Residue systems efficiency for modular products summation: application to elliptic curves cryptography

Residue systems of representation, like Residue Number Systems (RNS) for primary field(GF (p)) or Trino-mial Residue Arithmetic for binary field (GF (2k)), are characterized by efficient multiplication and costly modular reduction. On the other hand, conventional representations allow in some cases very efficient re-ductions but require costly multiplications. The main purpose of this paper is to analyze the complexity of those two different approaches in the summations of products. As a matter of fact, the complexities of the reduction in residue systems and of the multiplication in classical representations are similar. One of the main features of this reduction is that it doesn’t depend on the field. Moreover, the cost of multiplication in residue systems is equivalent to the cost of reduction in classical representations for special well-chosen fields. Taking those properties into account, we remark that an expression like A ∗ B + C ∗D, which requires two products, one addition and one reduction, evaluates faster in a residue system than in a classical one. So we propose to study types of expressions to offer a guide for choosing a most appropriate representation. One of the best domain of application is the Elliptic Curves Cryptography where addition and dou-bling points formulas are composed of products summation. The different kinds of coordinates like affine, projective, and Jacobean, offer a good choice of expressions for our study

Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

© Springer Nature Switzerland AG, 2019. We present a novel computational technique to check whether a matrix-vector product is correct with a relatively high probability. While the idea could be related to verifiable delegated computations, most of the literature in this line of work focuses on provably secure functional aspects and do not provide clear computational techniques to verify whether a product $$xA = y$$ is correct where x, A and y are not given nor computed by the party which requires validity checking: this is typically the case for some cryptographic lattice-based signature schemes. This paper focuses on the computational aspects and the improvement on both speed and memory when implementing such a verifier, and use a practical example: the Diagonal Reduction Signature (DRS) scheme as it was one of the candidates in the recent National Institute of Standards and Technology Post-Quantum Cryptography Standardization Calls for Proposals competition. We show that in the case of DRS, we can gain a factor of 20 in verification speed

An analysis of FV parameters impact towards its hardware acceleration

Conference of 21st International Workshops on Financial Cryptography and Data Security, FC 2017 held in conjuction with 5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, WAHC 2017, 4th Workshop on Bitcoin and Blockchain Research, BITCOIN 2017, 2nd Workshop on Advances in Secure Electronic Voting Schemes, VOTING 2017, 1st Workshop on Trusted Smart Contracts, WTSC 2017 and 1st Workshop on Targeted Attacks, TA 2017 ; Conference Date: 7 April 2017 Through 7 April 2017; Conference Code:205569International audienceThe development of cloud computing services is restrained by privacy concerns. Centralized medical services for instance, require a guarantee of confidentiality when using outsourced computation platforms. Fully Homomorphic Encryption is an intuitive solution to address such issue, but until 2009, existing schemes were only able to evaluate a reduced number of operations (Partially Homomorphic Encryption). In 2009, C. Gentry proposed a blueprint to construct FHE schemes from SHE schemes. However, it was not practical due to the huge data size overhead and the exponential noise growth of the initial SHE. Since then, major improvements have been made over SHE schemes and their noise management, and resulting schemes, like BGV and FV, allow to foresee small applications. Besides scheme improvements, new practical approaches were proposed to bring homomorphic encryption closer to practice. The IV-based stream cipher trans-ciphering approach brought by Canteaut et al. in 2015 reduces the on-line latency of the trans-ciphering process to a simple homomorphic addition. The homomorphic evaluation of stream ciphers, that produces the trans-ciphering keystream, could be computed in an off-line phase, resulting in an almost transparent trans-ciphering process from the user point of view. This approach combined with hardware accelerations could bring homomorphic encryption closer to practice. This paper deals the choice of FV parameters for efficient implementation of this scheme in the light of related works’ common approaches. At first sight, using large polynomial degree to reduce the coefficients size seemed to be advantageous, but further observations contradict it. Large polynomial degrees imply larger ciphertexts and more complex implementations, but smaller ones imply more primes to find for CRT polynomial representation. The result of this preliminary work for the choice of an adequate hardware target motivates the choice of small degree polynomials rather than small coefficients for the FV scheme