Efficient software implementation of elliptic curves and bilinear pairings

Orientador: Júlio César Lopez HernándezTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O advento da criptografia assimétrica ou de chave pública possibilitou a aplicação de criptografia em novos cenários, como assinaturas digitais e comércio eletrônico, tornando-a componente vital para o fornecimento de confidencialidade e autenticação em meios de comunicação. Dentre os métodos mais eficientes de criptografia assimétrica, a criptografia de curvas elípticas destaca-se pelos baixos requisitos de armazenamento para chaves e custo computacional para execução. A descoberta relativamente recente da criptografia baseada em emparelhamentos bilineares sobre curvas elípticas permitiu ainda sua flexibilização e a construção de sistemas criptográficos com propriedades inovadoras, como sistemas baseados em identidades e suas variantes. Porém, o custo computacional de criptossistemas baseados em emparelhamentos ainda permanece significativamente maior do que os assimétricos tradicionais, representando um obstáculo para sua adoção, especialmente em dispositivos com recursos limitados. As contribuições deste trabalho objetivam aprimorar o desempenho de criptossistemas baseados em curvas elípticas e emparelhamentos bilineares e consistem em: (i) implementação eficiente de corpos binários em arquiteturas embutidas de 8 bits (microcontroladores presentes em sensores sem fio); (ii) formulação eficiente de aritmética em corpos binários para conjuntos vetoriais de arquiteturas de 64 bits e famílias mais recentes de processadores desktop dotadas de suporte nativo à multiplicação em corpos binários; (iii) técnicas para implementação serial e paralela de curvas elípticas binárias e emparelhamentos bilineares simétricos e assimétricos definidos sobre corpos primos ou binários. Estas contribuições permitiram obter significativos ganhos de desempenho e, conseqüentemente, uma série de recordes de velocidade para o cálculo de diversos algoritmos criptográficos relevantes em arquiteturas modernas que vão de sistemas embarcados de 8 bits a processadores com 8 coresAbstract: The development of asymmetric or public key cryptography made possible new applications of cryptography such as digital signatures and electronic commerce. Cryptography is now a vital component for providing confidentiality and authentication in communication infra-structures. Elliptic Curve Cryptography is among the most efficient public-key methods because of its low storage and computational requirements. The relatively recent advent of Pairing-Based Cryptography allowed the further construction of flexible and innovative cryptographic solutions like Identity-Based Cryptography and variants. However, the computational cost of pairing-based cryptosystems remains significantly higher than traditional public key cryptosystems and thus an important obstacle for adoption, specially in resource-constrained devices. The main contributions of this work aim to improve the performance of curve-based cryptosystems, consisting of: (i) efficient implementation of binary fields in 8-bit microcontrollers embedded in sensor network nodes; (ii) efficient formulation of binary field arithmetic in terms of vector instructions present in 64-bit architectures, and on the recently-introduced native support for binary field multiplication in the latest Intel microarchitecture families; (iii) techniques for serial and parallel implementation of binary elliptic curves and symmetric and asymmetric pairings defined over prime and binary fields. These contributions produced important performance improvements and, consequently, several speed records for computing relevant cryptographic algorithms in modern computer architectures ranging from embedded 8-bit microcontrollers to 8-core processorsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã

Superlinear threshold detectors in quantum cryptography

We introduce the concept of a superlinear threshold detector, a detector that has a higher probability to detect multiple photons if it receives them simultaneously rather than at separate times. Highly superlinear threshold detectors in quantum key distribution systems allow eavesdropping the full secret key without being revealed. Here, we generalize the detector control attack, and analyze how it performs against quantum key distribution systems with moderately superlinear detectors. We quantify the superlinearity in superconducting single-photon detectors based on earlier published data, and gated avalanche photodiode detectors based on our own measurements. The analysis shows that quantum key distribution systems using detector(s) of either type can be vulnerable to eavesdropping. The avalanche photodiode detector becomes superlinear towards the end of the gate, allowing eavesdropping using trigger pulses containing less than 120 photons per pulse. Such an attack would be virtually impossible to catch with an optical power meter at the receiver entrance.Comment: Rewritten for clearity. Included a discussion on detector dark counts, a discussion on how to tackle this type of loopholes, and updated references. 8 pages, 6 figure

