[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?




Dates are inconsistent

Dates are inconsistent

144 results sorted by ID

Possible spell-corrected query: how-latency
2024/2011 (PDF) Last updated: 2024-12-12
Honest-Majority Threshold ECDSA with Batch Generation of Key-Independent Presignatures
Jonathan Katz, Antoine Urban
Cryptographic protocols

Several protocols have been proposed recently for threshold ECDSA signatures, mostly in the dishonest-majority setting. Yet in so-called key-management networks, where a fixed set of servers share a large number of keys on behalf of multiple users, it may be reasonable to assume that a majority of the servers remain uncompromised, and in that case there may be several advantages to using an honest-majority protocol. With this in mind, we describe an efficient protocol for honest-majority...

2024/1996 (PDF) Last updated: 2024-12-13
A Framework for Generating S-Box Circuits with Boyer-Peralta Algorithm-Based Heuristics, and Its Applications to AES, SNOW3G, and Saturnin
Yongjin Jeon, Seungjun Baek, Giyoon Kim, Jongsung Kim
Secret-key cryptography

In many lightweight cryptography applications, low area and latency are required for efficient implementation. The gate count in the cipher and the circuit depth must be low to minimize these two metrics. Many optimization strategies have been developed for the linear layer, led by the Boyer-Peralta (BP) algorithm. The Advanced Encryption Standard (AES) has been a focus of extensive research in this area. However, while the linear layer uses only XOR gates, the S-box, which is an essential...

2024/1965 (PDF) Last updated: 2024-12-04
Onion Franking: Abuse Reports for Mix-Based Private Messaging
Matthew Gregoire, Margaret Pierce, Saba Eskandarian
Applications

The fast-paced development and deployment of private messaging applications demands mechanisms to protect against the concomitant potential for abuse. While widely used end-to-end encrypted (E2EE) messaging systems have deployed mechanisms for users to verifiably report abusive messages without compromising the privacy of unreported messages, abuse reporting schemes for systems that additionally protect message metadata are still in their infancy. Existing solutions either focus on a...

2024/1962 (PDF) Last updated: 2024-12-04
uKNIT: Breaking Round-alignment for Cipher Design -- Featuring uKNIT-BC, an Ultra Low-Latency Block Cipher
Kai Hu, Mustafa Khairallah, Thomas Peyrin, Quan Quan Tan
Secret-key cryptography

Automated cryptanalysis has seen a lot of attraction and success in the past decade, leading to new distinguishers or key-recovery attacks against various ciphers. We argue that the improved efficiency and usability of these new tools have been undervalued, especially for design processes. In this article, we break for the first time the classical iterative design paradigm for symmetric-key primitives, where constructions are built around the repetition of a round function. We propose...

2024/1867 (PDF) Last updated: 2024-11-25
Symmetric Twin Column Parity Mixers and their Applications
Hao Lei, Raghvendra Rohit, Guoxiao Liu, Jiahui He, Mohamed Rachidi, Keting Jia, Kai Hu, Meiqin Wang
Secret-key cryptography

The circulant twin column parity mixer (TCPM) is a type of mixing layer for the round function of cryptographic permutations designed by Hirch et al. at CRYPTO 2023. It has a bitwise differential branch number of 12 and a bitwise linear branch number of 4, which makes it competitive in applications where differential security is required. Hirch et al. gave a concrete instantiation of a permutation using such a mixing layer, named Gaston, and showed the best 3-round differential and linear...

2024/1772 (PDF) Last updated: 2024-10-31
Byte-wise equal property of ARADI
Sunyeop Kim, Insung Kim, Dongjae Lee, Deukjo Hong, Jaechul Sung, Seokhie Hong
Secret-key cryptography

ARADI is a low-latency block cipher proposed by the NSA (National Security Agency) in 2024 for memory encryption. Bellini et al. experimentally demonstrated that in specific cubes of 5-round ARADI, the cube sums are byte-wise equal, for example, to 0x9d9dc5c5. This paper modifies the MILP-based division property algorithm to prove this and observes that the rotation amount of 8 in ARADI causes cancellations of monomials, allowing us to extend the byte-wise equal property up to 8 rounds. As a...

