IA Scholar Query: Efficient compression of SIDH public keys.
https://scholar.archive.org/
Internet Archive Scholar query results feedeninfo@archive.orgTue, 22 Nov 2022 00:00:00 GMTfatcat-scholarhttps://scholar.archive.org/help1440Another Round of Breaking and Making Quantum Money: How to Not Build It from Lattices, and More
https://scholar.archive.org/work/ghlrkjfs2nef5fwmkalccul75i
Public verification of quantum money has been one of the central objects in quantum cryptography ever since Wiesner's pioneering idea of using quantum mechanics to construct banknotes against counterfeiting. So far, we do not know any publicly-verifiable quantum money scheme that is provably secure from standard assumptions. In this work, we provide both negative and positive results for publicly verifiable quantum money. **In the first part, we give a general theorem, showing that a certain natural class of quantum money schemes from lattices cannot be secure. We use this theorem to break the recent quantum money scheme of Khesin, Lu, and Shor. **In the second part, we propose a framework for building quantum money and quantum lightning we call invariant money which abstracts some of the ideas of quantum money from knots by Farhi et al.(ITCS'12). In addition to formalizing this framework, we provide concrete hard computational problems loosely inspired by classical knowledge-of-exponent assumptions, whose hardness would imply the security of quantum lightning, a strengthening of quantum money where not even the bank can duplicate banknotes. **We discuss potential instantiations of our framework, including an oracle construction using cryptographic group actions and instantiations from rerandomizable functional encryption, isogenies over elliptic curves, and knots.Hart Montgomery, Jiahui Liu, Mark Zhandrywork_ghlrkjfs2nef5fwmkalccul75iTue, 22 Nov 2022 00:00:00 GMTAttacks on some post-quantum cryptographic protocols: The case of the Legendre PRF and SIKE
https://scholar.archive.org/work/hmfabh5kpnafflsmmtd5ptmp5m
makes part of the last generation of LACAL's PhD students. He introduced me to side-channels, for which I am grateful, and as this thesis shows, our collaboration has been most fruitful. Finally, I would like to mention Monique Amhof who made the administration-induced headaches go away and made my PhD easier. I would also like to thank all members of LASEC, who have been very welcoming and helpful during the last year of my doctorate:Novak Kaluderovicwork_hmfabh5kpnafflsmmtd5ptmp5mFri, 07 Oct 2022 00:00:00 GMTInternet of Things: Security and Solutions Survey
https://scholar.archive.org/work/26ijvcsnznbbxnp2oxribexssi
The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an automated lifecycle. Human life is involved in enormous applications such as intelligent transportation, intelligent healthcare, smart grid, smart city, etc. A thriving surface is created that can affect society, the economy, the environment, politics, and health through diverse security threats. Generally, IoT devices are susceptible to security breaches, and the development of industrial systems could pose devastating security vulnerabilities. To build a reliable security shield, the challenges encountered must be embraced. Therefore, this survey paper is primarily aimed to assist researchers by classifying attacks/vulnerabilities based on objects. The method of attacks and relevant countermeasures are provided for each kind of attack in this work. Case studies of the most important applications of the IoT are highlighted concerning security solutions. The survey of security solutions is not limited to traditional secret key-based cryptographic solutions, moreover physical unclonable functions (PUF)-based solutions and blockchain are illustrated. The pros and cons of each security solution are also discussed here. Furthermore, challenges and recommendations are presented in this work.Pintu Kumar Sadhu, Venkata P. Yanambaka, Ahmed Abdelgawadwork_26ijvcsnznbbxnp2oxribexssiFri, 30 Sep 2022 00:00:00 GMTPUF-Based Post-Quantum CAN-FD Framework for Vehicular Security
https://scholar.archive.org/work/j3i72ysetjffbhyiarg3vz6nj4
