Formulas for p-th root computations in finite fields of characteristic p using polynomial basis

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2016.Motivado por algoritmos criptográficos de emparelhamento bilinear, a computação da raiz cúbica em corpos finitos de característica 3 já fora abordada na literatura. Adicionalmente, novos estudos sobre a computação da raiz p-ésima em corpos finitos de característica p, onde p é um número primo, têm surgido. Estas contribuições estão centradas na computação de raízes para corpos de característica fixa ou para polinômios irredutíveis com poucos termos não nulos. Esta dissertação propõe novas famílias de polinômios irredutíveis em ??p, com k termos não nulos onde k = 2 e p = 3, para a computação eficiente da raiz p-ésima em corpos finitos de característica p. Além disso, para o caso onde p = 3, são obtidas novas extensões onde a computação da raiz cúbica é eficiente e polinômios cujo desempenho é ligeiramente melhor em comparação aos resultados da literatura. Palavras-chave: Criptografia, Teoria de Números, Aritmética em Corpos Finitos.Abstract : Efficient cube root computations in extensions fields of characteristic three have been studied, in part motivated by pairing cryptography implementations. Additionally, recent studies have emerged on the computation of p-th roots of finite fields of characteristic p, where p prime. These contributions have either considered a fixed characteristics for the extension field or irreducible polynomials with few nonzero terms. We provide new families of irreducible polynomials over ??p, taking into account polynomials with k = 2 nonzero terms and p = 3. Moreover, for the particular case p = 3, we slightly improve some previous results and we provide new extensions where efficient cube root computations are possible

SIDH-sign: an efficient SIDH PoK-based signature

We analyze and implement the SIDH PoK-based construction from De Feo, Dobson, Galbraith, and Zobernig. We improve the SIDH-PoK built-in functions to allow an efficient constant-time implementation. After that, we combine it with Fiat-Shamir transform to get an SIDH PoK-based signature scheme that we short label as SIDH-sign. We suggest SIDH-sign-p377, SIDH-sign-p546, and SIDH-sign-p697 as instances that provide security compared to NIST L1, L3, and L5. To the best of our knowledge, the three proposed instances provide the best performance among digital signature schemes based on isogenies

SoK: Methods for Sampling Random Permutations in Post-Quantum Cryptography

In post-quantum cryptography, permutations are frequently employed to construct cryptographic primitives. Careful design and implementation of sampling random unbiased permutations is essential for efficiency and protection against side-channel attacks. Nevertheless, there is a lack of systematic research on this topic. Our work seeks to fill this gap by studying the most prominent permutation sampling algorithms and assessing their advantages and limitations. We combine theoretical and experimental comparisons and provide a C library with the implementations of the algorithms discussed. Furthermore, we introduce a new sampling algorithm tailored for cryptographic applications

Enabling PERK on Resource-Constrained Devices

PERK is a digital signature scheme submitted to the recent NIST Post-Quantum Cryptography Standardization Process for Additional Digital Signature Schemes. For NIST security level I, PERK features sizes ranging from 6kB to 8.5kB, encompassing both the signature and public key, depending on the parameter set. Given its inherent characteristics, PERK\u27s signing and verification algorithms involve the computation of numerous large objects, resulting in substantial stack-memory consumption ranging from 300kB to 1.5MB for NIST security level I and from 1.1MB to 5.7MB for NIST security level V. In this paper, we present a memory-versus-performance trade-off strategy that significantly reduces PERK\u27s memory consumption to a maximum of approximately 82kB for any security level, enabling PERK to be executed on resource-constrained devices. Additionally, we explore various optimizations tailored to the Cortex M4 and introduce the first implementation of PERK designed for this platform

Post-Quantum Hybrid KEMTLS Performance in Simulated and Real Network Environments

Adopting Post-Quantum Cryptography (PQC) in network protocols is a challenging subject. Larger PQC public keys and signatures can significantly slow the Transport Layer Security (TLS) protocol. In this context, KEMTLS is a promising approach that replaces the handshake signatures by using PQC Key Encapsulation Mechanisms (KEMs), which have, in general, smaller sizes. However, for broad PQC adoption, hybrid cryptography has its advantages over PQC-only approaches, mainly about the confidence in the security of existing cryptographic schemes. This work brings hybrid cryptography to the KEMTLS and KEMTLS-PDK protocols. We analyze different network conditions and show that the penalty when using Hybrid KEMTLS over PQC-only KEMTLS is minor under certain security levels. We also compare Hybrid KEMTLS with a hybrid version of PQTLS. Overall, the benefits of using hybrid protocols outweigh the slowdown penalties in higher security parameters, which encourages its use in practice

Automated Issuance of Post-Quantum Certificates: a New Challenge

The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME\u27s PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let\u27s Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size

Message encoding algorithms for Winternitz signatures

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2021.Considerando um determinado conjunto de parâmetros para o esquema de assinatura única de Winternitz (Wots), a complexidade total da geração e verificação de uma assinatura é constante e independente do documento a ser assinado. Esses custos são devidos ao número de iterações de uma função f , executados sobre elementos de uma chave privada. No entanto, o custo de geração de assinatura por si só pode ser diferente do custo da verificação de assinatura, dependendo diretamente do documento de entrada. Este trabalho apresenta uma nova variante do esquema Wots, permitindo o ajuste desses custos. Ou seja, aumenta-se o tempo de geração de assinatura em favor de uma verificação mais rápida ou vice-versa. O número total de repetições de f para parâmetros específicos do esquema podem ser reduzidos, ocasionando também uma redução do custo de geração de chaves. Na contribuição principal deste trabalho, permite-se escolher um custo fixo de execuções de f , inalterado para qualquer mensagem de entrada. Experimentos mostram que as propostas têm impacto substancial em esquemas de assinatura baseados em árvores de Merkle, como Xmss. Além disso, se f for uma função de direção única, resistente à segunda pré-imagem e indetectável, prova-se formalmente que o esquema é Existentially Unforgeable under a Chosen Message Attack (EU-CMA).Abstract: It is known that, for a given set of parameters, the overall complexity for generating and verifying a signature is constant and independent of the document being signed, for the Winternitz onetime signature scheme (Wots). These costs are due to the number of chained iterations of a function f. However, the cost for signature generation alone is slightly different from signature verification, and these depend on the message to be signed. We introduce a new variant for Wots, which allows the adjustment of these costs, i.e. increase the overall signature generation time in favor of faster verification or vice-versa. We decrease the total number of iterations of f for some parameters, reducing the cost of key generation as well. Our main contribution allows one to choose a fixed cost with respect to the number of evaluations of f, unchanged for any input message. Our experiments show that these proposals substantially impact Merkle Tree based signature schemes, such as Xmss. Additionally, we give a formal proof that our scheme is Existentially Unforgeable under a Chosen Message Attack (EU-CMA), assuming that f is one way, second preimage resistant and undetectable function

Segurança em Banco de Dados

TCC (graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Curso de Ciências da Computação.O projeto propõe uma pesquisa para melhoria de seguranca da integridade e sigilo de dados, alem do gerenciamento de chaves. O projeto deve levantar necessidades e elaborar soluções para as necessidades encontradas, e em uma segunda etapa, implementar e testar estas soluções