2024/1729 (PDF) Last updated: 2024-10-22
cuTraNTT: A Novel Transposed Number Theoretic Transform Targeting Low Latency Homomorphic Encryption for IoT Applications
Supriya Adhikary, Wai Kong Lee, Angshuman Karmakar, Yongwoo Lee, Seong Oun Hwang, Ramachandra Achar
Implementation

Large polynomial multiplication is one of the computational bottlenecks in fully homomorphic encryption implementations. Usually, these multiplications are implemented using the number-theoretic transformation to speed up the computation. State-of-the-art GPU-based implementation of fully homomorphic encryption computes the number theoretic transformation in two different kernels, due to the necessary synchronization between GPU blocks to ensure correctness in computation. This can be a...

2024/1708 (PDF) Last updated: 2024-10-18
Subliminal Encrypted Multi-Maps and Black-Box Leakage Absorption
Amine Bahi, Seny Kamara, Tarik Moataz, Guevara Noubir
Cryptographic protocols

We propose a dynamic, low-latency encrypted multi-map (EMM) that operates in two modes: low-leakage mode, which reveals minimal information such as data size, expected response length, and query arrival rate; and subliminal mode, which reveals only the data size while hiding metadata including query and update times, the number of operations executed, and even whether an operation was executed at all---albeit at the cost of full correctness. We achieve this by exploiting a tradeoff...

2024/1633 (PDF) Last updated: 2024-10-11
Efficient Boolean-to-Arithmetic Mask Conversion in Hardware
Aein Rezaei Shahmirzadi, Michael Hutter
Implementation

Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating...

2024/1559 (PDF) Last updated: 2024-10-04
Mind the Composition of Toffoli Gates: Structural Algebraic Distinguishers of ARADI
Emanuele Bellini, Mohamed Rachidi, Raghvendra Rohit, Sharwan K. Tiwari
Secret-key cryptography

This paper reveals a critical flaw in the design of ARADI, a recently proposed low-latency block cipher by NSA researchers -- Patricia Greene, Mark Motley, and Bryan Weeks. The weakness exploits the specific composition of Toffoli gates in the round function of ARADI's nonlinear layer, and it allows the extension of a given algebraic distinguisher to one extra round without any change in the data complexity. More precisely, we show that the cube-sum values, though depending on the secret key...

2024/1526 (PDF) Last updated: 2024-09-28
Overpass Channels: Horizontally Scalable, Privacy-Enhanced, with Independent Verification, Fluid Liquidity, and Robust Censorship Proof, Payments
Brandon "Cryptskii" Ramsay
Cryptographic protocols

Overpass Channels presents a groundbreaking approach to blockchain scalability, offering a horizontally scalable, privacy-enhanced payment network with independent verification, fluid liquidity, and robust censorship resistance. This paper introduces a novel architecture that leverages zero-knowledge proofs, specifically zk-SNARKs, to ensure transaction validity and privacy while enabling unprecedented throughput and efficiency. By eliminating the need for traditional consensus mechanisms...

2024/1485 (PDF) Last updated: 2024-09-23
LARMix$\mathbf{++}$: Latency-Aware Routing in Mix Networks with Free Routes Topology
Mahdi Rahimi
Applications

Mix networks (mixnets) enhance anonymity by routing client messages through multiple hops, intentionally delaying or reordering these messages to ensure unlinkability. However, this process increases end-to-end latency, potentially degrading the client experience. To address this issue, LARMix (NDSS, 2024) proposed a low-latency routing methodology specifically designed for stratified mixnet architectures. Our paper extends this concept to Free Routes mixnet designs, where, unlike stratified...

2024/1460 (PDF) Last updated: 2024-09-18
PPSA: Polynomial Private Stream Aggregation for Time-Series Data Analysis
Antonia Januszewicz, Daniela Medrano Gutierrez, Nirajan Koirala, Jiachen Zhao, Jonathan Takeshita, Jaewoo Lee, Taeho Jung
Cryptographic protocols

Modern data analytics requires computing functions on streams of data points from many users that are challenging to calculate, due to both the high scale and nontrivial nature of the computation at hand. The need for data privacy complicates this matter further, as general-purpose privacy-enhancing technologies face limitations in at least scalability or utility. Existing work has attempted to improve this by designing purpose-built protocols for the use case of Private Stream Aggregation;...

2024/1408 (PDF) Last updated: 2024-09-09
Multiple-Tweak Differential Attack Against SCARF
Christina Boura, Shahram Rasoolzadeh, Dhiman Saha, Yosuke Todo
Secret-key cryptography

In this paper, we present the first third-party cryptanalysis of SCARF, a tweakable low-latency block cipher designed to thwart contention-based cache attacks through cache randomization. We focus on multiple-tweak differential attacks, exploiting biases across multiple tweaks. We establish a theoretical framework explaining biases for any number of rounds and verify this framework experimentally. Then, we use these properties to develop a key recovery attack on 7-round SCARF with a time...

