New minimal weight representations for left-to-right window methods

Abstract. For an integer w ≥ 2, a radix 2 representation is called a width-w nonadjacent form (w-NAF, for short) if each nonzero digit is an odd integer with absolute value less than 2 w−1, and of any w consecutive digits, at most one is nonzero. In elliptic curve cryptography, the w-NAF window method is used to efficiently compute nP where n is an integer and P is an elliptic curve point. We introduce a new family of radix 2 representations which use the same digits as the w-NAF but have the advantage that they result in a window method which uses less memory. This memory savings results from the fact that these new representations can be deduced using a very simple left-to-right algorithm. Further, we show that like the w-NAF, these new representations have a minimal number of nonzero digits. 1 Window Methods An operation fundamental to elliptic curve cryptography is scalar multiplication; that is, computing nP for an integer, n, and an elliptic curve point, P. A number of different algorithms have been proposed to perform this operation efficiently (see Ch. 3 of [4] for a recent survey). A variety of these algorithms, known as window methods, use the approach described in Algorithm 1.1. For example, suppose D = {0, 1, 3, 5, 7}. Using this digit set, Algorithm 1.1 first computes and stores P, 3P, 5P and 7P. After a D-radix 2 representation of n is computed its digits are read from left to right by the “for ” loop and nP is computed using doubling and addition operations (and no subtractions). One way to compute a D-radix 2 representation of n is to slide a 3-digit window from right to left across the {0, 1}-radix 2 representation of n (see Section 4). Using negative digits takes advantage of the fact that subtracting an elliptic curve point can be done just as efficiently as adding it. Suppose now that D

Secure Data Aggregation in Wireless Sensor Networks. Homomorphism versus Watermarking Approach

International audienceWireless sensor networks are now in widespread use to monitor regions, detect events and acquire information. Since the deployed nodes are separated, they need to cooperatively communicate sensed data to the base station. Hence, transmissions are a very energy consuming operation. To reduce the amount of sending data, an aggregation approach can be applied along the path from sensors to the sink. However, usually the carried information contains confidential data. Therefore, an end-to-end secure aggregation approach is required to ensure a healthy data reception. End-to-end encryption schemes that support operations over cypher-text have been proved important for private party sensor network implementations. These schemes offer two main advantages: end-to-end concealment of data and ability to operate on cipher text, then no more decryption is required for aggregation. Unfortunately, nowadays these methods are very complex and not suitable for sensor nodes having limited resources. In this paper, we propose a secure end-to-end encrypted-data aggregation scheme. It is based on elliptic curve cryptography that exploits a smaller key size. Additionally, it allows the use of higher number of operations on cypher-texts and prevents the distinction between two identical texts from their cryptograms. These properties permit to our approach to achieve higher security levels than existing cryptosystems in sensor networks. Our experiments show that our proposed secure aggregation method significantly reduces computation and communication overhead and can be practically implemented in on-the-shelf sensor platforms. By using homomorphic encryption on elliptic curves, we thus have realized an efficient and secure data aggregation in sensor networks. Lastly, to enlarge the aggregation functions that can be used in a secure wireless sensor network, a watermarking-based authentication scheme is finally proposed

The influence of neighborhood characteristics on police officers\u27 encounters with persons suspected to have a serious mental illness

