291 research outputs found
Quantum attacks on Bitcoin, and how to protect against them
The key cryptographic protocols used to secure the internet and financial
transactions of today are all susceptible to attack by the development of a
sufficiently large quantum computer. One particular area at risk are
cryptocurrencies, a market currently worth over 150 billion USD. We investigate
the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum
computers. We find that the proof-of-work used by Bitcoin is relatively
resistant to substantial speedup by quantum computers in the next 10 years,
mainly because specialized ASIC miners are extremely fast compared to the
estimated clock speed of near-term quantum computers. On the other hand, the
elliptic curve signature scheme used by Bitcoin is much more at risk, and could
be completely broken by a quantum computer as early as 2027, by the most
optimistic estimates. We analyze an alternative proof-of-work called Momentum,
based on finding collisions in a hash function, that is even more resistant to
speedup by a quantum computer. We also review the available post-quantum
signature schemes to see which one would best meet the security and efficiency
requirements of blockchain applications.Comment: 21 pages, 6 figures. For a rough update on the progress of Quantum
devices and prognostications on time from now to break Digital signatures,
see https://www.quantumcryptopocalypse.com/quantum-moores-law
(One) Failure Is Not an Option:Bootstrapping the Search for Failures in Lattice-Based Encryption Schemes
Lattice-based encryption schemes are often subject to the possibility of decryption failures, in which valid encryptions are decrypted incorrectly. Such failures, in large number, leak information about the secret key, enabling an attack strategy alternative to pure lattice reduction. Extending the failure boosting\u27\u27 technique of D\u27Anvers et al. in PKC 2019, we propose an approach that we call directional failure boosting\u27\u27 that uses previously found failing ciphertexts\u27\u27 to accelerate the search for new ones. We analyse in detail the case where the lattice is defined over polynomial ring modules quotiented by and demonstrate it on a simple Mod-LWE-based scheme parametrized Ă la Kyber768/Saber. We show that, using our technique, for a given secret key (single-target setting), the cost of searching for additional failing ciphertexts after one or more have already been found, can be sped up dramatically. We thus demonstrate that, in this single-target model, these schemes should be designed so that it is hard to even obtain one decryption failure. Besides, in a wider security model where there are many target secret keys (multi-target setting), our attack greatly improves over the state of the art
Message Recovery Attack in NTRU through VFK Lattices
In the present paper, we implement a message recovery attack to all variants
of the NTRU cryptosystem. Our approach involves a reduction from the
NTRU-lattice to a Voronoi First Kind lattice, enabling the application of a
polynomial CVP exact algorithm crucial for executing the Message Recovery. The
efficacy of our attack relies on a specific oracle that permits us to
approximate an unknown quantity. Furthermore, we outline the mathematical
conditions under which the attack is successful. Finally, we delve into a
well-established polynomial algorithm for CVP on VFK lattices and its
implementation, shedding light on its efficacy in our attack. Subsequently, we
present comprehensive experimental results on the NTRU-HPS and the NTRU-Prime
variants of the NIST submissions and propose a method that could indicate the
resistance of the NTRU cryptosystem to our attack
NTRU software implementation for constrained devices
The NTRUEncrypt is a public-key cryptosystem based on the shortest vector problem. Its main
characteristics are the low memory and computational requirements while providing a high
security level.
This document presents an implementation and optimization of the NTRU public-key cryptosys-
tem for constrained devices. Speci cally the NTRU cryptosystem has been implemented on the
ATMega128 and the ATMega163 microcontrollers.
This has turned in a major e ort in order to reduce the consumption of memory and op-
timize the computational resources. The di erent resulting optimizations have been compared
and evaluated throught the AVR Studio 4 [1]. The nal outcome has also been compared
with other published public-key cryptosystems as RSA or ECC showing the great performance
NTRUEncrypt is able to deliver at a surprising very low cost
Post-Quantum Cryptography for Internet of Things: A Survey on Performance and Optimization
Due to recent development in quantum computing, the invention of a large
quantum computer is no longer a distant future. Quantum computing severely
threatens modern cryptography, as the hard mathematical problems beneath
classic public-key cryptosystems can be solved easily by a sufficiently large
quantum computer. As such, researchers have proposed PQC based on problems that
even quantum computers cannot efficiently solve. Generally, post-quantum
encryption and signatures can be hard to compute. This could potentially be a
problem for IoT, which usually consist lightweight devices with limited
computational power. In this paper, we survey existing literature on the
performance for PQC in resource-constrained devices to understand the
severeness of this problem. We also review recent proposals to optimize PQC
algorithms for resource-constrained devices. Overall, we find that whilst PQC
may be feasible for reasonably lightweight IoT, proposals for their
optimization seem to lack standardization. As such, we suggest future research
to seek coordination, in order to ensure an efficient and safe migration toward
IoT for the post-quantum era.Comment: 13 pages, 3 figures and 7 tables. Formatted version submitted to ACM
Computer Survey
Enhancement of Nth degree truncated polynomial ring for improving decryption failure
Nth Degree Truncated Polynomial (NTRU) is a public key cryptosystem constructed in a polynomial ring with integer coefficients that is based on three main key integer parameters N; p and q. However, decryption failure of validly created ciphertexts may occur, at which point the encrypted message is discarded and the sender re-encrypts the messages using different parameters. This may leak information about the private key of the recipient thereby making it vulnerable to attacks. Due to this, the study focused on reduction or elimination of decryption failure through several solutions. The study began with an experimental evaluation of NTRU parameters and existing selection criteria by uniform quartile random sampling without replacement in order to identify the most influential parameter(s) for decryption failure, and thus developed a predictive parameter selection model with the aid of machine learning. Subsequently, an improved NTRU modular inverse algorithm was developed following an exploratory evaluation of alternative modular inverse algorithms in terms of probability of invertibility, speed of inversion and computational complexity. Finally, several alternative algebraic ring structures were evaluated in terms of simplification of multiplication, modular inversion, one-way function properties and security analysis for NTRU variant formulation. The study showed that the private key f and large prime q were the most influential parameters in decryption failure. Firstly, an extended parameter selection criteria specifying that the private polynomial f should be selected such that f(1) = 1, number of 1 coefficients should be one more or one less than -1 coefficients, which doubles the range of invertible polynomials thereby doubling the presented key space. Furthermore, selecting q 2:5754 f(1)+83:9038 gave an appropriate size q with the least size required for successful message decryption, resulting in a 33.05% reduction of the public key size. Secondly, an improved modular inverse algorithm was developed using the least squares method of finding a generalized inverse applying homomorphism of ring R and an (N x N) circulant matrix with integer coefficients. This ensured inversion for selected polynomial f except for binary polynomial having all 1 coefficients. This resulted in an increase of 48% to 51% whereby the number of invertible polynomials enlarged the key space and consequently improved security. Finally, an NTRU variant based on the ring of integers, Integer TRUncated ring (ITRU) was developed to address the invertiblity problem of key generation which causes decryption failure. Based on this analysis, inversion is guaranteed, and less pre-computation is required. Besides, a lower key generation computational complexity of O(N2) compared to O(N2(log2p+log2q)) for NTRU as well as a public key size that is 38% to 53% smaller, and a message expansion factor that is 2 to15 times larger than that of NTRU enhanced message security were obtained
- âŠ