ebook img

Efficient arithmetic for embedded cryptography and cryptanalysis PDF

180 Pages·2012·2.69 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Efficient arithmetic for embedded cryptography and cryptanalysis

ArenbergDoctoralSchoolofScience,Engineering&Technology FacultyofEngineering DepartmentofElectricalEngineering Efficient arithmetic for embedded cryptography and cryptanalysis Junfeng FAN Dissertationpresentedinpartial fulfillmentoftherequirementsfor thedegreeofDoctor inEngineering January2012 Efficient arithmetic for embedded cryptography and cryptanalysis Junfeng FAN Jury: Dissertation presented in partial Prof. dr. ir. Hugo Hens, chair fulfillment of the requirements for Prof. dr. ir. Ingrid Verbauwhede, promotor the degree of Doctor Prof. dr. ir. Bart Preneel, co-promotor of Engineering Prof. dr. ir. Wim Dehaene Prof. dr. ir. Joos Vandewalle Dr. ir. Fré Vercauteren Dr. ir. Marc Joye (Technicolor, France) Prof. dr. ir. Patrick Schaumont (Virginia Tech, USA) January 2012 © Katholieke Universiteit Leuven – Faculty of Engineering Kasteelpark Arenberg 10, B-3001 Heverlee(Belgium) Allerechtenvoorbehouden. Nietsuitdezeuitgavemagwordenvermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektronisch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form byprint, photoprint, microfilmoranyothermeanswithoutwrittenpermission from the publisher. D/2012/7515/13 ISBN 978-94-6018-474-1 Acknowledgements It would not have beenpossible to write this dissertation without the help and supportofmanypeoplearoundme, toonlysomeofwhomitispossibletogive particular mention here. First, I would like to express my deepest gratitude to my supervisor, Prof. Ingrid Verbauwhede for offering me the opportunity to conduct PhD research atCOSIC,forgrantingthefreedomandflexibilityinmyresearchwork,andfor the guidance and support in the last 5 years. I would like to thank Prof. Bart Preneelfortheinspiringdiscussionsandexcellentcommentsonmydissertation. I would also like to thank Prof. Wim Dehaene and Prof. Joos Vandewalle, my assessors during my PhD study, for many valuable advices. I am honored to have Prof. Hugo Hens to be the chair and Prof. Patrick Schaumont and Dr. Marc Joye to be the members of my jury. Special thanks go to Dr. Fré Vercauteren, who is a great colleague, co-author, and friend. I am especially grateful for his patience with my questions in mathematics, inspiring talk we had on new ideas, and careful review of my dissertation. I am very grateful to our COSIC members who make up such a nice mixture of culture, wisdom and personalities. I thank them for their generosity and encouragement, and for making my life in Leuven a lot more colorful. I would especially like to thank Péla for being so nice and helpful all the time. Duringthelast5years,Iwasluckyenoughtomeetandcollaboratewithmany talented researchers. I would like to thank Kazuo Sakiyama, Lejla Batina and Nele Mentens for guiding me after I joined COSIC. I also enjoyed the collaboration with Miroslav Knežević, Duško Karaklajić, Yong Ki Lee, Roel Maes,VladimirRožić,BenediktGierlichs,ÖzgülKüç¨ck,JensHermans,Markus Ullrich and Elke De Mulder. I am also grateful to many people that I have remotely collaborated with: Xu Guo, Tanja Lange, Daniel J. Bernstein, Peter i ii ACKNOWLEDGEMENTS Schwabe, Xiaoxu Yao and Tim Güneysu. Their passion and diligence have encouraged me to push my research forward. Theseacknowledgmentswouldcertainlyremainincompletewithoutmentioning manyofmyfriendsinLeuven. IwouldliketothankElenaAndreevaforsharing with me many delicious dinners, countless quick jokes and an enthusiastic attitude towards life. I am grateful to many Chinese friends in Leuven. I wouldespeciallyliketothankNinaFan,LinZhou,ChangChen,YunanCheng, Hang Gao, Yangyin Chen, Tingyao Wu, Min Li, Li Weng, Junfeng Zhou, Feng Qi, Lianggong Wen, Hongjun Wu, Beier Li, Min Liu, Enze Chen, Yuemei Ji, YannanDing,Fu-ChiaoHuang,Yu-YuanHungandKaiZhoufortheirgenerous help and support, for interesting chats at Alma, and for celebrating with me many Chinese festivals. Thanks to them, I have never felt that home was far away. Finally, I would like to thank my parents and my sisters for the unconditional support and love. I would like to thank Di Mo for being supportive and understanding during all these years. Junfeng Fan January 2012 Abstract PublicKeyCryptography(PKC)isacriticalcomponentoftoday’sinformation