ebook img

Cryptographic Engineering PDF

527 Pages·2009·12.094 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cryptographic Engineering

Cryptographic Engineering C¸etin Kaya Koc¸ Editor Cryptographic Engineering 123 Editor C¸etinKayaKoc¸ CityUniversityofIstanbul Tophane,Istanbul Turkey and UniversityofCaliforniaSantaBarbara SantaBarbara,CA USA ISBN:978-0-387-71816-3 e-ISBN:978-0-387-71817-0 DOI10.1007/978-0-387-71817-0 LibraryofCongressControlNumber:2008935379 (cid:2)c SpringerScience+BusinessMedia,LLC2009 Allrightsreserved.Thisworkmaynotbetranslatedorcopiedinwholeorinpartwithoutthewritten permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY10013,USA),exceptforbriefexcerptsinconnectionwithreviewsorscholarlyanalysis.Usein connection with any form of information storage and retrieval, electronic adaptation, computer software,orbysimilarordissimilarmethodologynowknownorhereafterdevelopedisforbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not theyaresubjecttoproprietaryrights. While the advice and information in this book are believed to be true and accurate at the date of goingtopress,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityfor anyerrorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,with respecttothematerialcontainedherein. Printedonacid-freepaper springer.com To allscientistsandengineerswhoseideas gavebirthto moderncryptography, particularly,ClaudeShannon,WhitDiffie, MartinHellman,RalphMerkle, Don Coppersmith,RonRivest, AdiShamir,Len Adleman,and Neal Koblitz. Preface Cryptographyis an ancientart. Chinese, Roman, and Arab culturesoftenused ci- phers to protect military and state communications or secret society documents. Cryptographicengineering,onthe otherhand,is a relativelynew subject.A cryp- tographic engineer designs, implements, tests, validates, and sometimes reverse- engineersorattemptstobreakcryptographicsystems.ThedesignersofEnigma,an electromechanicalciphermachine,werecryptographicengineers;sowasAlanTur- ingwhocontributedtoitscryptanalysis.Inourview,anyonewhodesignsandbuilds electromechanical,electronic,orquantum-mechanicalsystemsinordertoencrypt, decrypt,signorauthenticatedataisacryptographicengineer.However,inthisbook wehavenarrowedourdefinitiontoonlyelectronicsystems,specifically,hardware andsoftwaresystems. Cryptographic engineering is a complicated, multidisciplinary field. It encom- passesmathematics(algebra,finitegroups,rings,andfields),electricalengineering (hardware design, ASIC, FPGAs) and computer science (algorithms, complexity theory,software design,embeddedsystems). Itis ratherdifficultto be a master of all subjects; one usually has to be contentwith being a master of one. In order to practicestate-of-the-artcryptographicdesign,mathematicians,computerscientists, andelectricalengineersneedtocollaborate. Thisbookwasbornoutoftheclassnotesofthelecturerswhohavebeenmeeting since2002inLausanne,Switzerland,atthecampusofEPFL,toteachaone-week coursetograduatestudents,faculty,andresearchersfromacademia,andengineers from industry. In order to create this book, I compiled the lecture notes together, wrote some of the material, and also invited other prominent researchers to con- tribute.Thisbookisintendedtoconstitutea firststeptowardsbecominga crypto- graphicengineer.Wehopethatitwillsuccessfullyserveitspurpose. Istanbul&SantaBarbara C¸etinKayaKoc¸ vii Contents 1 AboutCryptographicEngineering ............................. 1 C¸etinKayaKoc¸ 1.1 Introduction.............................................. 1 1.2 ChapterContents ......................................... 2 1.3 ExercisesandProjects ..................................... 4 2 RandomNumberGeneratorsforCryptographicApplications...... 5 WernerSchindler 2.1 Introduction.............................................. 5 2.2 GeneralRequirements ..................................... 6 2.3 Classification............................................. 7 2.4 DeterministicRandomNumberGenerators(DRNGs) ........... 7 2.4.1 PureDRNGs ..................................... 8 2.4.2 HybridDRNGs ................................... 11 2.4.3 AWordofWarning................................ 13 2.5 PhysicalTrueRandomNumberGenerators(PTRNGs) .......... 14 2.5.1 TheGenericDesign ............................... 14 2.5.2 EntropyandGuesswork ............................ 16 2.6 Non-physicalTrueRandomNumberGenerators(NPTRNGs): BasicProperties .......................................... 18 2.7 StandardsandEvaluationGuidances ......................... 20 2.8 Exercises ................................................ 20 2.9 Projects ................................................. 21 References..................................................... 21 3 EvaluationCriteriaforPhysicalRandomNumberGenerators...... 25 WernerSchindler 3.1 Introduction.............................................. 25 3.2 GenericDesign ........................................... 26 3.3 EvaluationCriteriaforthePrincipleDesign ................... 27 3.4 TheStochasticModel...................................... 29 ix x Contents 3.5 AlgorithmicPostprocessing................................. 37 3.6 OnlineTest,TotTest,andSelfTest .......................... 41 3.6.1 OnlineTests...................................... 42 3.7 AlternativeSecurityPhilosophies............................ 