[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?




Dates are inconsistent

Dates are inconsistent

23 results sorted by ID

2024/1649 (PDF) Last updated: 2024-10-13
Multiplying Polynomials without Powerful Multiplication Instructions (Long Paper)
Vincent Hwang, YoungBeom Kim, Seog Chung Seo
Implementation

We improve the performance of lattice-based cryptosystems Dilithium on Cortex-M3 with expensive multiplications. Our contribution is two-fold: (i) We generalize Barrett multiplication and show that the resulting shape-independent modular multiplication performs comparably to long multiplication on some platforms without special hardware when precomputation is free. We call a modular multiplication “shape-independent” if its correctness and efficiency depend only on the magnitude of moduli...

2023/1955 (PDF) Last updated: 2023-12-25
Barrett Multiplication for Dilithium on Embedded Devices
Vincent Hwang, YoungBeom Kim, Seog Chung Seo
Implementation

We optimize the number-theoretic transforms (NTTs) in Dilithium — a digital signature scheme recently standardized by the National Institute of Standards and Technology (NIST) — on Cortex-M3 and 8-bit AVR. The core novelty is the exploration of micro-architectural insights for modular multiplications. Recent work [Becker, Hwang, Kannwischer, Yang and Yang, Volume 2022 (1), Transactions on Cryptographic Hardware and Embedded Systems, 2022] found a correspondence between Montgomery and Barrett...

2022/1188 (PDF) Last updated: 2023-05-21
High-order masking of NTRU
Jean-Sebastien Coron, François Gérard, Matthias Trannoy, Rina Zeitoun
Implementation

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. While the masking countermeasure was originally developed for securing block-ciphers such as AES, the protection of lattice-based cryptosystems is often more challenging, because of the diversity of the underlying algorithms. In this paper, we introduce new gadgets for the high-order masking of the NTRU cryptosystem, with security proofs in the classical...

2022/1071 (PDF) Last updated: 2022-08-18
Performance Evaluation of NIST LWC Finalists on AVR ATmega and ARM Cortex-M3 Microcontrollers
Yuhei Watanabe, Hideki Yamamoto, Hirotaka Yoshida
Implementation

This paper presents results of performance evaluation of NIST Lightweight Cryptography standardization finalists which are implemented by us. Our implementation method puts on the target to reduce RAM consumption on embedded devices. Our target microcontrollers are AVR ATmega 128 and ARM Cortex-M3. We apply our implementation method to five AEAD schemes which include four finalists of the NIST lightweight cryptography standardization and demonstrate the performance evaluation on target...

2022/863 (PDF) Last updated: 2023-05-21
Effective and Efficient Masking with Low Noise using Small-Mersenne-Prime Ciphers
Loïc Masure, Pierrick Méaux, Thorben Moos, François-Xavier Standaert
Implementation

Embedded devices used in security applications are natural targets for physical attacks. Thus, enhancing their side-channel resistance is an important research challenge. A standard solution for this purpose is the use of Boolean masking schemes, as they are well adapted to current block ciphers with efficient bitslice representations. Boolean masking guarantees that the security of an implementation grows exponentially in the number of shares under the assumption that leakages are...

2022/467 (PDF) Last updated: 2022-07-13
Armistice: Micro-Architectural Leakage Modelling for Masked Software Formal Verification
Arnaud de Grandmaison, Karine Heydemann, Quentin L. Meunier
Implementation

Side channel attacks are powerful attacks for retrieving secret data by exploiting physical measurements such as power consumption or electromagnetic emissions. Masking is a popular countermeasure as it can be proven secure against an attacker model. In practice, software masked implementations suffer from a security reduction due to a mismatch between the considered leakage sources in the security proof and the real ones, which depend on the micro-architecture. We present the model of a...

2022/439 (PDF) Last updated: 2022-10-22
Efficient Multiplication of Somewhat Small Integers using Number-Theoretic Transforms
Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Lorenz Panny, Bo-Yin Yang
Implementation

Conventional wisdom purports that FFT-based integer multiplication methods (such as the Schönhage-Strassen algorithm) begin to compete with Karatsuba and Toom-Cook only for integers of several tens of thousands of bits. In this work, we challenge this belief, leveraging recent advances in the implementation of number-theoretic transforms (NTT) stimulated by their use in post-quantum cryptography. We report on implementations of NTT-based integer arithmetic on two Arm Cortex-M CPUs on...

2021/1212 (PDF) Last updated: 2021-09-17
SPEEDY on Cortex--M3: Efficient Software Implementation of SPEEDY on ARM Cortex--M3
Hyunjun Kim, Kyungbae Jang, Gyeongju Song, Minjoo Sim, Siwoo Eum, Hyunji Kim, Hyeokdong Kwon, Wai-Kong Lee, Hwajeong Seo
Implementation

The SPEEDY block cipher suite announced at CHES 2021 shows excellent hardware performance. However, SPEEDY was not designed to be efficient in software implementations. SPEEDY's 6-bit sbox and bit permutation operations generally do not work efficiently in software. We implemented SPEEDY block cipher by applying the implementation technique of bit slicing. As an implementation technique of bit slicing, SPEEDY can be operated in software very efficiently and can be applied in...

