Simultaneous hashing of multiple messages

We describe a method for efficiently hashing multiple messages of different lengths. Such computations occur in various scenarios, and one of them is when an operating system checks the integrity of its components during boot time. These tasks can gain performance by parallelizing the computations and using SIMD architectures. For such scenarios, we compare the performance of a new 4-buffers SHA-256 S-HASH implementation, to that of the standard serial hashing. Our results are measured on the 2nd Generation Intel® Core™ Processor, and demonstrate SHA-256 processing at effectively ~5.2 Cycles per Byte, when hashing from any of the three cache levels, or from the system memory. This represents speedup by a factor of 3.42x compared to OpenSSL (1.0.1), and by 2.25x compared to the recent and faster n-SMS method. For hashing from a disk, we show an effective rate of ~6.73 Cycles/Byte, which is almost 3 times faster than OpenSSL (1.0.1) under the same conditions. These results indicate that for some usage models, SHA-256 is significantly faster than commonly perceived

Asymptotic Analysis of Plausible Tree Hash Modes for SHA-3

Discussions about the choice of a tree hash mode of operation for a standardization have recently been undertaken. It appears that a single tree mode cannot address adequately all possible uses and specifications of a system. In this paper, we review the tree modes which have been proposed, we discuss their problems and propose remedies. We make the reasonable assumption that communicating systems have different specifications and that software applications are of different types (securing stored content or live-streamed content). Finally, we propose new modes of operation that address the resource usage problem for the three most representative categories of devices and we analyse their asymptotic behavior

Optimization of Tree Modes for Parallel Hash Functions: A Case Study

This paper focuses on parallel hash functions based on tree modes of operation for an inner Variable-Input-Length function. This inner function can be either a single-block-length (SBL) and prefix-free MD hash function, or a sponge-based hash function. We discuss the various forms of optimality that can be obtained when designing parallel hash functions based on trees where all leaves have the same depth. The first result is a scheme which optimizes the tree topology in order to decrease the running time. Then, without affecting the optimal running time we show that we can slightly change the corresponding tree topology so as to minimize the number of required processors as well. Consequently, the resulting scheme decreases in the first place the running time and in the second place the number of required processors.Comment: Preprint version. Added citations, IEEE Transactions on Computers, 201

A j-lanes tree hashing mode and j-lanes SHA-256

j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3rd Generation Intel® Core™. For message ranging 2KB to 132KB in length, the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation (that we are aware of), and between 1.9 to 2.5 times faster than OpenSSL 1.0.1c. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. We explain why j-lanes hashing will be even faster on the future AVX2 architecture with 256 bits registers. This suggests that standardizing a tree mode for hash functions (SHA-256 in particular) would deliver significant performance benefits for a multitude of algorithms and usages

Speeding up R-LWE post-quantum key exchange

Post-quantum cryptography has attracted increased attention in the last couple of years, due to the threat of quantum computers breaking current cryptosystems. In particular, the key size and performance of post-quantum algorithms became a significant target for optimization. In this spirit, Alkim \etal have recently proposed a significant optimization for a key exchange scheme that is based on the R-LWE problem. In this paper, we build on the implementation of Alkim \etal, and focus on improving the algorithm for generating a uniformly random polynomial. We optimize three independent directions: efficient pseudorandom bytes generation, decreasing the rejection rate during sampling, and vectorizing the sampling step. When measured on the latest Intel processor Architecture Codename Skylake, our new optimizations improve over Alkim \etal by up to 1.59x on the server side, and by up to 1.54x on the client side

Parallelized hashing via j-lanes and j-pointers tree modes, with applications to SHA-256

The j-lanes tree hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. The j-pointers tree hashing is a similar tree mode that receives, as input, j pointers to j messages (or slices of a single message), computes their digests and outputs the hash value of their concatenation. Such modes have parallelization capabilities on a hashing process that is serial by nature. As a result, they have performance advantage on modern processor architectures. This paper provides precise specifications for these hashing modes, proposes a setup for appropriate IV’s definition, and demonstrates their performance on the latest processors. Our hope is that it would be useful for standardization of these modes