49 3.8 Side-channelAttacksandFaultAttacks....................... 50 3.9 Exercises ................................................ 51 3.10 Projects ................................................. 51 References..................................................... 52 4 TrueRandomNumberGeneratorsforCryptography ............. 55 BerkSunar 4.1 Introduction.............................................. 55 4.2 TRNGBuildingBlocks .................................... 56 4.3 DesirableFeatures ........................................ 57 4.4 SurveyofTRNGDesigns .................................. 57 4.4.1 BagginiandBucci................................. 58 4.4.2 TheIntelTRNGDesign ............................ 58 4.4.3 TheTkacikTRNGDesign .......................... 59 4.4.4 TheEpsteinetal.TRNGDesign..................... 60 4.4.5 TheFischer–Drutarovsky´Design .................... 61 4.4.6 TheGolic´FIGARODesign ......................... 62 4.4.7 TheKohlbrenner–GajDesign ....................... 63 4.4.8 TheBucci–LuzziTestableTRNGDesignFramework ... 64 4.4.9 TheRingsDesign ................................. 65 4.4.10 ThePUF–RNGDesign............................. 66 4.4.11 TheYooetal.Design .............................. 67 4.4.12 TheDichtlandGolic´RNGDesign ................... 67 4.5 PostprocessingTechniques ................................. 68 4.6 Exercises ................................................ 70 References..................................................... 71 5 FastFiniteFieldMultiplication................................ 75 SerdarSu¨erErdem,TugˇrulYanık,andC¸etinKayaKoc¸ 5.1 Introduction.............................................. 75 5.2 FiniteFields.............................................. 76 5.3 MultiplicationinPrimeFields............................... 77 5.3.1 IntegerMultiplication.............................. 78 5.3.2 IntegerSquaring .................................. 80 5.3.3 IntegerModularReduction ......................... 80 5.4 MultiplicationinBinaryExtensionFields ..................... 87 5.4.1 PolynomialMultiplicationoverF ................... 88 2 5.4.2 PolynomialSquaringoverF ........................ 90 2 5.4.3 PolynomialModularReductionoverF ............... 90 2 5.5 MultiplicationinGeneralExtensionFields .................... 96 5.5.1 FieldMultiplicationinOEF......................... 97 5.5.2 CoefficientMultiplicationandReductions............. 98 Contents xi 5.6 Karatsuba–OfmanAlgorithm ............................... 99 5.6.1 Complexity.......................................100 5.6.2 NumberofScalarMultiplications ....................100 5.7 Exercises ................................................102 5.8 Projects .................................................103 References.....................................................103 6 EfficientUnifiedArithmeticforHardwareCryptography.......... 105 ErkaySavas¸andC¸etinKayaKoc¸ 6.1 Introduction..............................................105 6.2 FundamentalsofExtensionFields ...........................106 6.3 AdditionandSubtraction...................................107 6.4 Multiplication ............................................110 6.4.1 MontgomeryMultiplicationAlgorithm ...............110 6.4.2 Dual-RadixMultiplier..............................116 6.4.3 SupportforTernaryExtensionFields,GF(3n)..........118 6.5 Inversion ................................................119 6.5.1 MontgomeryInversionforGF(p)andGF(2n) .........119 6.6 Conclusions..............................................122 6.7 Exercises ................................................122 6.8 Projects .................................................123 References.....................................................123 7 SpectralModularArithmeticforCryptography.................. 125 Go¨kaySaldamlıandC¸etinKayaKoc¸ 7.1 Introduction..............................................125 7.2 NotationandBackground ..................................126 7.2.1 EvaluationPolynomials ............................126 7.2.2 DiscreteFourierTransform(DFT) ...................129 7.2.3 PropertiesofDFT:Time–frequencydictionary .........131 7.3 SpectralModularArithmetic................................135 7.3.1 TimeSimulationsandSpectralAlgorithms ............135 7.3.2 ModularReduction ................................136 7.3.3 SpectralModularReduction.........................137 7.3.4 TimeSimulationofSpectralModularReduction .......139 7.3.5 SpectralModularReductioninaFiniteRingSpectrum ..141 7.3.6 SpectralModularMultiplication(SMM) ..............143 7.3.7 SpectralModularExponentiation ....................145 7.3.8 IllustrativeExample ...............................149 7.4 ApplicationstoCryptography...............................153 7.4.1 MersenneandFermatrings .........................154 7.4.2 PseudoNumberTransforms.........................155 7.4.3 ParameterSelectionforRSA........................156 7.4.4 ParameterSelectionforECCoverPrimeFields ........157 7.5 SpectralExtensionFieldArithmetic..........................158 7.5.1 BinaryExtensionFields ............................158 xii Contents 7.5.2 MidsizeCharacteristicExtensionFields...............161 7.5.3 ParameterSelectionforECCoverExtensionFields .....164 7.6 Notes ...................................................165 7.7 Exercises ................................................166 7.8 Projects .................................................167 References.....................................................168 8 EllipticandHyperellipticCurveCryptography .................. 