2021/995 (PDF) Last updated: 2021-12-08
Multi-moduli NTTs for Saber on Cortex-M3 and Cortex-M4
Amin Abdulrahman, Jiun-Peng Chen, Yu-Jia Chen, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang
Public-key cryptography

The U.S. National Institute of Standards and Technology (NIST) has designated ARM microcontrollers as an important benchmarking platform for its Post-Quantum Cryptography standardization process (NISTPQC). In view of this, we explore the design space of the NISTPQC finalist Saber on the Cortex-M4 and its close relation, the Cortex-M3. In the process, we investigate various optimization strategies and memory-time tradeoffs for number-theoretic transforms (NTTs). Recent work by [Chung et al.,...

2021/662 (PDF) Last updated: 2021-05-25
Verifying Post-Quantum Signatures in 8 kB of RAM
Ruben Gonzalez, Andreas Hülsing, Matthias J. Kannwischer, Juliane Krämer, Tanja Lange, Marc Stöttinger, Elisabeth Waitz, Thom Wiggers, Bo-Yin Yang
Implementation

In this paper, we study implementations of post-quantum signature schemes on resource-constrained devices. We focus on verification of signatures and cover NIST PQC round-3 candidates Dilithium, Falcon, Rainbow, GeMSS, and SPHINCS+. We assume an ARM CortexM3 with 8 kB of memory and 8 kB of flash for code; a practical and widely deployed setup in, for example, the automotive sector. This amount of memory is insufficient for most schemes. Rainbow and GeMSS public keys are too big; SPHINCS+...

2020/1278 (PDF) Last updated: 2022-10-26
Compact Dilithium Implementations on Cortex-M3 and Cortex-M4
Denisa O. C. Greconici, Matthias J. Kannwischer, Amber Sprenkels
Implementation

We present implementations of the lattice-based digital signature scheme Dilithium for ARM Cortex-M3 and ARM Cortex-M4. Dilithium is one of the three signature finalists of the NIST post-quantum cryptography competition. As our Cortex-M4 target, we use the popular STM32F407-DISCOVERY development board. Compared to the previous speed records on the Cortex-M4 by Ravi, Gupta, Chattopadhyay, and Bhasin we speed up the key operations $\text{NTT}$ and $\text{NTT}^{-1}$ by 20% which together with...

2020/1158 (PDF) Last updated: 2023-05-24
Don't throw your nonces out with the bathwater: Speeding up Dilithium by reusing the tail of y
Amber Sprenkels, Bas Westerbaan
Public-key cryptography

We suggest a small change to the Dilithium signature scheme, that allows one to reuse computations between rejected nonces, for a speed-up in signing time. The modification is based on the idea that, after rejecting on a too large $\|\mathbf{r}_0\|_\infty$, not all elements of the nonce $\mathbf{y}$ are spent. We swap the order of the checks; and if this $\mathbf{r}_0$-check fails, we only need to resample $y_1$. We provide a proof that shows that the modification does not affect the...

2020/412 (PDF) Last updated: 2020-10-08
Fixslicing: A New GIFT Representation
Alexandre Adomnicai, Zakaria Najm, Thomas Peyrin
Implementation

The GIFT family of lightweight block ciphers, published at CHES 2017, offers excellent hardware performance figures and has been used, in full or in part, in several candidates of the ongoing NIST lightweight cryptography competition. However, implementation of GIFT in software seems complex and not efficient due to the bit permutation composing its linear layer (a feature shared with PRESENT cipher). In this article, we exhibit a new non-trivial representation of the GIFT family of block...

2020/250 (PDF) Last updated: 2020-02-26
On a Side Channel and Fault Attack Concurrent Countermeasure Methodology for MCU-based Byte-sliced Cipher Implementations
Ehsan Aerabi, Athanasios Papadimitriou, David Hely
Implementation

As IoT applications are increasingly being deployed, there comes along an ever increasing need for the security and privacy of the involved data. Since cryptographic implementations are used to achieve these goals, it is important for embedded software developers to take into consideration hardware attacks. Side Channel Analysis (SCA) and Fault Attacks (FA) are the main classes of such attacks, which can either reduce or even eliminate the security levels of an em-bedded design. Therefore,...

2019/936 (PDF) Last updated: 2019-09-20
SNEIK on Microcontrollers: AVR, ARMv7-M, and RISC-V with Custom Instructions
Markku-Juhani O. Saarinen
Implementation

SNEIK is a family of lightweight cryptographic algorithms derived from a single 512-bit permutation. The SNEIGEN ``entropy distribution function'' was designed to speed up certain functions in post-quantum and lattice-based public key algorithms. We implement and evaluate SNEIK algorithms on popular 8-bit AVR and 32-bit ARMv7-M (Cortex M3/M4) microcontrollers, and also describe an implementation for the open-source RISC-V (RV32I) Instruction Set Architecture (ISA). Our results demonstrate...

