MergeMAC:A MAC for Authentication with Strict Time Constraints and Limited Bandwidth

This paper presents MergeMAC, a MAC that is particularly suitable for environments with strict time requirements and extremely limited bandwidth. MergeMAC computes the MAC by splitting the message into two parts. We use a pseudorandom function (PRF) to map messages to random bit strings and then merge them with a very efficient keyless function. The advantage of this approach is that the outputs of the PRF can be cached for frequently needed message parts. We demonstrate the merits of MergeMAC for authenticating messages on the CAN bus where bandwidth is extremely limited and caching can be used to recover parts of the message counter instead of transmitting it. We recommend an instantiation of the merging function MERGE and analyze the security of our construction. Requirements for a merging function are formally defined and the resulting EUF-CMA security of MergeMAC is proven

Arithmetic Considerations for Isogeny Based Cryptography

In this paper we investigate various arithmetic techniques which can be used to potentially enhance the performance in the supersingular isogeny Diffie-Hellman (SIDH) key-exchange protocol which is one of the more recent contenders in the post-quantum public-key arena. Firstly, we give a systematic overview of techniques to compute efficient arithmetic modulo $2^xp^y\pm 1$. Our overview shows that in the SIDH setting, where arithmetic over a quadratic extension field is required, the approaches based on Montgomery reduction for such primes of a special shape are to be preferred. Moreover, the outcome of our investigation reveals that there exist moduli which allow even faster implementations. Secondly, we investigate if it is beneficial to use other curve models to speed-up the elliptic curve scalar multiplication. The use of twisted Edwards curves allows one to search for efficient addition-subtraction chains for fixed scalars while this is not possible with the differential addition law when using Montgomery curves. Our preliminary results show that despite the fact that we found such efficient chains, using twisted Edwards curves does not result in faster scalar multiplication arithmetic in the setting of SIDH

Faster Modular Arithmetic For Isogeny Based Crypto on Embedded Devices

We show how to implement the Montgomery reduction algorithm for isogeny based cryptography such that it can utilize the unsigned multiply accumulate accumulate long instruction present on modern ARM architectures. This results in a practical speed-up of a factor 1.34 compared to the approach used by SIKE: the supersingular isogeny based submission to the ongoing post-quantum standardization effort. Moreover, motivated by the recent work of Costello and Hisil (ASIACRYPT 2017), which shows that there is only a moderate degradation in performance when evaluating large odd degree isogenies, we search for more general supersingular isogeny friendly moduli. Using graphics processing units to accelerate this search we find many such moduli which allow for faster implementations on embedded devices. By combining these two approaches we manage to make the modular reduction 1.5 times as fast on a 32-bit ARM platform

Using a Telepresence System to Investigate Route Choice Behavior

A combination of a telepresence system and a microscopic traffic simulator is introduced. It is evaluated using a hotel evacuation scenario. Four different kinds of supporting information are compared, standard exit signs, floor plans with indicated exit routes, guiding lines on the floor and simulated agents leading the way. The results indicate that guiding lines are the most efficient way to support an evacuation but the natural behavior of following others comes very close. On another level the results are consistent with previously performed real and virtual experiments and validate the use of a telepresence system in evacuation studies. It is shown that using a microscopic traffic simulator extends the possibilities for evaluation, e.g. by adding simulated humans to the environment.Comment: Preprint of TGF11 (Traffic and Granular Flow, Moscow, September 2011) conference proceedings contributio

Using Extended Range Telepresence to Investigate Route Choice Behavior

A combination of a telepresence system and a microscopic traffic simulator is introduced. It is evaluated using a hotel evacuation scenario. Four different kinds of supporting information are compared, standard exit signs, floor plans with indicated exit routes, guiding lines on the floor and simulated agents leading the way. The results indicate that guiding lines are the most efficient way to support an evacuation but the natural behavior of following others comes very close. On another level the results are consistent with previously performed real and virtual experiments and validate the use of a telepresence system in evacuation studies. It is shown that using a microscopic traffic simulator extends the possibilities for evaluation, e.g. by adding simulated humans to the environment

Calibrating Dynamic Pedestrian Route Choice with an Extended Range Telepresence System

In this contribution we present the results of a pilot study in which an Extended Range Telepresence System is used to calibrate parameters of a pedestrian model for simulation. The parameters control a model element that is intended to make simulated agents walk in the direction of the esti- mated smallest remaining travel time. We use this to, first, show that that an Extended Range Telepresence System can serve for such a task in general and second to actually find simulation parameters that yield realistic results

Fly, you fool! Faster Frodo for the ARM Cortex-M4

We present an efficient implementation of FrodoKEM-640 on an ARM Cortex-M4 core. We leverage the single instruction, multiple data paradigm, available in the instruction set of the ARM Cortex-M4, together with a careful analysis of the memory layout of matrices to considerably speed up matrix multiplications. Our implementations take up to 79.4% less cycles than the reference. Moreover, we challenge the usage of a cryptographically secure pseudorandom number generator for the generation of the large public matrix involved. We argue that statistically good pseudorandomness is enough to achieve the same security goal. Therefore, we propose to use xoshiro128** as a PRNG instead: its structure can be easily integrated in FrodoKEM-640, it passes all known statistical tests and greatly outperforms previous choices. By using xoshiro128** we improve the generation of the large public matrix, which is a considerable bottleneck for embedded devices, by up to 96%

Dual Mode NOx Sensor: Measuring Both the Accumulated Amount and Instantaneous Level at Low Concentrations

The accumulating-type (or integrating-type) NOx sensor principle offers two operation modes to measure low levels of NOx: The direct signal gives the total amount dosed over a time interval and its derivative the instantaneous concentration. With a linear sensor response, no baseline drift, and both response times and recovery times in the range of the gas exchange time of the test bench (5 to 7 s), the integrating sensor is well suited to reliably detect low levels of NOx. Experimental results are presented demonstrating the sensor’s integrating properties for the total amount detection and its sensitivity to both NO and to NO2. We also show the correlation between the derivative of the sensor signal and the known gas concentration. The long-term detection of NOx in the sub-ppm range (e.g., for air quality measurements) is discussed. Additionally, a self-adaption of the measurement range taking advantage of the temperature dependency of the sensitivity is addressed

Arithmetic Considerations for Isogeny Based Cryptography

status: Published onlin