Hardware Implementations of a Variant of the Zémor-Tillich Hash Function: Can a Provably Secure Hash Function be very efficient ?

Hash functions are widely used in Cryptography, and hardware implementations of hash functions are of interest in a variety of contexts such as speeding up the computations of a network server or providing authentication in small electronic devices such as RFID tags. Provably secure hash functions, the security of which relies on the hardness of a mathematical problem, are particularly appealing for security, but they used to be too inefficient in practice. In this paper, we study the efficiency in hardware of ZT\u27, a provably secure hash function based on the Zémor-Tillich hash function. We consider three kinds of implementations targeting a high throughput and a low area in different ways. We first present a high-speed implementation of ZT\u27 on FPGA that is nearly half as efficient as state-of-the-art SHA implementations in terms of throughput per area. We then focus on area reduction and present an ASIC implementation of ZT\u27 with much smaller area costs than SHA-1 and even than SQUASH, which was specially designed for low-cost RFID tags. Between these two extreme implementations, we show that the throughput and area can be traded with a lot of flexibility. Finally, we show that the inherent parallelism of ZT\u27 makes it particularly suitable for applications requiring high speed hashing of very long messages. Our work, together with existing reasonably efficient software implementations, shows that this variant of the Zémor-Tillich hash function is in fact very practical for a wide range of applications, while having a security related to the hardness of a mathematical problem and significant additional advantages such as scalability and parallelism

Improving the Rules of the DPA Contest

A DPA contest has been launched at CHES 2008. The goal of this initiative is to make it possible for researchers to compare different side-channel attacks in an objective manner. For this purpose, a set of 80000 traces corresponding to the encryption of 80000 different plaintexts with the Data Encryption Standard and a fixed key has been made available. In this short note, we discuss the rules that the contest uses to rate the effectiveness of different distinguishers. We first describe practical examples of attacks in which these rules can be misleading. Then, we suggest an improved set of rules that can be implemented easily in order to obtain a better interpretation of the comparisons performed

Interlaboratory exercise for the analysis of carotenoids and related compounds in dried mango fruit (Mangifera indica L.)

An interlaboratory comparison was done for the analysis of carotenoids in freeze-dried mango. The study was performed from July to September 2018. Mango fruit was freeze-dried, homogenized, and packaged under vacuum conditions in portions of 6 g (test sample). Two test samples were sent to the participating laboratories for analysis. Laboratory results were rated using Z-scores in accordance with ISO 13528 and ISO 17043. The standard deviation for proficiency assessment (also called target standard deviation) was determined using a modified Horwitz function and varied between 10% and 25%, depending on the analyte. Out of 14 laboratories from 10 different countries, 9 laboratories (64%) obtained a satisfactory performance (Z ≤ 2) for the analysis of β-carotene. While for 7 laboratories that analyzed α-carotene, (9Z)-β-carotene, β-cryptoxanthin, and zeaxanthin, 4 laboratories (57%) obtained a satisfactory performance. However, only 2 laboratories out of 7 (29%) obtained a satisfactory performance for lutein. Based on the comparability of the analytical results, this study concludes that freeze-dried mango pulp can be used as a reference material for the analysis of α and β-carotene, (9Z)-β-carotene, β-cryptoxanthin, and zeaxanthin by applying different analytical procedures for their extraction and quantification.This work was performed within the frame of the TEAM EC2017TEA442A103 VLIR-UOS project “Improving Ecuadorian child nutrition by using mango by-products as potential sources of bioactive compounds”. JV-Ch wants to acknowledge the quality technical support of Samara Fernández de Souza from VITO. VM-P acknowledges Mayra Anaguano from EPN. AZM acknowledges Fabiane C. Petry for the carotenoid analysis, FAPESP (grant 2018/23752-1) and CNPq (grant 309182/2018-2).Peer reviewe

Breaking ECC2K-130

Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard\u27s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack

Understanding power in cryptography

The concept of power may be of fundamental importance in many application fields of cryptography. In the context of small embedded devices, of growing interest with the advent of the “information era”, it is crucial to make the best use of the device weak resources, especially electrical power and energy. Another example is cryptanalysis which requires a huge amount of computational effort to break cryptographic algorithms. To improve the success probability of the cryptanalytic attempts, it is essential to make the most out of the available computing power. This is even more relevant when the attacks are conducted from a constructive point of view, in order to assess the security level of cryptographic algorithms. This thesis deals with two contexts of cryptography in which power is of central concern: cryptanalysis with special-purpose hardware and cryptography for low-power embedded devices. The common approach we follow is to carefully understand the available power resources in the studied contexts. In the first part, we exploit the computational power of Field Programmable Gate Arrays (FPGAs) and Application-Specific Integrated Circuit (ASICs) for practical attacks on public-key cryptosystems. We first propose an improved architecture to implement the Elliptic Curve Method of factoring integers on FPGA. This method is very useful when aiming to break RSA. We then study how to tackle the Elliptic Curve Discrete Logarithm Problem, relying on ASICs, in the special case of Koblitz curves. Our results underline the vulnerability of the 131-bit key size for Elliptic Curve Cryptography. In the second part, our aim is to decrease the overhead of cryptography for small embedded devices. We first analyze the energy cost of communication and cryptography in wireless sensor networks, allowing the selection of the less consuming protocol to achieve a given cryptographic task. We then study how to adapt group signatures to low-power devices, these signatures being very appealing for privacy-preserving applications. Our cooperative solution makes group signatures tractable for small devices like contactless smart cards.(FSA 3) -- UCL, 201

Hardware Implementations of a Variant of the Zemor-Tillich Hash Function: Can a Provably Secure Hash Function be very efficient ?

Hash functions are widely used in Cryptography, and hardware implementations of hash functions are of interest in a variety of contexts such as speeding up the computations of a network server or providing authentication in small electronic devices such as RFID tags. Provably secure hash functions, the security of which relies on the hardness of a mathematical problem, are particularly appealing for security, but they used to be too inefficient in practice. In this paper, we study the efficiency in hardware of ZT', a provably secure hash function based on the Zemor-Tillich hash function. We consider three kinds of implementations targeting a high throughput and a low area in dierent ways. We first present a high-speed implementation of ZT' on FPGA that is nearly half as efficient as state-of-the-art SHA implementations in terms of throughput per area. We then focus on area reduction and present an ASIC implementation of ZT' with much smaller area costs than SHA-1 and even than SQUASH, which was specially designed for low-cost RFID tags. Between these two extreme implementations, we show that the throughput and area can be traded with a lot of flexibility. Finally, we show that the inherent parallelism of ZT' makes it particularly suitable for applications requiring high speed hashing of very long messages. Our work, together with existing reasonably efficient software implementations, shows that this variant of the Zemor-Tillich hash function is in fact very practical for a wide range of applications, while having a security related to the hardness of a mathematical problem and significant additional advantages such as scalability and parallelism

IMAPS: imbricated authentication protocol suite for mobile users and groups

The rapid advancement and the wide-spread use of the Internet and wireless communications in our professional endeavors and personal lives are making ubiquitous authenticated connectivity for mobile users indispensable. Individuals and groups may roam within a network or across networks, either in infrastructure or ad hoc mode. In any case, uninterrupted authenticated communication would be required for numerous applications, in particular real-time multimedia applications. In this paper, we propose an imbricated protocol suite for authentication in different mobility contexts at both the intra-and inter-network levels. To the best of our knowledge, this is the first comprehensive treatment of authentication in mobile networks. We demonstrate that our solution supports seamless secure mobility while incurring low overhead in the authentication process.Anglai