2024/1324 (PDF) Last updated: 2024-08-29
CLAASPing ARADI: Automated Analysis of the ARADI Block Cipher
Emanuele Bellini, Mattia Formenti, David Gérault, Juan Grados, Anna Hambitzer, Yun Ju Huang, Paul Huynh, Mohamed Rachidi, Raghvendra Rohit, Sharwan K. Tiwari
Attacks and cryptanalysis

In early August 2024, three NSA researchers -- Patricia Greene, Mark Motley, and Bryan Weeks -- published the technical specifications for a new low-latency block cipher, ARADI, along with its corresponding authenticated encryption mode, LLAMA, which is specifically designed for memory encryption applications. Their manuscript offered minimal security analysis of the design, only briefly discussing the differential, linear and algebraic properties of cipher's underlying components. In this...

2024/1270 (PDF) Last updated: 2024-08-11
Meet-in-the-Middle Attack on 4+4 Rounds of SCARF under Single-Tweak Setting
Siwei Chen, Kai Hu, Guozhen Liu, Zhongfeng Niu, Quan Quan Tan, Shichang Wang
Attacks and cryptanalysis

\scarf, an ultra low-latency tweakable block cipher, is the first cipher designed for cache randomization. The block cipher design is significantly different from the other common tweakable block ciphers; with a block size of only 10 bits, and yet the input key size is a whopping $240$ bits. Notably, the majority of the round key in its round function is absorbed into the data path through AND operations, rather than the typical XOR operations. In this paper, we present a key-recovery...

2024/1249 (PDF) Last updated: 2024-08-06
Koala: A Low-Latency Pseudorandom Function
Parisa Amiri Eliasi, Yanis Belkheyar, Joan Daemen, Santosh Ghosh, Daniël Kuijsters, Alireza Mehrdad, Silvia Mella, Shahram Rasoolzadeh, Gilles Van Assche
Secret-key cryptography

This paper introduces the Koala PRF, which maps a variable-length sequence of $64$-bit input blocks to a single $257$-bit output block. Its design focuses on achieving low latency in its implementation in ASIC. To construct Koala, we instantiate the recently introduced Kirby construction with the Koala-P permutation and add an input encoding layer. The Koala-P permutation is obtained as the $8$-fold iteration of a simple round function inspired by that of Subterranean. Based on...

2024/1241 (PDF) Last updated: 2024-08-06
PROF: Protected Order Flow in a Profit-Seeking World
Kushal Babel, Nerla Jean-Louis, Yan Ji, Ujval Misra, Mahimna Kelkar, Kosala Yapa Mudiyanselage, Andrew Miller, Ari Juels
Applications

Users of decentralized finance (DeFi) applications face significant risks from adversarial actions that manipulate the order of transactions to extract value from users. Such actions---an adversarial form of what is called maximal-extractable value (MEV)---impact both individual outcomes and the stability of the DeFi ecosystem. MEV exploitation, moreover, is being institutionalized through an architectural paradigm known Proposer-Builder Separation (PBS). This work introduces a system...

2024/1240 (PDF) Last updated: 2024-09-05
ARADI and LLAMA: Low-Latency Cryptography for Memory Encryption
Patricia Greene, Mark Motley, Bryan Weeks
Secret-key cryptography

In this paper, we describe a low-latency block cipher (ARADI) and authenticated encryption mode (LLAMA) intended to support memory encryption applications.

2024/1186 (PDF) Last updated: 2024-07-25
MATTER: A Wide-Block Tweakable Block Cipher
Roberto Avanzi, Orr Dunkelman, Kazuhiko Minematsu
Secret-key cryptography

In this note, we introduce the MATTER Tweakable Block Cipher, designed principally for low latency in low-area hardware implementations, but that can also be implemented in an efficient and compact way in software. MATTER is a 512-bit wide balanced Feistel network with three to six rounds, using the ASCON permutation as the round function. The Feistel network defines a keyed, non-tweakable core, which is made tweakable by using the encryption of the tweak as its key. Key and tweak are...

