38 research outputs found
On multi-exponentiation in cryptography
We describe and analyze new combinations of multi-exponentiation
algorithms with representations of the exponents. We deal mainly but
not exclusively with the case where the inversion of group elements is fast: These methods are most attractive with exponents in the range from 80
to 256 bits, and can also be used for computing single
exponentiations in groups which admit an automorphism satisfying
a monic equation of small degree over the integers.
The choice of suitable exponent representations allows us to match or
improve the running time of the best multi-exponentiation techniques
in the aforementioned range, while keeping the memory
requirements as small as possible. Hence some of the methods
presented here are particularly attractive for deployment in
memory constrained environments such as smart cards.
By construction, such methods provide good resistance
against side channel attacks.
We also describe some applications of these algorithms
The QARMAv2 Family of Tweakable Block Ciphers
We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher
Minimality of the Hamming Weight of the \tau-NAF for Koblitz Curves and Improved Combination with Point Halving
In order to efficiently perform scalar multiplications on
elliptic Koblitz curves, expansions of the scalar to a
complex base associated with the Frobenius endomorphism
are commonly used. One such expansion is the
-adic NAF, introduced by Solinas.
Some properties of this expansion, such as
the average weight, are well known, but in the literature
there is no proof of its {\em optimality},
i.e.~that it always has minimal weight.
In this paper we provide the first proof of this fact.
Point halving, being faster than doubling, is also used to
perform fast scalar multiplications on generic elliptic curves
over binary fields. Since its computation is more expensive
than that of the Frobenius, halving was thought to be
uninteresting for Koblitz curves.
At PKC 2004, Avanzi, Ciet, and Sica combined Frobenius
operations with one point halving to compute scalar
multiplications on Koblitz curves using
on average 14\% less group additions than with the
usual -and-add method without increasing memory usage.
The second result of this paper is an improvement over their
expansion, that is simpler to compute, and optimal in a suitable
sense, i.e.\ it has minimal Hamming weight among all -adic
expansions with digits
that allow one halving to be inserted in the corresponding scalar
multiplication algorithm.
The resulting scalar multiplication requires on average
25\% less group operations than the Frobenius method, and is thus
12.5\% faster than the previous known combination
Estimation of the susceptibility of a road network to shallow landslides with the integration of the sediment connectivity
Abstract. Landslides cause severe damage to the road network of the hit zone, in terms of
both direct (partial or complete destruction of a road or blockages) and
indirect (traffic restriction or the cut-off of a certain area) costs. Thus, the
identification of the parts of the road network that are more susceptible to
landslides is fundamental to reduce the risk to the population potentially
exposed and the financial expense caused by the damage. For these reasons,
this paper aimed to develop and test a data-driven model for the
identification of road sectors that are susceptible to being hit by shallow
landslides triggered in slopes upstream from the infrastructure. This model was
based on the Generalized Additive Method, where the function relating
predictors and response variable is an empirically fitted smooth function
that allows fitting the data in the more likely functional form, considering
also non-linear relations. This work also analyzed the importance, on the
estimation of the susceptibility, of considering or not the sediment
connectivity, which influences the path and the travel distance of the
materials mobilized by a slope failure until hitting a potential barrier such as a road.
The study was carried out in a catchment of northeastern Oltrepò Pavese
(northern Italy), where several shallow landslides affected roads in the last
8 years. The most significant explanatory variables were selected by a random
partition of the available dataset in two parts (training and test subsets),
100 times according to a bootstrap procedure. These variables (selected
80 times by the bootstrap procedure) were used to build the final
susceptibility model, the accuracy of which was estimated through a 100-fold
repetition of the holdout method for regression, based on the training and test
sets created through the 100 bootstrap model selection. The presented
methodology allows the identification, in a robust and reliable way, of the
most susceptible road sectors that could be hit by sediments delivered by
landslides. The best predictive capability was obtained using a model in
which the index of connectivity was also calculated according to a linear
relationship, was considered. Most susceptible road traits resulted to be
located below steep slopes with a limited height (lower than 50 m), where
sediment connectivity is high. Different land use scenarios were considered in
order to estimate possible changes in road susceptibility. Land use classes
of the study area were characterized by similar connectivity features. As a
consequence, variations on the susceptibility of the road network according
to different scenarios of distribution of land cover were limited. The
results of this research demonstrate the ability of the developed methodology
in the assessment of susceptible roads. This could give the managers of
infrastructure information about the criticality of the different road traits,
thereby allowing attention and economic budgets to be shifted towards the
most critical assets, where structural and non-structural mitigation measures
could be implemented
Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives
The present survey deals with the recent research in side channel analysis and related attacks on implementations of cryptographic primitives. The focus is on software contermeasures for primitives built around algebraic groups. Many countermeasures are described, together with their extent of applicability, and their weaknesses. Some suggestions are made, conclusion are drawn, some directions for future research are given. An extensive bibliography on recent developments concludes the survey
Scalar Multiplication on Koblitz Curves Using the Frobenius Endomorphism and its Combination with Point Halving: Extensions and Mathematical Analysis
In this paper we prove the optimality and other properties of the Ď„-adic nonadjacent form: this expansion has been introduced in order to efficiently compute scalar multiplications on Koblitz curves. We also refine and extend results about double expansions of scalars introduced by Avanzi, Ciet and Sica in order to further improve scalar multiplications. Our double expansions are optimal and their properties are carefully analysed. In particular we provide first and second order terms for the expected weight, determine the variance and prove a central limit theorem. Transducers for all the involved expansions are provided, as well as automata accepting all expansions of minimal weight