1,187 research outputs found

    Isogeny-based post-quantum key exchange protocols

    Get PDF
    The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between supersingular elliptic curves. In order to do so, we first introduce the reader to cryptography focusing on key agreement protocols and motivate the rise of post-quantum cryptography as a necessity with the existence of the model of quantum computation. We review some of the known attacks on the SIDH and finally study some algorithmic aspects to understand how the protocol can be implemented

    Quantum resource estimates for computing elliptic curve discrete logarithms

    Get PDF
    We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQUiUi|\rangle. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an nn-bit prime field can be computed on a quantum computer with at most 9n+2log2(n)+109n + 2\lceil\log_2(n)\rceil+10 qubits using a quantum circuit of at most 448n3log2(n)+4090n3448 n^3 \log_2(n) + 4090 n^3 Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled elliptic curve point addition as the core piece of Shor's algorithm for the NIST standard curves P-192, P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to recent resource estimates for Shor's factoring algorithm. The results also support estimates given earlier by Proos and Zalka and indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added. ASIACRYPT 201

    Can NSEC5 be practical for DNSSEC deployments?

    Full text link
    NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf

    Computing Hilbert class polynomials with the Chinese Remainder Theorem

    Get PDF
    We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.Comment: 37 pages, corrected a typo that misstated the heuristic complexit

    Elliptic Curve Cryptography on Modern Processor Architectures

    Get PDF
    Abstract Elliptic Curve Cryptography (ECC) has been adopted by the US National Security Agency (NSA) in Suite "B" as part of its "Cryptographic Modernisation Program ". Additionally, it has been favoured by an entire host of mobile devices due to its superior performance characteristics. ECC is also the building block on which the exciting field of pairing/identity based cryptography is based. This widespread use means that there is potentially a lot to be gained by researching efficient implementations on modern processors such as IBM's Cell Broadband Engine and Philip's next generation smart card cores. ECC operations can be thought of as a pyramid of building blocks, from instructions on a core, modular operations on a finite field, point addition & doubling, elliptic curve scalar multiplication to application level protocols. In this thesis we examine an implementation of these components for ECC focusing on a range of optimising techniques for the Cell's SPU and the MIPS smart card. We show significant performance improvements that can be achieved through of adoption of EC

    Failing to hash into supersingular isogeny graphs

    Get PDF
    An important open problem in supersingular isogeny-based cryptography is to produce, without a trusted authority, concrete examples of "hard supersingular curves" that is, equations for supersingular curves for which computing the endomorphism ring is as difficult as it is for random supersingular curves. A related open problem is to produce a hash function to the vertices of the supersingular \ell-isogeny graph which does not reveal the endomorphism ring, or a path to a curve of known endomorphism ring. Such a hash function would open up interesting cryptographic applications. In this paper, we document a number of (thus far) failed attempts to solve this problem, in the hope that we may spur further research, and shed light on the challenges and obstacles to this endeavour. The mathematical approaches contained in this article include: (i) iterative root-finding for the supersingular polynomial; (ii) gcd's of specialized modular polynomials; (iii) using division polynomials to create small systems of equations; (iv) taking random walks in the isogeny graph of abelian surfaces; and (v) using quantum random walks.Comment: 33 pages, 7 figure

    Elliptic curve and pseudo-inverse matrix based cryptosystem for wireless sensor networks

    Get PDF
    Applying asymmetric key security to wireless sensor network (WSN) has been challenging task for the researcher of this field. One common trade-off is that asymmetric key architecture does provide good enough security than symmetric key but on the other hand, sensor network has some resource limitations to implement asymmetric key approach. Elliptic curve cryptography (ECC) has significant advantages than other asymmetric key system like RSA, D-H etc. The most important feature of ECC is that it has much less bit requirement and at the same time, ensures better security compared to others. Hence, ECC can be a better option for implementing asymmetric key approach for sensor network. We propose a new cryptosystem which is based on Pseudo-inverse matrix and Elliptic Curve Cryptography. We establish a relationship between these two different concepts and evaluate our proposed system on the basis of the results of similar works as well as our own simulation done in TinyOS environment

    ELLIPTIC CURVE CRYPTOGRAPHY

    Get PDF
    In this article main points of ECC’s application and structure  is reviewed.Here is described the main advantages of ECC. The aim of this article is to systematize information on the practical application of elliptic curves,its general terms ,affect the topic of ECC popularity.Another interesting part of article is the question of patents,in most of Certicoms patents. Assuring fact is that the question of ECC is discovered by ECC Workshop, since 1997  were hold  a series of conferences on the ECC theme.The last one takes place in 2013 year. Since the first ECC workshop, held 1997 in Waterloo, the ECC conference series has broadened its scope beyond elliptic curve cryptography and now covers a wide range of areas within modern cryptography.The table in the end of article compares key sizes,and main points of ECC and RSA.The conclusion is that  ECC provides much more confidence use than first-generation public key cryptography systems. Equations based on elliptic curves is easy to perform, and extremely difficult to reverse and it is in demand.В этой статье выложены основные точки приложения эллиптической криптографии и ее структура.Цель этой статьи систематизировать информацию о практическом приминении эллиптических кривых ,ее основных  понятий, затронуть тему популярности эллиптических кривых. Другая интересная часть статьи это вопрос о патентировании, в большинстве это патенты  Certicom. Обнадеживающим фактом является то,что вопрос эллиптической криптографии раскрывается  «ECC Workshop» ,с 1997 была проведена серия конференций.Последняя конференция была проведена в 2013 году.С первого семинара, которая состоялась в 1997 году в Ватерлоо, серии  конференций  расширили свою сферу за пределы эллиптической криптографии и в настоящее время охватывает широкий спектр областей в современной криптографии.Таблица в конце статьи сравнивает размеры ключей,основных положений РСА и эллиптической криптографии.Вывод состоит в том,что эллиптическая криптография  обеспечивает гораздо большую  секретность,чем использование криптографии с открытым ключом. Уравнения , основанные на эллиптических кривых легки в использовании , и их  трудно  реверсировать,они пользуются спросом.Розглянуто структуру еліптичної криптографії, її вигляд,основне застосування. Схарактеризовано основні переваги використання еліптичної криптографії з-поміж РСА та іншими. Викладено основні історичні дати про цю гілку криптографії. Зібрано основні дані про патенти, що її стосуються —запропонованих NIST. Надано порівняння РСА та еліптичної криптографії у вигляді таблиці. Вважалось,що еліптичні криві матимуть успіх у криптографії через деякі їх властивості, такі як довжина ключа, менша вибагливість до продуктивності, надійності. Еліптичні криві використовуються для передачі даних по TLS, SSH, смарт-картах, Bitcoin,C++, Apple's i Message service. Зараз питанням еліптичних кривих активно займаються керуючий комітет «ECC Workshops» на чолі з Tanja Lange (Technische Universiteit Eindhoven, Netherlands), Chair Alfred Menezes (University of Waterloo, Canada , Christof Paar (Ruhr — Universität Bochum, Germany), Scott Vanstone ( University of Waterloo, Canada). ECC Workshop — це щорічні семінари, присвячені вивченню еліптичної криптографії та суміжних їй областей. С першого семінару в 1997 р. в Ватерлоо конференція з еліптичних кривих розширила свою сферу діяльності за межі еліптичної криптографії і наразі охоплює широкий спектр в областях сучасної криптографії
    corecore