Objective: Police officers\u27 decisions and behaviors are impacted by the neighborhood context in which police encounters occur. For example, officers may use greater force and be more likely to make arrests in disadvantaged neighborhoods. We examined whether neighborhood characteristics influence police encounters with individuals suspected to have a serious mental illness, addictive disorder, or developmental disability. Method: We obtained data on 916 encounters from 166 officers in six jurisdictions in Georgia, USA and abstracted geographical data pertaining to the location of these encounters from United States Decennial Census data. Encounters were nested within 163 census tracts. Officer-reported data covered general encounter characteristics, the officer\u27s perception of the subject\u27s condition, subject demographics, use of force, and disposition of the encounter (e.g., arrest v. referral or transport to treatment services). Geographical data included 17 variables representing population and housing characteristics of the census tracts, from which three indices pertaining to neighborhood income, stability, and immigration status were derived using factor-analytic techniques. We then examined associations of these indices with various encounter-related variables using multi-level analysis. Results: Encounters taking place in higher-income and higher-stability census tracts were more likely to be dispatch-initiated and take place in a private home compared to those in lower-income and lower-stability neighborhoods. In higher-income neighborhoods, encounters were more likely to involve a subject suspected to have a mental illness (as opposed to an addictive disorder or developmental disability) and less likely to involve a subject suspected to have alcohol problems. The officer\u27s level of force used was not associated with neighborhood factors. Regarding disposition, although the likelihood of arrest was unrelated to neighborhood characteristics, encounters taking place in higher-immigrant neighborhoods were more likely to result in referral or transport to services than those in lower-immigrant neighborhoods. Conclusion: Neighborhood characteristics are important to consider in research on police interactions with individuals with serious mental illnesses, addictive disorders, or developmental disabilities. Such research could inform departmental training policies and procedures based on the needs of the jurisdictions served. (C) 2014 Elsevier Ltd. All rights reserved

Constructive and destructive use of compilers in elliptic curve cryptography

Although cryptographic software implementation is often performed by expert programmers, the range of performance and security driven options, as well as more mundane software engineering issues, still make it a challenge. The use of domain specific language and compiler techniques to assist in description and optimisation of cryptographic software is an interesting research challenge. In this paper we investigate two aspects of such techniques, focusing on Elliptic Curve Cryptography (ECC) in particular. Our constructive results show that a suitable language allows description of ECC based software in a manner close to the original mathematics; the corresponding compiler allows automatic production of an executable whose performance is competitive with that of a hand-optimised implementation. In contrast, we study the worrying potential for naïve compiler driven optimisation to render cryptographic software insecure. Both aspects of our work are set within the context of CACE, an ongoing EU funded project on this general topic

Elliptic Curve Scalar Multiplication Combining Yao’s Algorithm and Double Bases

Abstract. In this paper we propose to take one step back in the use of double base number systems for elliptic curve point scalar multiplication. Using a mod-ified version of Yao’s algorithm, we go back from the popular double base chain representation to a more general double base system. Instead of representing an integer k as Pn i=1 2 bi3ti where (bi) and (ti) are two decreasing sequences, we only set a maximum value for both of them. Then, we analyze the efficiency of our new method using different bases and optimal parameters. In particular, we pro-pose for the first time a binary/Zeckendorf representation for integers, providing interesting results. Finally, we provide a comprehensive comparison to state-of-the-art methods, including a large variety of curve shapes and latest point addition formulae speed-ups

Low-Weight Primes for Lightweight Elliptic Curve Cryptography on 8-bit AVR Processors

Small 8-bit RISC processors and micro-controllers based on the AVR instruction set architecture are widely used in the embedded domain with applications ranging from smartcards over control systems to wireless sensor nodes. Many of these applications require asymmetric encryption or authentication, which has spurred a body of research into implementation aspects of Elliptic Curve Cryptography (ECC) on the AVR platform. In this paper, we study the suitability of a special class of finite fields, the so-called Optimal Prime Fields (OPFs), for a "lightweight" implementation of ECC with a view towards high performance and security. An OPF is a finite field Fp defined by a prime of the form p = u*2^k + v, whereby both u and v are "small" (in relation to 2^k) so that they fit into one or two registers of an AVR processor. OPFs have a low Hamming weight, which allows for a very efficient implementation of the modular reduction since only the non-zero words of p need to be processed. We describe a special variant of Montgomery multiplication for OPFs that does not execute any input-dependent conditional statements (e.g. branch instructions) and is, hence, resistant against certain side-channel attacks. When executed on an Atmel ATmega processor, a multiplication in a 160-bit OPF takes just 3237 cycles, which compares favorably with other implementations of 160-bit modular multiplication on an 8-bit processor. We also describe a performance-optimized and a security-optimized implementation of elliptic curve scalar multiplication over OPFs. The former uses a GLV curve and executes in 4.19M cycles (over a 160-bit OPF), while the latter is based on a Montgomery curve and has an execution time of approximately 5.93M cycles. Both results improve the state-of-the-art in lightweight ECC on 8-bit processors