The Controller Area Network (CAN) is a bus protocol widely used in Electronic control Units (ECUs) to communicate between various subsystems in vehicles. Insecure CAN networks can allow attackers to control information between vital vehicular subsystems. As vehicles can have lifespans of multiple decades, post-quantum cryptosystems are essential for protecting the vehicle communication systems from quantum attacks. However, standard CAN's efficiency and payload sizes are too small for post-quantum cryptography. The Controller Area Network Flexible Data-Rate (CAN-FD) is an updated protocol for CAN that increases transmission speeds and maximum payload size. With CAN-FD, higher security standards, such as post-quantum, can be utilized without severely impacting performance. In this paper, we propose PUF-Based Post-Quantum Cryptographic CAN-FD Framework, or PUF-PQC-CANFD. Our framework provides post-quantum security to the CAN network while transmitting and storing less information than other existing pre-quantum and post-quantum CAN frameworks. Our proposal protects against most cryptographic-based attacks while transmitting (at up to 100 ECUs) 25–94% less messages than existing pre-quantum frameworks and 99% less messages than existing post-quantum frameworks. PUF-PQC-CANFD is optimized for smaller post-quantum key sizes, storage requirements, and transmitted information to minimize the impact on resource-restricted ECUs.Tyler Cultice, Himanshu Thapliyalwork_j3i72ysetjffbhyiarg3vz6nj4Tue, 09 Aug 2022 00:00:00 GMTReview of Chosen Isogeny-Based Cryptographic Schemes
https://scholar.archive.org/work/u3c5bquhw5gm5bdwnckno5lz6y
Public-key cryptography provides security for digital systems and communication. Traditional cryptographic solutions are constantly improved, e.g., to suppress brute-force attacks. However, Shor's algorithm suited for quantum computers can break the bedrock of most currently used systems, i.e., the RSA problem and discrete logarithm problem. Post-quantum cryptography can withstand attacks carried out by quantum computers. Several families of post-quantum systems exist; one of them is isogeny-based cryptography. As a main contribution, in this paper, we provide a survey of chosen, fundamental isogeny-based schemes. The target audience of this review is researchers interested in practical aspects of this field of cryptography; therefore the survey contains exemplary implementations. Our goal was not to develop an efficient implementation, but to provide materials that make it easier to analyze isogeny-based cryptography.Bartosz Drzazga, Łukasz Krzywieckiwork_u3c5bquhw5gm5bdwnckno5lz6yTue, 31 May 2022 00:00:00 GMTPost-Quantum Cryptography Algorithms Standardization and Performance Analysis
https://scholar.archive.org/work/kaqzzqt7gjcp5ixopqvbbxmarq
Quantum computer is no longer a hypothetical idea. It is the worlds most important technology and there is a race among countries to get supremacy in quantum technology. Its the technology that will reduce the computing time from years to hours or even minutes. The power of quantum computing will be a great support for the scientific community. However, it raises serious threats to cybersecurity. Theoretically, all the cryptography algorithms are vulnerable to attack. The practical quantum computers, when available with millions of qubits capacity, will be able to break nearly all modern public-key cryptographic systems. Before the quantum computers arrive with sufficient qubit capacity, we must be ready with quantum-safe cryptographic algorithms, tools, techniques, and deployment strategies to protect the ICT infrastructure. This paper discusses in detail the global effort for the design, development, and standardization of various quantum-safe cryptography algorithms along with the performance analysis of some of the potential quantum-safe algorithms. Most of the quantum-safe algorithms need more CPU cycles, higher runtime memory, and large key size. The objective of the paper is to analyze the feasibility of the various quantum-safe cryptography algorithms.Manish Kumarwork_kaqzzqt7gjcp5ixopqvbbxmarqWed, 06 Apr 2022 00:00:00 GMTIsogeny graphs on superspecial abelian varieties: Eigenvalues and Connection to Bruhat-Tits buildings
https://scholar.archive.org/work/ialb3aoctrdcjosug5tgi2klre
We study for each fixed integer g ≥ 2, for all primes ℓ and p with ℓ≠ p, finite regular directed graphs associated with the set of equivalence classes of ℓ-marked principally polarized superspecial abelian varieties of dimension g in characteristic p, and show that the adjacency matrices have real eigenvalues with spectral gaps independent of p. This implies a rapid mixing property of natural random walks on the family of isogeny graphs beyond the elliptic curve case and suggests a potential construction of the Charles-Goren-Lauter type cryptographic hash functions for abelian varieties. We give explicit lower bounds for the gaps in terms of the Kazhdan constant for the symplectic group when g ≥ 2, and discuss optimal values in view of the theory of automorphic representations when g=2. As a by-product, we also show that the finite regular directed graphs constructed by Jordan-Zaytman also has the same property.Yusuke Aikawa, Ryokichi Tanaka, Takuya Yamauchiwork_ialb3aoctrdcjosug5tgi2klreFri, 18 Mar 2022 00:00:00 GMTHighly Vectorized SIKE for AVX-512