A toolbox for software optimization of QC-MDPC code-based cryptosystems

The anticipated emergence of quantum computers in the foreseeable future drives the cryptographic community to start considering cryptosystems, which are based on problems that remain intractable even with strong quantum computers. One example is the family of code-based cryptosystems that relies on the Syndrome Decoding Problem (SDP). Recent work by Misoczki et al. [34] showed a variant of McEliece encryption which is based on Quasi Cyclic - Moderate Density Parity Check (MDPC) codes, and has significantly smaller keys than the original McEliece encryption. It was followed by the newly proposed QC-MDPC based cryptosystems CAKE [9] and Ouroboros [13]. These motivate dedicated new software optimizations. This paper lists the cryptographic primitives that QC-MDPC cryptosystems commonly employ, studies their software optimizations on modern processors, and reports the achieved speedups. It also assesses methods for side channel protection of the implementations, and their performance costs. These optimized primitives offer a useful toolbox that can be used, in various ways, by designers and implementers of QC-MDPC cryptosystems

BIKE: Bit Flipping Key Encapsulation

Submission to the NIST post quantum standardization proces

Optimizing Hash-Based Signatures in Java

Hash-based signature schemes are an extensively studied and well-understood choice for quantum-safe digital signatures. However, certain operations, most notably the key generation, can be comparably expensive. It is, therefore, essential to use well-optimized implementations. This thesis aims to explore, implement, and evaluate optimization strategies for hashbased signature implementations in Java. These include the use of special hardware features like vector instructions and hardware acceleration for hash functions as well as the parallelization of the key generation. Overall, we are able to reduce the time required for an XMSS key generation with SHA-2 by up to 96.4% (on four CPU cores) compared to the unmodified BouncyCastle implementation. For SPHINCS+ with the Haraka hash function family, we achieve a reduction of up to 95.7% on only one CPU core. Furthermore, we investigate the use of two scheme variants WOTS-BR and WOTS+C proposed in the literature for verification-optimized signatures. We improve the existing theoretical analysis of both, provide a comparison and experimentally validate our improved theoretical analysis

Solução mobile - banking, transações

Trabalho de projecto de mestrado, Engenharia Informática (Engenharia de Software) Universidade de Lisboa, Faculdade de Ciências, 2018O objetivo principal deste projeto de mestrado foi a criação de uma aplicação móvel na área da Banca que permita ao seu utilizador executar um conjunto de funcionalidades bancárias (como por exemplo consultar o estado atual da conta, efetuar pagamentos e realizar transações), sem ter de se deslocar fisicamente ao banco. O utilizador desta aplicação será assim o cliente do banco em questão. O projeto desenvolveu-se na Accenture, uma empresa internacional com grande relevância no mercado português. Aqui foi elaborado um plano de estágio que incluiu análise e desenho da solução, desenvolvimento, testes e documentação. Inicialmente estava prevista uma colaboração com o banco, mas este cancelou algumas fases do projeto antes do seu término. Contudo, a Accenture continuou a suportar o projeto por ser um investimento na sua carteira de software. O principal foco deste projeto foi a funcionalidade de transações, tanto entre contas do mesmo banco como entre contas de bancos diferentes. Foram tidas em consideração características de usabilidade, segurança e inovação para potenciar o interesse dos utilizadores na aplicação. Por exemplo, foi implementado um sistema de código de barras que permite gerar uma caixa digital para receção de uma futura transação, sendo que qualquer pessoa com a aplicação pode realizar a transferência simplesmente fotografando o código de barras; a usabilidade foi também considerada essencial, sendo que para a aumentar a solução foi prototipada antes da sua implementação em código; foram ainda seguidos princípios de segurança para evitar o uso malicioso da aplicação (autenticação baseada em palavra-chave ou em fatores biométricos, uso de métodos criptográficos para garantir a privacidade dos dados, etc.).The main objective of this master's project was to create a mobile application in the Banking area that allows its user to execute a set of banking functions (such as checking the current account status, making payments and making transactions), without having to physically move to the bank. The user of this application will thus be the client of the bank in question. The project was developed in Accenture, an international company with great relevance in the Portuguese market. Here a training plan was elaborated that included analysis and design of the solution, development, tests and documentation. Initially a collaboration with the bank was planned, but this bank canceled some phases of the project before its end. However, Accenture continued to support the project as an investment in its software portfolio. The focus of this project was the functionality of transactions, both between accounts of the same bank and between accounts of different banks. Usability, security and innovation characteristics have been considered to enhance the users' interest in the application. For example, a barcode system has been implemented that allows the generation of a digital box to receive a future transaction, and anyone with the application can perform the transfer simply by photographing the barcode; usability was also considered essential, and, to increase it, the solution was prototyped before its implementation in code; security principles were also followed to prevent malicious use of the application (keyword-based authentication or biometric factors, use of cryptographic methods to ensure data privacy, etc.)