infrastructure. TheuseofPKCcoversawidespectrumofdevicesrangingfrom web servers to mobile handsets, from contact smart cards to passive RFID tags. Therefore, PKC implementations tailored to different environments need specific optimizations to meet the requirements for performance, power and security against physical attacks. This thesis focuses on arithmetic and architecture design for PKC. In the first part, we analyze the computation structures of RSA, Elliptic Curve Cryptography(ECC),HyperellipticCurveCryptography(HECC),Torus-based cryptographyandPairings,andexplorevariousrepresentations,algorithmsand architecturesfordifferentdesigntargets. Inparticular,weproposeamulti-core Montgomerymultiplier,alow-complexitymodularmultiplicationalgorithmfor pairings, and two novel architectures for low-area implementations of HECC. In the second part, we use efficient arithmetic as the basis for hardware-based cryptanalysis. The security margin of a cryptosystem erodes continuously due to Moore’s law. We study the power of FPGA clusters to break ECC using the parallelized Pollard rho method and implement this attack on an FPGA wherewetrytomaximizethenumberofPollardrhoiterationspersecond. We also give an estimation of the effort to break ECC2-131 and ECC2k-160 with state-of-the-art FPGAs. Inthethirdandfinalpart,weprovideasystematicoverviewofimplementation attacks and countermeasures for ECC. By monitoring the timing, power consumption, electromagnetic emission of the device or by inserting faults, adversaries can gain information about internal data or operations and extract the secret key without mathematically breaking the primitives. We provide implementers of ECC with ready-to-use recommendations of which combinations of countermeasures result in a secure implementation. iii Beknopte samenvatting Publieke-sleutel cryptografie (PSC) speelt een essentiële rol in de huidige informatiemaatschappij. Het gebruik van PSC vindt men terug in allerhande toepassingen, van webservers tot mobiele telefoons, van smartcards tot passieve RFID tags. Deze uiteenlopende toepassingen maken specifieke optimalisatiesvoordeverscheideneomgevingennoodzakelijkzowelophetvlak van performantie, en energieverbruik als op het valk van en veiligheid tegen nevenkanaalaanvallen. Deze thesis handelt over aritmetica en architectuurontwerp voor PSC. In een eerste deel analyseren we de algoritmische structuren van RSA, Elliptische kromme cryptografie (ECC), Hyperelliptische kromme cryptografie (HECC), Torus-gebaseerde cryptografie en Paringen, waarbij we verscheidene voorstel- lingswijzen, algoritmes en architecturen voor verschillende ontwerpdoeleinden verkennen. Meer specifiek stellen we een multi-core Montgomery vermenigvul- diger voor, een modulair vermenigvuldigingsalgoritme voor paringen van lage complexiteitentenslottetweenieuwearchitecturenvoorHECCimplementaties met kleine oppervlakte. In het tweede deel gebruiken we efficiënte aritmetica als basis voor hardware- gebaseerde cryptanalyse. De niet-aflatende verbetering van chiptechnologieën zorgt ervoor dat de veiligheidsmarge van een cryptosysteem continu afneemt. We bestuderen het gebruik van FPGA clusters om ECC aan te vallen via de parallelle Pollard rho methode en implementeren deze aanval op een FPGA waarbij we het aantal iteraties per seconde proberen te maximaliseren. Bovendien geven we ook een schatting van de praktische veiligheidsmarge van ECC2-131 en ECC2k-160 wanneer we state-of-the-art FPGA’s gebruiken. In het derde en laatste deel, geven we een systematisch overzicht van implementatieaanvallen en tegenmaatregelen voor ECC. Door de looptijd, energieverbruikenelectromagnetischestralingvaneenimplementatietemeten of door fouten te induceren, kan een aanvaller informatie te weten komen over v vi BEKNOPTESAMENVATTING internedataenopdezemanierdegeheimesleutelberekenen. Onssystematisch overzicht kan door programmeurs van ECC gebruikt worden om combinaties van tegenmaatregelen te selecteren die in een veilige implementatie resulteren.

Description:
would especially like to thank Nina Fan, Lin Zhou, Chang Chen, Yunan Cheng, . 4.3.3 Parameter Selection for Pairing-friendly Curves . 54 .. Applied cryptography serves as the basis of almost all reported security right corner in the design space (see the top left subfigure of Figure 1.2). Ideall
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.