Security in smart object networks

Internet of Things (IoT) refers to an inter-connected world where physical devices are seamlessly integrated into the Internet and become active participants of business, information and social processes. This involves the inter-connection of a large number of heterogeneous networked entities and networks. Emergence of technologies such as Zigbee, Bluetooth low energy and embedded sensors has transformed simple physical devices into smart objects that can understand and react to their environment. Such smart objects form the building blocks for the Internet of Things. The communication infrastructure for these objects is based on an extension of the Internet protocol stack. Although the need for security is widely accepted, there is no clear consensus on how IP-based Internet security protocols can be applied to resource-constrained smart object networks. In this thesis, we develop a new secure and energy efficient communication model for the Constrained Application Protocol (CoAP), a light-weight communication protocol designed for smart object networks. We contribute to the standardization of the generic communication architecture by adding security and delegation components for smart objects that sleep for large amounts of time during their operational phase. This architecture ensures data integrity and authenticity over a multi-hop network topology. It also provides a mirroring mechanism that uses a proxy to serve data on behalf of sleeping smart objects, thereby allowing them to act as always-online web servers. A working prototype implementation of the architecture is also developed. The security features in the architecture presented in this thesis are based on using strong public-key cryptography. Contrary to popular belief, our performance evaluation shows that asymmetric public-key cryptography can be implemented on small 8-bit micro-controllers without modifying the underlying cryptographic algorithms

Recent Application in Biometrics

In the recent years, a number of recognition and authentication systems based on biometric measurements have been proposed. Algorithms and sensors have been developed to acquire and process many different biometric traits. Moreover, the biometric technology is being used in novel ways, with potential commercial and practical implications to our daily activities. The key objective of the book is to provide a collection of comprehensive references on some recent theoretical development as well as novel applications in biometrics. The topics covered in this book reflect well both aspects of development. They include biometric sample quality, privacy preserving and cancellable biometrics, contactless biometrics, novel and unconventional biometrics, and the technical challenges in implementing the technology in portable devices. The book consists of 15 chapters. It is divided into four sections, namely, biometric applications on mobile platforms, cancelable biometrics, biometric encryption, and other applications. The book was reviewed by editors Dr. Jucheng Yang and Dr. Norman Poh. We deeply appreciate the efforts of our guest editors: Dr. Girija Chetty, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park and Dr. Sook Yoon, as well as a number of anonymous reviewers

XTR and Tori

At the turn of the century, 80-bit security was the standard. When considering discrete-log based cryptosystems, it could be achieved using either subgroups of 1024-bit finite fields or using (hyper)elliptic curves. The latter would allow more compact and efficient arithmetic, until Lenstra and Verheul invented XTR. Here XTR stands for \u27ECSTR\u27, itself an abbreviation for Efficient and Compact Subgroup Trace Representation. XTR exploits algebraic properties of the cyclotomic subgroup of sixth degree extension fields, allowing representation only a third of their regular size, making finite field DLP-based systems competitive with elliptic curve ones. Subsequent developments, such as the move to 128-bit security and improvements in finite field DLP, rendered the original XTR and closely related torus-based cryptosystems no longer competitive with elliptic curves. Yet, some of the techniques related to XTR are still relevant for certain pairing-based cryptosystems. This chapter describes the past and the present of XTR and other methods for efficient and compact subgroup arithmetic

Implementations of Wireless and Wired Intelligent Systems for Healthcare with Focus on Diabetes and Ultrasound Applications