2019/906 (PDF) Last updated: 2019-08-08
Efficient and secure software implementations of Fantomas
Rafael J. Cruz, Antonio Guimarães, Diego F. Aranha
Implementation

In this paper, the efficient software implementation and side-channel resistance of the LS-Design construction is studied through a series of software implementations of the Fantomas block cipher, one of its most prominent instantiations. Target platforms include resource-constrained ARM devices like the Cortex-M3 and M4, and more powerful processors such as the ARM Cortex-A15 and modern Intel platforms. The implementations span a broad range of characteristics: 32-bit and 64-bit versions,...

2019/394 (PDF) Last updated: 2020-03-14
Masking Dilithium: Efficient Implementation and Side-Channel Evaluation
Vincent Migliore, Benoit Gérard, Mehdi Tibouchi, Pierre-Alain Fouque
Implementation

Although security against side-channel attacks is not an explicit design criterion of the NIST post-quantum standardization effort, it is certainly a major concern for schemes that are meant for real-world deployment. In view of the numerous physical attacks that have been proposed against post-quantum schemes in recent literature, it is in particular very important to evaluate the cost and effectiveness of side-channel countermeasures in that setting. For lattice-based signatures, this...

2018/708 (PDF) Last updated: 2019-03-20
Masking the Lightweight Authenticated Ciphers ACORN and Ascon in Software
Alexandre Adomnicai, Jacques J. A. Fournier, Laurent Masson
Implementation

The ongoing CAESAR competition aims at finding authenticated encryption schemes that offer advantages over AES-GCM for several use-cases, including lightweight applications. ACORN and Ascon are the two finalists for this profile. Our paper compares these two candidates according to their resilience against differential power analysis and their ability to integrate countermeasures against such attacks. Especially, we focus on software implementations and provide benchmarks for several...

2018/674 (PDF) Last updated: 2018-10-15
Practical Fault Injection Attacks on SPHINCS
Aymeric Genêt, Matthias J. Kannwischer, Hervé Pelletier, Andrew McLauchlan
Public-key cryptography

The majority of currently deployed cryptographic public-key schemes are at risk of becoming insecure once large scale quantum computers become practical. Therefore, substitutes resistant to quantum attacks楊nown as post-quantum cryptography預re required. In particular, hash-based signature schemes appear to be the most conservative choice for post-quantum digital signatures. In this work, we mount the first practical fault attack against hash-based cryptography. The attack was originally...

2017/1253 (PDF) Last updated: 2018-04-23
Micro-Architectural Power Simulator for Leakage Assessment of Cryptographic Software on ARM Cortex-M3 Processors
Yann Le Corre, Johann Großschädl, Daniel Dinu
Implementation

Masking is a common technique to protect software implementations of symmetric cryptographic algorithms against Differential Power Analysis (DPA) attacks. The development of a properly masked version of a block cipher is an incremental and time-consuming process since each iteration of the development cycle involves a costly leakage assessment. To achieve a high level of DPA resistance, the architecture-specific leakage properties of the target processor need to be taken into account....

2016/714 (PDF) Last updated: 2016-10-19
All the AES You Need on Cortex-M3 and M4
Peter Schwabe, Ko Stoffelen
Implementation

This paper describes highly-optimized AES-{128, 192, 256}-CTR assembly implementations for the popular ARM Cortex-M3 and M4 embedded microprocessors. These implementations are about twice as fast as existing implementations. Additionally, we provide the fastest bitsliced constant-time and masked implementations of AES-128-CTR to protect against timing attacks, power analysis and other (first-order) side-channel attacks. All implementations, including an architecture-specific instruction...

2015/1042 (PDF) Last updated: 2016-02-03
ARMed SPHINCS -- Computing a 41KB signature in 16KB of RAM
Andreas Hülsing, Joost Rijneveld, Peter Schwabe
Implementation

This paper shows that it is feasible to implement the stateless hash-based signature scheme SPHINCS-256 on an embedded microprocessor with memory even smaller than a signature and limited computing power. We demonstrate that it is possible to generate and verify the 41\,KB signature on an ARM Cortex M3 that only has 16\,KB of memory available. We provide benchmarks for our implementation which show that this can be used in practice. To analyze the costs of using the stateless SPHINCS scheme...

2014/386 (PDF) Last updated: 2015-03-20
Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers
Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, Ingrid Verbauwhede
Secret-key cryptography

We propose Chaskey: a very efficient Message Authentication Code (MAC) algorithm for 32-bit microcontrollers. It is intended for applications that require 128-bit security, yet cannot implement standard MAC algorithms because of stringent requirements on speed, energy consumption, or code size. Chaskey is a permutation-based MAC algorithm that uses the Addition-Rotation-XOR (ARX) design methodology. We formally prove that Chaskey is secure in the standard model, based on the security of an...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.