications, effective protection of information has become a critical requirement. When used in coordination with other tools for ensuring information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information. This book presents a collection of research work in the field of cryptography. It discusses some of the critical challenges that are being faced by the current computing world and also describes some mechanisms to defend against these challenges. It is a valuable source of knowledge for researchers, engineers, graduate and doctoral students working in the field of cryptography. It will also be useful for faculty members of graduate schools and universities
Fast and Secure Root Finding for Code-based Cryptosystems
In this work we analyze five previously published respectively trivial
approaches and two new hybrid variants for the task of finding the roots of the error locator polynomial
during the decryption operation of code-based encryption schemes. We compare
the performance of these algorithms and show that optimizations concerning
finite field element representations
play a key role for the speed of software implementations.
Furthermore, we point out a number of timing attack vulnerabilities that
can arise in root-finding algorithms, some aimed at recovering the message,
others at the secret support. We give experimental results of software
implementations showing that
manifestations of these vulnerabilities are present in straightforward
implementations of most of the root-finding variants presented in this
work.
As a result, we find that one of the variants provides security with respect to
all vulnerabilities as well as competitive computation time for code parameters that minimize the public key size
- …