2024/1120 (PDF) Last updated: 2024-07-09
A Fast and Efficient SIKE Co-Design: Coarse-Grained Reconfigurable Accelerators with Custom RISC-V Microcontroller on FPGA
Jing Tian, Bo Wu, Lang Feng, Haochen Zhang, Zhongfeng Wang
Implementation

This paper proposes a fast and efficient FPGA-based hardware-software co-design for the supersingular isogeny key encapsulation (SIKE) protocol controlled by a custom RISC-V processor. Firstly, we highly optimize the core unit, the polynomial-based field arithmetic logic unit (FALU), with the proposed fast convolution-like multiplier (FCM) to significantly reduce the resource consumption while still maintaining low latency and constant time for all the four SIKE parameters. Secondly, we pack...

2024/1052 (PDF) Last updated: 2024-10-18
A New Fine Tuning Method for FHEW/TFHE Bootstrapping with IND-CPAD Security
Deokhwa Hong, Young-Sik Kim, Yongwoo Lee, Eunyoung Seo
Public-key cryptography

Fully homomorphic encryption (FHE) schemes enable computations on encrypted data, making them as a crucial component of privacy-enhancing technologies. Ducas and Micciancio introduced the FHEW scheme (Eurocrypt '15), which was further enhanced by Chillotti et al. with TFHE (Asiacrypt '17). These schemes support low-latency homomorphic evaluations of binary (or larger) gates due to their small parameter size. However, the evaluation failure probability in these schemes is highly sensitive to...

2024/975 (PDF) Last updated: 2024-06-17
ZLR: a fast online authenticated encryption scheme achieving full security
Wonseok Choi, Seongha Hwang, Byeonghak Lee, Jooyoung Lee
Secret-key cryptography

Online authenticated encryption has been considered of practical relevance in light-weight environments due to low latency and constant memory usage. In this paper, we propose a new tweakable block cipher-based online authenticated encryption scheme, dubbed ZLR, and its domain separation variant, dubbed DS-ZLR. ZLR and DS-ZLR follow the Encrypt-MixEncrypt paradigm. However, in contrast to existing schemes using the same paradigm such as ELmE and CoLM, ZLR and DS-ZLR enjoy n-bit security by...

2024/967 (PDF) Last updated: 2024-07-08
Consolidated Linear Masking (CLM): Generalized Randomized Isomorphic Representations, Powerful Degrees of Freedom and Low(er)-cost
Itamar Levi, Osnat Keren
Implementation

Masking is a widely adopted countermeasure against side-channel analysis (SCA) that protects cryptographic implementations from information leakage. However, current masking schemes often incur significant overhead in terms of electronic cost. RAMBAM, a recently proposed masking technique that fits elegantly with the AES algorithm, offers ultra-low latency/area by utilizing redundant representations of finite field elements. This paper presents a comprehensive generalization of RAMBAM and...

2024/925 (PDF) Last updated: 2024-06-10
Time Sharing - A Novel Approach to Low-Latency Masking
Dilip Kumar S. V., Siemen Dhooghe, Josep Balasch, Benedikt Gierlichs, Ingrid Verbauwhede
Implementation

We present a novel approach to small area and low-latency first-order masking in hardware. The core idea is to separate the processing of shares in time in order to achieve non-completeness. Resulting circuits are proven first-order glitch-extended PINI secure. This means the method can be straightforwardly applied to mask arbitrary functions without constraints which the designer must take care of. Furthermore we show that an implementation can benefit from optimization through EDA tools...

2024/883 (PDF) Last updated: 2024-06-03
Low-Latency Linear Transformations with Small Key Transmission for Private Neural Network on Homomorphic Encryption
Byeong-Seo Min, Joon-Woo Lee
Applications

In the field of Artificial Intelligence (AI), convolution operations have primarily been used in Convolutional Neural Networks (CNNs). However, its utility is increasing with the appearance of convolution integrated transformers or state space models where convolution is a constituent element. In the field of private AI, generalized algorithm, multiplexed parallel convolution was recently proposed to implement CNNs based on the Homomorphic Encryption scheme, residue number system variant...

2024/653 (PDF) Last updated: 2024-09-20
Aether: Approaching the Holy Grail in Asynchronous BFT
Xiaohai Dai, Chaozheng Ding, Hai Jin, Julian Loss, Ling Ren
Applications

State-of-the-art asynchronous Byzantine Fault Tolerance (BFT) protocols integrate a partially-synchronous optimistic path. The holy grail in this paradigm is to match the performance of a partially-synchronous protocol in favorable situations and match the performance of a purely asynchronous protocol in unfavorable situations. Several prior works have made progress toward this goal by matching the efficiency of a partially-synchronous protocol in favorable conditions. However, their...