The research and implementations presented in this thesis focuses mainly on healthcare applications utilizing the wireless and wired communication and “Micro-Electro-Mechanical Systems” (MEMS) technologies, and secondly on security aspects. Chapters four and five presents new work in intelligent diabetes remote monitoring front-end system and into the corresponding new ultrasound simulator training systems. The motivation from the University of Sheffield of Electronic and Electrical Engineering Department and Sheffield Children Hospital with the partial grant scholarship from “Engineering and Physical Sciences Research Council” (EPSRC) for involvement in one “Collaborations for Leadership in Applied Health Research and Care” (CLAHRC) projects, was to improve the existing WithCare+ system and also the development of multiple new front-end solutions for it. My motivation to create solutions which will improve the life of patients who suffer from chronic disease such as type-1 diabetes, and also to provide new methods in management of that illness by clinicians and possible resulting annual government money saving, drives me to the successful result. From the other side, the motivation from the department of Neonatal in Sheffield Royal Hallamshire Hospital and the University of Sheffield of Electronic and Electrical Engineering Department drives me to the creation of a new, very low cost ultrasound simulation training system, using new components such as MEMS sensors. The hardware design and embedded source code was created in order to provide a ready library, for use by other projects, where 3D space orientation is required through exploitation of MEMS sensors and intelligent fusion filter algorithm. The third contribution affects the cryptographic aspects. The new implementation of fast and very efficient portable C code algorithm for t-adic NAF Key generation in ECC cryptographic principle for utilization of it with Koblitz curves presented in Appendix I

On the Analysis of Public-Key Cryptologic Algorithms

The RSA cryptosystem introduced in 1977 by Ron Rivest, Adi Shamir and Len Adleman is the most commonly deployed public-key cryptosystem. Elliptic curve cryptography (ECC) introduced in the mid 80's by Neal Koblitz and Victor Miller is becoming an increasingly popular alternative to RSA offering competitive performance due the use of smaller key sizes. Most recently hyperelliptic curve cryptography (HECC) has been demonstrated to have comparable and in some cases better performance than ECC. The security of RSA relies on the integer factorization problem whereas the security of (H)ECC is based on the (hyper)elliptic curve discrete logarithm problem ((H)ECDLP). In this thesis the practical performance of the best methods to solve these problems is analyzed and a method to generate secure ephemeral ECC parameters is presented. The best publicly known algorithm to solve the integer factorization problem is the number field sieve (NFS). Its most time consuming step is the relation collection step. We investigate the use of graphics processing units (GPUs) as accelerators for this step. In this context, methods to efficiently implement modular arithmetic and several factoring algorithms on GPUs are presented and their performance is analyzed in practice. In conclusion, it is shown that integrating state-of-the-art NFS software packages with our GPU software can lead to a speed-up of 50%. In the case of elliptic and hyperelliptic curves for cryptographic use, the best published method to solve the (H)ECDLP is the Pollard rho algorithm. This method can be made faster using classes of equivalence induced by curve automorphisms like the negation map. We present a practical analysis of their use to speed up Pollard rho for elliptic curves and genus 2 hyperelliptic curves defined over prime fields. As a case study, 4 curves at the 128-bit theoretical security level are analyzed in our software framework for Pollard rho to estimate their practical security level. In addition, we present a novel many-core architecture to solve the ECDLP using the Pollard rho algorithm with the negation map on FPGAs. This architecture is used to estimate the cost of solving the Certicom ECCp-131 challenge with a cluster of FPGAs. Our design achieves a speed-up factor of about 4 compared to the state-of-the-art. Finally, we present an efficient method to generate unique, secure and unpredictable ephemeral ECC parameters to be shared by a pair of authenticated users for a single communication. It provides an alternative to the customary use of fixed ECC parameters obtained from publicly available standards designed by untrusted third parties. The effectiveness of our method is demonstrated with a portable implementation for regular PCs and Android smartphones. On a Samsung Galaxy S4 smartphone our implementation generates unique 128-bit secure ECC parameters in 50 milliseconds on average

Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications