Multiplexing scheme for simplified entanglement-based large-alphabet quantum key distribution

We propose a practical quantum cryptographic scheme which combines high information capacity, such as provided by high-dimensional quantum entanglement, with the simplicity of a two-dimensional Clauser-Horne-Shimony-Holt (CHSH) Bell test for security verification. By applying a state combining entanglement in a two-dimensional degree of freedom, such as photon polarization, with high-dimensional correlations in another degree of freedom, such as photon orbital angular momentum (OAM) or path, the scheme provides a considerably simplified route towards security verification in quantum key distribution (QKD) aimed at exploiting high-dimensional quantum systems for increased secure key rates. It also benefits from security against collective attacks and is feasible using currently available technologies.Comment: 7 pages, 3 figure

Design space exploration and optimization of path oblivious RAM in secure processors

Keeping user data private is a huge problem both in cloud computing and computation outsourcing. One paradigm to achieve data privacy is to use tamper-resistant processors, inside which users' private data is decrypted and computed upon. These processors need to interact with untrusted external memory. Even if we encrypt all data that leaves the trusted processor, however, the address sequence that goes off-chip may still leak information. To prevent this address leakage, the security community has proposed ORAM (Oblivious RAM). ORAM has mainly been explored in server/file settings which assume a vastly different computation model than secure processors. Not surprisingly, naïvely applying ORAM to a secure processor setting incurs large performance overheads. In this paper, a recent proposal called Path ORAM is studied. We demonstrate techniques to make Path ORAM practical in a secure processor setting. We introduce background eviction schemes to prevent Path ORAM failure and allow for a performance-driven design space exploration. We propose a concept called super blocks to further improve Path ORAM's performance, and also show an efficient integrity verification scheme for Path ORAM. With our optimizations, Path ORAM overhead drops by 41.8%, and SPEC benchmark execution time improves by 52.4% in relation to a baseline configuration. Our work can be used to improve the security level of previous secure processors.National Science Foundation (U.S.). Graduate Research Fellowship Program (Grant 1122374)American Society for Engineering Education. National Defense Science and Engineering Graduate FellowshipUnited States. Defense Advanced Research Projects Agency (Clean-slate design of Resilient, Adaptive, Secure Hosts Contract N66001-10-2-4089

Formal verification of a software countermeasure against instruction skip attacks

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded processors, a fault model consisting in an assembly instruction skip can be very useful for an attacker and has been obtained by using several fault injection means. To avoid this threat, some countermeasure schemes which rely on temporal redundancy have been proposed. Nevertheless, double fault injection in a long enough time interval is practical and can bypass those countermeasure schemes. Some fine-grained countermeasure schemes have also been proposed for specific instructions. However, to the best of our knowledge, no approach that enables to secure a generic assembly program in order to make it fault-tolerant to instruction skip attacks has been formally proven yet. In this paper, we provide a fault-tolerant replacement sequence for almost all the instructions of the Thumb-2 instruction set and provide a formal verification for this fault tolerance. This simple transformation enables to add a reasonably good security level to an embedded program and makes practical fault injection attacks much harder to achieve

Rtl Implementation Of Secure Hash Algorithm 3 (Sha-3) Towards Smaller Area

Secure data transfer has been the most challenging task for Internet of Things (IoT) devices. Data integrity must be ensured before and after the data transmission. Cryptographic hash functions are generally the basis of a secure network and used for data integrity verification. Cryptographic hash functions carried out processes such as identity verification, file integrity checking, secure key passing, and source code version control. Among all of the cryptography measures, Secure Hash Algorithm 3 (SHA-3) is the newest and secure cryptographic hash algorithm in the current electronic industry. In the previous Intel Microelectronic SHA-3 design, the synthesized area of the design is large due to many intermediate states and logics of the step mapping functions. The objective of this project is to design a synthesizable SHA-3 with 256-bits hash output and 1600-bits state array with lower area compared to Intel Microelectronic SHA-3. This research implements the SHA-3 in ways such that all the step mapping algorithms are logically combined to only use the input lanes of the state array to eliminate the intermediate logics and reduces the area size. Functionality verification is done using the test case provided by National Institute Standards and Technology (NIST). Two squeezing phases are tested to ensure the functionality of design. Final design of SHA-3 in this research can achieve area reduction by 12.57%, the cell count reduction by 24.35%, the critical path length reduction by 18.84%, and reduction of the clock cycles needed to generate the hash output by 75%. In conclusion, the SHA-3 with smaller area and higher performance has been designed and is possible to cater the needs of IoT application

An Experiment in Ping-Pong Protocol Verification by Nondeterministic Pushdown Automata

An experiment is described that confirms the security of a well-studied class of cryptographic protocols (Dolev-Yao intruder model) can be verified by two-way nondeterministic pushdown automata (2NPDA). A nondeterministic pushdown program checks whether the intersection of a regular language (the protocol to verify) and a given Dyck language containing all canceling words is empty. If it is not, an intruder can reveal secret messages sent between trusted users. The verification is guaranteed to terminate in cubic time at most on a 2NPDA-simulator. The interpretive approach used in this experiment simplifies the verification, by separating the nondeterministic pushdown logic and program control, and makes it more predictable. We describe the interpretive approach and the known transformational solutions, and show they share interesting features. Also noteworthy is how abstract results from automata theory can solve practical problems by programming language means.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866