2024/607 (PDF) Last updated: 2024-04-19
Low-latency Secure Integrated Sensing and Communication with Transmitter Actions
Truman Welling, Onur Gunlu, Aylin Yener
Foundations

This paper considers an information theoretic model of secure integrated sensing and communication, represented as a wiretap channel with action dependent states. This model allows one to secure a part of the transmitted message against a sensed target that eavesdrops the communication, while allowing transmitter actions to change the channel statistics. An exact secrecy-distortion region is given for a physically-degraded channel. Moreover, a finite-length achievability region is...

2024/550 (PDF) Last updated: 2024-07-17
Fast Parallelizable Misuse-Resistant Authenticated Encryption: Low Latency (Decryption-Fast) SIV
Mustafa Khairallah
Secret-key cryptography

MRAE security is an important goal for many AEAD applications where the nonce uniqueness cannot be maintained and security risks are significant. However, MRAE schemes can be quite expensive. Two of the SoTA MRAE-secure schemes; Deoxys-II and AES-GCM-SIV rely on internal parallelism and special instructions to achieve competitive performance. However, they both suffer from the same bottleneck, they have at least one call to the underlying primitive that cannot be parallelized to any other...

2024/160 (PDF) Last updated: 2024-02-17
LightDAG: A Low-latency DAG-based BFT Consensus through Lightweight Broadcast
Xiaohai Dai, Guanxiong Wang, Jiang Xiao, Zhengxuan Guo, Rui Hao, Xia Xie, Hai Jin
Applications

To improve the throughput of Byzantine Fault Tolerance (BFT) consensus protocols, the Directed Acyclic Graph (DAG) topology has been introduced to parallel data processing, leading to the development of DAG-based BFT consensus. However, existing DAG-based works heavily rely on Reliable Broadcast (RBC) protocols for block broadcasting, which introduces significant latency due to the three communication steps involved in each RBC. For instance, DAGRider, a representative DAG-based protocol,...

2024/045 (PDF) Last updated: 2024-01-11
A Low-Latency High-Order Arithmetic to Boolean Masking Conversion
Jiangxue Liu, Cankun Zhao, Shuohang Peng, Bohan Yang, Hang Zhao, Xiangdong Han, Min Zhu, Shaojun Wei, Leibo Liu
Implementation

Masking, an effective countermeasure against side-channel attacks, is commonly applied in modern cryptographic implementations. Considering cryptographic algorithms that utilize both Boolean and arithmetic masking, the conversion algorithm between arithmetic masking and Boolean masking is required. Conventional high-order arithmetic masking to Boolean masking conversion algorithms based on Boolean circuits suffer from performance overhead, especially in terms of hardware implementation. In...

2023/1914 (PDF) Last updated: 2023-12-13
Efficient Low-Latency Masking of Ascon without Fresh Randomness
Srinidhi Hari Prasad, Florian Mendel, Martin Schläffer, Rishub Nagpal
Implementation

In this work, we present the first low-latency, second-order masked hardware implementation of Ascon that requires no fresh randomness using only $d+1$ shares. Our results significantly outperform any publicly known second-order masked implementations of AES and Ascon in terms of combined area, latency and randomness requirements. Ascon is a family of lightweight authenticated encryption and hashing schemes selected by NIST for standardization. Ascon is tailored for small form factors. It...

2023/1550 (PDF) Last updated: 2023-10-09
A Thorough Evaluation of RAMBAM
Daniel Lammers, Amir Moradi, Nicolai Müller, Aein Rezaei Shahmirzadi
Implementation

The application of masking, widely regarded as the most robust and reliable countermeasure against Side-Channel Analysis (SCA) attacks, has been the subject of extensive research across a range of cryptographic algorithms, especially AES. However, the implementation cost associated with applying such a countermeasure can be significant and even in some scenarios infeasible due to considerations such as area and latency overheads, as well as the need for fresh randomness to ensure the...

2023/1307 (PDF) Last updated: 2023-09-01
Constant-Round Private Decision Tree Evaluation for Secret Shared Data
Nan Cheng, Naman Gupta, Aikaterini Mitrokotsa, Hiraku Morita, Kazunari Tozawa
Cryptographic protocols

Decision tree evaluation is extensively used in machine learning to construct accurate classification models. Often in the cloud-assisted communication paradigm cloud servers execute remote evaluations of classification models using clients’ data. In this setting, the need for private decision tree evaluation (PDTE) has emerged to guarantee no leakage of information for the client’s input nor the service provider’s trained model i.e., decision tree. In this paper, we propose a private...