https://scholar.archive.org/work/puwagz6rxnhjtkcwejpvtwkl7a
It is generally accepted that a large-scale quantum computer would be capable to break any public-key cryptosystem used today, thereby posing a serious threat to the security of the Internet's public-key infrastructure. The US National Institute of Standards and Technology (NIST) addresses this threat with an open process for the standardization of quantum-safe key establishment and signature schemes, which is now in the final phase of the evaluation of candidates. SIKE (an abbreviation of Supersingular Isogeny Key Encapsulation) is one of the alternate candidates under evaluation and distinguishes itself from other candidates due to relatively short key lengths and relatively high computing costs. In this paper, we analyze how the latest generation of Intel's Advanced Vector Extensions (AVX), in particular AVX-512IFMA, can be used to minimize the latency (resp. maximize the hroughput) of the SIKE key encapsulation mechanism when executed on Ice Lake CPUs based on the Sunny Cove microarchitecture. We present various techniques to parallelize and speed up the base/extension field arithmetic, point arithmetic, and isogeny computations performed by SIKE. All these parallel processing techniques are combined in AvxSike, a highly optimized implementation of SIKE using Intel AVX-512IFMA instructions. Our experiments indicate that AvxSike instantiated with the SIKEp503 parameter set is approximately 1.5 times faster than the to-date best AVX-512IFMA-based SIKE software from the literature. When executed on an Intel Core i3-1005G1 CPU, AvxSike outperforms the x64 assembly implementation of SIKE contained in Microsoft's SIDHv3.4 library by a factor of about 2.5 for key generation and decapsulation, while the encapsulation is even 3.2 times faster.Hao Cheng, Georgios Fotiadis, Johann Großschädl, Peter Y. A. Ryanwork_puwagz6rxnhjtkcwejpvtwkl7aTue, 15 Feb 2022 00:00:00 GMTPerformance Analysis of TLS for Quantum Robust Cryptography on a Constrained Device
https://scholar.archive.org/work/w7yl5m26kzbgzj3av2mli3f3u4
Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor's algorithm and which create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device.Jon Barton, William J Buchanan, Nikolaos Pitropakis, Sarwar Sayeed, Will Abramsonwork_w7yl5m26kzbgzj3av2mli3f3u4Mon, 07 Feb 2022 00:00:00 GMTPost Quantum Cryptography: Techniques, Challenges, Standardization, and Directions for Future Research
https://scholar.archive.org/work/3hku2pmnozdobke6tb62wnwemq
The development of large quantum computers will have dire consequences for cryptography. Most of the symmetric and asymmetric cryptographic algorithms are vulnerable to quantum algorithms. Grover's search algorithm gives a square root time boost for the searching of the key in symmetric schemes like AES and 3DES. The security of asymmetric algorithms like RSA, Diffie Hellman, and ECC is based on the mathematical hardness of prime factorization and discrete logarithm. The best classical algorithms available take exponential time. Shor's factoring algorithm can solve the problems in polynomial time. Major breakthroughs in quantum computing will render all the present-day widely used asymmetric cryptosystems insecure. This paper analyzes the vulnerability of the classical cryptosystems in the context of quantum computers discusses various post-quantum cryptosystem families, discusses the status of the NIST post-quantum cryptography standardization process, and finally provides a couple of future research directions in this field.Ritik Bavdekar, Eashan Jayant Chopde, Ashutosh Bhatia, Kamlesh Tiwari, Sandeep Joshua Daniel, Atulwork_3hku2pmnozdobke6tb62wnwemqSun, 06 Feb 2022 00:00:00 GMTSIKE Channels Zero-Value Side-Channel Attacks on SIKE
https://scholar.archive.org/work/f343pieuuzhy3iaf2yapoxo4lu
We present new side-channel attacks on SIKE, the isogeny-based candidate in the NIST PQC competition. Previous works had shown that SIKE is vulnerable to differential power analysis, and pointed to coordinate randomization as an effective countermeasure. We show that coordinate randomization alone is not sufficient, because SIKE is vulnerable to a class of attacks similar to refined power analysis in elliptic curve cryptography, named zero-value attacks. We describe and confirm in the lab two such attacks leading to full key recovery, and analyze their countermeasures.Luca De Feo, Nadia El Mrabet, Aymeric Genêt, Novak Kaluderovic, Natacha Linard de Guertechin, Simon Pontié, Élise Tassowork_f343pieuuzhy3iaf2yapoxo4luSIKE Channels
https://scholar.archive.org/work/wmugb46xifhcbospyrb6nwehli
We present new side-channel attacks on SIKE, the isogeny-based candidate in the NIST PQC competition. Previous works had shown that SIKE is vulnerable to differential power analysis and pointed to coordinate randomization as an effective countermeasure. We show that coordinate randomization alone is not sufficient, as SIKE is vulnerable to a class of attacks similar to refined power analysis in elliptic curve cryptography, named zero-value attacks. We describe and confirm in the lab two such attacks leading to full key recovery, and analyze their countermeasures. Keywords : SIKE • side-channel attack • zero-value attack • countermeasures • post-quantum cryptography • isogeny-based cryptography SIKE Channels Accordingly, full key recoveries through Differential (DPA) and Correlation Power Analysis (CPA) on the elliptic point scalar multiplication part have been demonstrated by several authors [ZYD + 20, GLK21]. These attacks rely on the fact that the scalar multiplication in SIKE is a deterministic routine whose inputs, with the only exception of the private key, are publicly known. Thus, by making guesses on independent bits of the private key, it is possible to predict the Hamming weight of the values stored in CPU registers or transferred between memory and registers. This leakage prediction can then be correlated to the power consumption or electromagnetic (EM) emissions to validate bit values. A cheap and effective countermeasure against DPA and CPA, already commonplace in ECC, is coordinate randomization [Cor99] . Elliptic curve points in SIKE are represented non-uniquely by ratios of finite field elements, i.e., the pairs [X : Z] and [λX : λZ] represent the same point for nonzero λ. By randomizing the projective representation of the input points with a random nonzero λ at the beginning of the scalar multiplication, Hamming weights and other observables of computed values are no longer predictable, and thus the correlation with power consumption is lost. Coordinate randomization in SIKE was recommended as a countermeasure in [KPHS18, ZYD + 20, GLK21]. Costello [Cos21, §5] even argues that coordinate randomization is likely enough to protect SIKE against most side-channel attacks. Without fully contradicting Costello, we show that coordinate randomization is not sufficient to protect SIKE against side-channel attacks if additional countermeasures are not implemented. Indeed, attacks bypassing coordinate randomization were already introduced in ECC by Goubin [Gou03], Akishita and Takagi [AT03], and Izu and Takagi [IT03]. As highlighted in [SCDJB21], all these attacks target the emergence of zeros as intermediate values in elliptic curve point computations: because coordinate randomization only randomizes nonzero coordinates, bits of the private key can again be recovered by identifying the moments during which the computation of a zero value occurs. Such a computation is usually recognized in power consumption or EM activity. We shall collectively refer to these as zero-value attacks. Attack scenario. We target a static key version of SIKE where a single secret key is used to decrypt several ciphertexts. We assume an implementation that matches SIKE's reference one, and additionally performs coordinate randomization. By appropriately crafting ciphertexts and measuring the power consumption or EM emissions of the decapsulation routine, we are able to recover the majority of the secret key bits, leaving only a few bits of known positions to brute-force. Thus, our attack may be described as a chosen-ciphertext attack with side-channel information. SIDH and the basic IND-CPA encryption derived from it are well known to be mathematically broken in a chosen ciphertext scenario [GPST16], which is the reason why SIKE relies on the Fujisaki-Okamoto (FO) transform to achieve IND-CCA2 security. The purpose of the transform is precisely to validate that the ciphertext was generated honestly and abort if not. However, the side-channel leakage that we exploit happens before FO can prevent the attack. In other words, the cavalry arrives late. Full validations of SIDH ciphertexts (and public keys) is a problem believed to be as hard as breaking SIDH/SIKE itself [Tho17, GV18, UJ20]. Luckily, our attack can be blocked by a partial form of ciphertext validation, although this countermeasure is not exactly cheap. Related work. The possibility of applying zero-value attacks to SIKE was already postulated by Koziel, Azarderakhsh, and Jao [KAJ17]. Their work targets a static key version of SIDH with FO transform, however it predates the release of the official SIKE specification and assumes that a form of partial ciphertext validation, such as the one that manages to block our attack, is also performed. They thus concentrate their efforts on devisingLuca De Feo, Nadia El Mrabet, Aymeric Genêt, Novak Kaluderovic, Natacha Linard de Guertechin, Simon Pontié, Élise Tassowork_wmugb46xifhcbospyrb6nwehliFaster Key Generation of Supersingular Isogeny Diffie-Hellman
https://scholar.archive.org/work/co5m5nenqjgd3hrs5xgukhp3ce
Supersingular isogeny Diffie-Hellman (SIDH) is attractive for its relatively small public key size, but it is still unsatisfactory due to its efficiency, compared to other post-quantum proposals. In this paper, we focus on the performance of SIDH when the starting curve is 𝐸 6 : Inspired by the previous work [1, 2], we present several tricks to accelerate key generation of SIDH and each process of SIKE. Our experimental results show that the performance of this work is at least 6.09% faster than that of the current SIKE implementation, and we can further improve the performance when large storage is available.Kaizhan LIN, Fangguo ZHANG, Chang-An ZHAOwork_co5m5nenqjgd3hrs5xgukhp3ceSIDH-sign: an efficient SIDH PoK-based signature
https://scholar.archive.org/work/eaheafrfe5dpxbl26tzn7at4ne
We analyze and implement the SIDH PoK-based construction from De Feo, Dobson, Galbraith, and Zobernigl. We improve the SIDH-PoK built-in functions to allow an efficient constant-time implementation. After that, we combine it with Fiat-Shamir transform to get an SIDH PoK-based signature scheme that we short label as SIDH-sign. We suggest SIDH-sign-p377, SIDH-sign-p546, and SIDH-sign-p697 as instances that provide security compared to NIST L1, L3, and L5. To the best of our knowledge, the three proposed instances provide the best performance among digital signature schemes based on isogenies.Jesús-Javier Chi-Domínguez, Víctor Mateu, Lucas Pandolfo Perinwork_eaheafrfe5dpxbl26tzn7at4neSubgroup membership testing on elliptic curves via the Tate pairing
https://scholar.archive.org/work/myrtlcqds5hjzm74rrcgasm64m
This note explains how to guarantee the membership of a point in the prime order subgroup of an elliptic curve (over a finite field) satisfying some moderate conditions. For this purpose, we apply the Tate pairing on the curve, however it is not required to be pairing-friendly. Whenever the cofactor is small, the given approach is more efficient than other known ones, because it needs to compute at most two n-th power residue symbols (with small n) in the basic field. In particular, we deal with two Legendre symbols for the curve Bandersnatch proposed by the Ethereum Foundation team. Due to recent improvements of Euclidean type constant-time algorithms for the Legendre symbol computation, the new subgroup check is almost free for that curve.Dmitrii Koshelevwork_myrtlcqds5hjzm74rrcgasm64mPost-Quantum and Code-Based Cryptography—Some Prospective Research Directions
https://scholar.archive.org/work/tlwatvp5rzh55dswmmqsjwmjhe
Cryptography has been used from time immemorial for preserving the confidentiality of data/information in storage or transit. Thus, cryptography research has also been evolving from the classical Caesar cipher to the modern cryptosystems, based on modular arithmetic to the contemporary cryptosystems based on quantum computing. The emergence of quantum computing poses a major threat to the modern cryptosystems based on modular arithmetic, whereby even the computationally hard problems which constitute the strength of the modular arithmetic ciphers could be solved in polynomial time. This threat triggered post-quantum cryptography research to design and develop post-quantum algorithms that can withstand quantum computing attacks. This paper provides an overview of the various research directions that have been explored in post-quantum cryptography and, specifically, the various code-based cryptography research dimensions that have been explored. Some potential research directions that are yet to be explored in code-based cryptography research from the perspective of codes is a key contribution of this paper.Chithralekha Balamurugan, Kalpana Singh, Ganeshvani Ganesan, Muttukrishnan Rajarajanwork_tlwatvp5rzh55dswmmqsjwmjheMon, 20 Dec 2021 00:00:00 GMT