171 NigelBostonandMatthewDarnall 8.1 Introduction..............................................171 8.2 Diffie–HellmanKeyExchange .............................172 8.3 IntroductiontoEllipticandHyperellipticCurves ...............172 8.4 TheJacobianofaCurve....................................173 8.4.1 ThePrincipalSubgroupandJac(C) ..................174 8.5 ComputingonJac(C)......................................174 8.6 GroupLawforEllipticCurves ..............................176 8.7 TechniquesforComputationsinHyperellipticCurves...........178 8.7.1 ExplicitFormulae .................................178 8.7.2 ProjectiveCoordinates .............................178 8.7.3 OtherOptimizationTechniques......................179 8.8 CountingPointsonJac(C) .................................179 8.9 Attacks..................................................181 8.9.1 Baby-StepGiant-StepAttack........................181 8.9.2 PollardRhoandLambdaAttacks ....................181 8.9.3 Pohlig–HellmanAttack ............................182 8.9.4 Menezes–Okamoto–VanstoneAttack .................182 8.9.5 Semaev,Satoh-Araki,SmartAttack ..................183 8.9.6 AttacksemployingWeildescent .....................183 8.10 GoodCurves .............................................184 8.11 Exercises ................................................184 8.12 Projects .................................................185 References.....................................................185 9 InstructionSetExtensionsforCryptographicApplications......... 191 SandroBartolini,RobertoGiorgi,andEnricoMartinelli 9.1 Introduction..............................................191 9.1.1 InstructionSetArchitecture .........................191 9.2 ApplicationsandBenchmarks...............................194 9.2.1 Benchmarks......................................195 9.2.2 PotentialPerformance..............................195 9.3 ISEforCryptographicApplications..........................196 9.3.1 InstructionsforInformationConfusionandDiffusion ...196 9.3.2 ISEforAES......................................203 9.3.3 ISEforECCapplications...........................212 9.4 Exercises ................................................227 9.5 Projects .................................................228 References.....................................................229 Contents xiii 10 FPGAandASICImplementationsofAES ...................... 235 KrisGajandPawelChodowiec 10.1 Introduction..............................................235 10.2 AESCipherDescription....................................236 10.2.1 BasicFeatures ....................................236 10.2.2 RoundOperations .................................237 10.2.3 IterativeStructure .................................242 10.2.4 KeyScheduling ...................................243 10.3 FPGAandASICTechnologies ..............................247 10.4 ParametersofHardwareImplementations.....................250 10.4.1 ThroughputandLatency............................250 10.4.2 Area ............................................250 10.5 HardwareArchitecturesofSymmetricBlockCiphers ...........251 10.5.1 Hardware Architecturesvs. Block Cipher Modes ofOperation......................................251 10.5.2 BasicIterativeArchitecture .........................252 10.5.3 LoopUnrolling ...................................253 10.5.4 Pipelining........................................254 10.5.5 LimitsontheMaximumClockFrequencyofPipelined Architectures .....................................258 10.5.6 CompactArchitectureswithResourceSharing .........260 10.6 ImplementationofBasicOperationsofAESinHardware........261 10.6.1 SubBytesandInvSubBytes .........................261 10.6.2 MixColumnsandInvMixColumns ...................270 10.7 HardwareArchitecturesofaSingleRoundofAES .............274 10.7.1 S-Box-BasedArchitecture ..........................274 10.7.2 T-Box-BasedArchitecture ..........................276 10.7.3 CompactArchitectures.............................282 10.8 ImplementationofKeyScheduling ..........................286 10.9 OptimumChoiceofaHardwareArchitectureforAES ..........286 10.10 Exercises ................................................289 10.11 Projects .................................................290 References.....................................................291 11 SecureandEfficientImplementationofSymmetricEncryption SchemesusingFPGAs ....................................... 295 Franc¸ois-XavierStandaert 11.1 Introduction..............................................295 11.2 EfficientFPGAImplementations ............................297 11.2.1 ExploitingtheSliceStructure .......................297 11.2.2 ExploitingEmbeddedBlocks........................300 11.2.3 ExploitingFurtherFeatures .........................302 11.2.4 Combining the Tricks: The Flexibility Versus EfficiencyTradeoff ................................303 11.3 FairEvaluationofaCryptographicFPGADesign ..............303

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.