2023/1244 (PDF) Last updated: 2024-03-01
HERMES: Efficient Ring Packing using MLWE Ciphertexts and Application to Transciphering
Youngjin Bae, Jung Hee Cheon, Jaehyung Kim, Jai Hyun Park, Damien Stehlé
Public-key cryptography

Most of the current fully homomorphic encryption (FHE) schemes are based on either the learning-with-errors (LWE) problem or on its ring variant (RLWE) for storing plaintexts. During the homomorphic computation of FHE schemes, RLWE formats provide high throughput when considering several messages, and LWE formats provide a low latency when there are only a few messages. Efficient conversion can bridge the advantages of each format. However, converting LWE formats into RLWE format, which is...

2023/1227 (PDF) Last updated: 2023-08-13
Parallel SAT Framework to Find Clustering of Differential Characteristics and Its Applications
Kosei Sakamoto, Ryoma Ito, Takanori Isobe
Secret-key cryptography

The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework to efficiently figure out a differential with the highest probability under a specified condition. As the previous SAT methods (e.g., the Sun et al’s method proposed at ToSC 2021(1)) focused on accelerating the search for an optimal single differential characteristic, these are not optimized for...

2023/953 (PDF) Last updated: 2024-02-04
Towards Generic MPC Compilers via Variable Instruction Set Architectures (VISAs)
Yibin Yang, Stanislav Peceny, David Heath, Vladimir Kolesnikov
Cryptographic protocols

In MPC, we usually represent programs as circuits. This is a poor fit for programs that use complex control flow, as it is costly to compile control flow to circuits. This motivated prior work to emulate CPUs inside MPC. Emulated CPUs can run complex programs, but they introduce high overhead due to the need to evaluate not just the program, but also the machinery of the CPU, including fetching, decoding, and executing instructions, accessing RAM, etc. Thus, both circuits and CPU...

2023/908 (PDF) Last updated: 2023-06-11
A Hardware-Software Co-Design for the Discrete Gaussian Sampling of FALCON Digital Signature
Emre Karabulut, Aydin Aysu
Implementation

Sampling random values from a discrete Gaussian distribution with high precision is a major and computationally intensive operation of upcoming or existing cryptographic standards. FALCON is one such algorithm that the National Institute of Standards and Technology chose to standardize as a next-generation, quantum-secure digital signature algorithm. The discrete Gaussian sampling of FALCON has both flexibility and efficiency needs—it constitutes 72% of total signature generation in...

2023/878 (PDF) Last updated: 2023-06-12
Introducing two Low-Latency Cipher Families: Sonic and SuperSonic
Yanis Belkheyar, Joan Daemen, Christoph Dobraunig, Santosh Ghosh, Shahram Rasoolzadeh
Secret-key cryptography

For many latency-critical operations in computer systems, like memory reads/writes, adding encryption can have a big impact on the performance. Hence, the existence of cryptographic primitives with good security properties and minimal latency is a key element in the wide-spread implementation of such security measures. In this paper, we introduce two new families of low-latency permutations/block ciphers called Sonic and SuperSonic, inspired by the Simon block ciphers.

2023/679 (PDF) Last updated: 2024-01-30
ParBFT: Faster Asynchronous BFT Consensus with a Parallel Optimistic Path
Xiaohai Dai, Bolin Zhang, Hai Jin, Ling Ren
Applications

To reduce latency and communication overhead of asynchronous Byzantine Fault Tolerance (BFT) consensus, an optimistic path is often added, with Ditto and BDT as state-of-the-art representatives. These protocols first attempt to run an optimistic path that is typically adapted from partially-synchronous BFT and promises good performance in good situations. If the optimistic path fails to make progress, these protocols switch to a pessimistic path after a timeout, to guarantee liveness in an...

2023/678 (PDF) Last updated: 2023-05-17
A 334µW 0.158mm2 ASIC for Post-Quantum Key-Encapsulation Mechanism Saber with Low-latency Striding Toom-Cook Multiplication Extended Version
Archisman Ghosh, Jose Maria Bermudo Mera, Angshuman Karmakar, Debayan Das, Santosh Ghosh, Ingrid Verbauwhede, Shreyas Sen
Public-key cryptography

The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard \&...

