Resolution of Linear Algebra for the Discrete Logarithm Problem Using GPU and Multi-core Architectures

In cryptanalysis, solving the discrete logarithm problem (DLP) is key to assessing the security of many public-key cryptosystems. The index-calculus methods, that attack the DLP in multiplicative subgroups of finite fields, require solving large sparse systems of linear equations modulo large primes. This article deals with how we can run this computation on GPU- and multi-core-based clusters, featuring InfiniBand networking. More specifically, we present the sparse linear algebra algorithms that are proposed in the literature, in particular the block Wiedemann algorithm. We discuss the parallelization of the central matrix--vector product operation from both algorithmic and practical points of view, and illustrate how our approach has contributed to the recent record-sized DLP computation in GF($2^{809}$).Comment: Euro-Par 2014 Parallel Processing, Aug 2014, Porto, Portugal. \<http://europar2014.dcc.fc.up.pt/\&gt

Dynamic generalized normal distribution optimization for feature selection

High dimensionality of data represents a major problem that affects the accuracy of the classification. This problem related with classification is mainly resulted from the availability of irrelevant features. Feature selection represents a solution to a problem by selecting the most informative features and discard the irrelevant features. Generalized normal distribution optimization (GNDO) represents a newly developed optimization that confirmed its outperformance in comparison with well-known optimization algorithms on parameter extraction for photovoltaic models. As an optimization algorithm, however, GNDO suffers from degraded performance when dealing with a problem with a high dimensionality. The main problems of GNDO include exploitation problem by falling into local optima problem. Also, GNDO has solutions diversity problem when it deals with data with high dimensionality. To alleviate the drawbacks of this algorithm and solve feature selection problems, a local search algorithm (LSA) is used. The new algorithm is called dynamic generalized normal distribution optimization (DGNDO), which includes the following main improvements to GNDO: it can improve the best solution to solve the local optima problem, it can improve solution diversity by improving the randomly selected solution, and it can improve both exploration and exploitation combined. To confirm the outperformance and efficiency of the new DGNDO algorithm, DGNDO algorithm is applied on 20 benchmarked datasets from UCI repository of data. In addition, DGNDO algorithm results are compared with seven well-known optimization algorithms using number of evaluation metrics including classification, accuracy, fitness, the number of selected features, statistical results using Wilcoxon test and convergence curves. The obtained results reveal the superiority of DGNDO algorithm over all other competing algorithms

Encrypted Shared Data Spaces

The deployment of Share Data Spaces in open, possibly hostile, environments arises the need of protecting the confidentiality of the data space content. Existing approaches focus on access control mechanisms that protect the data space from untrusted agents. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. Encryption schemes can be used to protect the data space content from malicious hosts. However, these schemes do not allow searching on encrypted data. In this paper we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised agents to share keys for inserting and retrieving tuples. Each authorised agent can encrypt, decrypt, and search encrypted tuples without having to know other agents’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given

Capture resilient ElGamal signature protocols

One of the fundamental problems of public key cryptography is protecting the private key. Private keys are too long to be remembered by the user, and storing them in the device which performs the private key operation is insecure as long as the device is subject to capture. In this paper, we propose server-assisted protocols for the ElGamal signature scheme which make the system capture resilient in the sense that the security of the system is not compromised even if the signature device is captured. The protocols also have a key disabling feature which allows a user to disable the device's private key in case both the device and the password of the user are compromised simultaneously. © Springer-Verlag Berlin Heidelberg 2006

A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer

open access articleBringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user's input with at most $O(n)$ complexity instead of $O(2^n)$, where $n$ is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its efficiency significantly

Quantum resource estimates for computing elliptic curve discrete logarithms

We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQ$Ui|\rangle$. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an $n$-bit prime field can be computed on a quantum computer with at most $9n + 2\lceil\log_2(n)\rceil+10$ qubits using a quantum circuit of at most $448 n^3 \log_2(n) + 4090 n^3$ Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled elliptic curve point addition as the core piece of Shor's algorithm for the NIST standard curves P-192, P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to recent resource estimates for Shor's factoring algorithm. The results also support estimates given earlier by Proos and Zalka and indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added. ASIACRYPT 201