2023/674 (PDF) Last updated: 2023-05-12
An Efficient Strategy to Construct a Better Differential on Multiple-Branch-Based Designs: Application to Orthros
Kazuma Taka, Tatusya Ishikawa, Kosei Sakamoto, Takanori Isobe
Attacks and cryptanalysis

As low-latency designs tend to have a small number of rounds to decrease latency, the differential-type cryptanalysis can become a significant threat to them. In particular, since a multiple-branch-based design, such as Orthros can have the strong clustering effect on differential attacks due to its large internal state, it is crucial to investigate the impact of the clustering effect in such a design. In this paper, we present a new SAT-based automatic search method for evaluating the...

2023/612 (PDF) Last updated: 2023-04-29
Cryptanalysis of SPEEDY
Jinliang Wang, Chao Niu, Qun Liu, Muzhou Li, Bart Preneel, Meiqin Wang
Secret-key cryptography

SPEEDY is a family of ultra-lightweight block ciphers designed by Leander et al. at CHES 2021. There are three recommended variants denoted as SPEEDY-$r$-192 with $r$∈{5,6,7}. All of them support the 192-bit block and the 192-bit key. The main focus during its design is to ensure hardware-aware low latency, thus, whether it is designed to have enough security is worth to be studied. Recently, the full-round security of SPEEDY-7-192 is announced to be broken by Boura et al. at EUROCRYPT 2023...

2023/583 (PDF) Last updated: 2023-04-24
Reusable, Instant and Private Payment Guarantees for Cryptocurrencies
Akash Madhusudan, Mahdi Sedaghat, Samarth Tiwari, Kelong Cong, Bart Preneel
Cryptographic protocols

Despite offering numerous advantages, public decentralized cryptocurrencies such as Bitcoin suffer from scalability issues such as high transaction latency and low throughput. The vast array of so-called Layer-2 solutions tackling the scalability problem focus on throughput, and consider latency as a secondary objective. However, in the context of retail payments, instant finality of transactions is arguably a more pressing concern, besides the overarching concern for privacy. In this...

2023/174 (PDF) Last updated: 2023-02-12
Improved Heuristics for Low-latency Implementations of Linear Layers
Qun Liu, Zheng Zhao, Meiqin Wang

In many applications, low area and low latency are required for the chip-level implementation of cryptographic primitives. The low-cost implementations of linear layers usually play a crucial role for symmetric ciphers. Some heuristic methods, such as the forward search and the backward search, minimize the number of XOR gates of the linear layer under the minimum latency limitation. For the sake of achieving further optimization for such implementation of the linear layer, we put forward...

2022/1712 (PDF) Last updated: 2022-12-10
KEMTLS vs. Post-Quantum TLS: Performance On Embedded Systems
Ruben Gonzalez, Thom Wiggers
Implementation

TLS is ubiquitous in modern computer networks. It secures transport for high-end desktops and low-end embedded devices alike. However, the public key cryptosystems currently used within TLS may soon be obsolete as large-scale quantum computers, once realized, would be able to break them. This threat has led to the development of post-quantum cryptography (PQC). The U.S. standardization body NIST is currently in the process of concluding a multi-year search for promising post-quantum...

2022/1399 (PDF) Last updated: 2022-10-15
Low-latency implementation of the GIFT cipher on RISC-V architectures
Gheorghe Pojoga, Kostas Papagiannopoulos
Implementation

Lightweight cryptography is a viable solution for constrained computational environments that require a secure communication channel. To standardize lightweight primitives, NIST has published a call for algorithms that address needs like compactness, low-latency, low-power/energy, etc. Among the candidates, the GIFT family of block ciphers was utilized in various NIST candidates due to its high-security margin and small gate footprint. As a result of their hardware-oriented design, software...

2022/1362 (PDF) Last updated: 2024-01-05
ALLOSAUR: Accumulator with Low-Latency Oblivious Sublinear Anonymous credential Updates with Revocations
Samuel Jaques, Michael Lodder, Hart Montgomery
Cryptographic protocols

A cryptographic accumulator is a space- and time-efficient data structure with associated algorithms used for secure membership testing. In the growing space of digital credentials, accumulators found in managing a set of valid credentials, giving efficient and anonymous methods for credential holders to prove their validity. Unlike traditional credentials like digital signatures, one can easily revoke credentials with an accumulator; however, each revocation forces existing credential...

2022/1228 (PDF) Last updated: 2023-05-15
SCARF: A Low-Latency Block Cipher for Secure Cache-Randomization
Federico Canale, Tim Güneysu, Gregor Leander, Jan Philipp Thoma, Yosuke Todo, Rei Ueno

Randomized cache architectures have proven to significantly increase the complexity of contention-based cache side channel attacks and therefore pre\-sent an important building block for side channel secure microarchitectures. By randomizing the address-to-cache-index mapping, attackers can no longer trivially construct minimal eviction sets which are fundamental for contention-based cache attacks. At the same time, randomized caches maintain the flexibility of traditional...

2022/1158 (PDF) Last updated: 2022-09-06
Differential Cryptanalysis of K-Cipher
Mohammad Mahzoun, Liliya Kraleva, Raluca Posteuca, Tomer Ashur
Attacks and cryptanalysis

K-Cipher is an ultra-low latency block cipher with variable-length parameters designed by Intel Labs. In this work, we analyze the security of K-Cipher and propose a differential cryptanalysis attack with the complexity of $2^{29.7}$ for a variant of K-Cipher with state size $n=24$ bits state and block size $m=8$ bits. Our attack recovers the secret key and secret randomizer values with a total length of 240 bits in $\sim 30$ minutes on a standard desktop machine. We show that it is...

2022/1141 (PDF) Last updated: 2022-12-23
An Optimal Universal Construction for the Threshold Implementation of Bijective S-boxes
Enrico Piccione, Samuele Andreoli, Lilya Budaghyan, Claude Carlet, Siemen Dhooghe, Svetla Nikova, George Petrides, Vincent Rijmen
Implementation

Threshold implementation is a method based on secret sharing to secure cryptographic ciphers (and in particular S-boxes) against differential power analysis side-channel attacks which was proposed by Nikova, Rechberger, and Rijmen in 2006. Until now, threshold implementations were only constructed for specific types of functions and some small S-boxes, but no generic construction was ever presented. In this paper, we present the first universal threshold implementation with $t+2$ shares that...

2022/829 (PDF) Last updated: 2022-06-23
TERSE: Tiny Encryptions and Really Speedy Execution for Post-Quantum Private Stream Aggregation
Jonathan Takeshita, Zachariah Carmichael, Ryan Karl, Taeho Jung
Cryptographic protocols

The massive scale and performance demands of privacy-preserving data aggregation make integration of security and privacy difficult. Traditional tools in private computing are not well-suited to handle these challenges, especially for more limited client devices. Efficient primitives and protocols for secure and private data aggregation are a promising approach for private data analytics with resource-constrained devices. However, even such efficient primitives may be much slower than...

2022/793 (PDF) Last updated: 2022-06-20
LLAMA: A Low Latency Math Library for Secure Inference
Kanav Gupta, Deepak Kumaraswamy, Nishanth Chandran, Divya Gupta
Cryptographic protocols

Secure machine learning (ML) inference can provide meaningful privacy guarantees to both the client (holding sensitive input) and the server (holding sensitive weights of the ML model) while realizing inference-as-a-service. Although many specialized protocols exist for this task, including those in the preprocessing model (where a majority of the overheads are moved to an input independent offline phase), they all still suffer from large online complexity. Specifically, the protocol phase...

2022/755 (PDF) Last updated: 2022-06-13
Low-latency Hardware Architecture for VDF Evaluation in Class Groups
Danyang Zhu, Jing Tian, Minghao Li, Zhongfeng Wang

The verifiable delay function (VDF), as a kind of cryptographic primitives, has recently been adopted quite often in decentralized systems. Highly correlated to the security of VDFs, the fastest implementation for VDF evaluation is generally desired to be publicly known. In this paper, for the first time, we propose a low-latency hardware implementation for the complete VDF evaluation in the class group by joint exploiting optimizations. On one side, we reduce the required computational...

2022/641 (PDF) Last updated: 2022-11-25
Self-Timed Masking: Implementing Masked S-Boxes Without Registers
Mateus Simões, Lilian Bossuet, Nicolas Bruneau, Vincent Grosso, Patrick Haddad, Thomas Sarno
Implementation

Masking is one of the most used side-channel protection techniques. However, a secure masking scheme requires additional implementation costs, e.g. random number, and transistor count. Furthermore, glitches and early evaluation can temporally weaken a masked implementation in hardware, creating a potential source of exploitable leakages. Registers are generally used to mitigate these threats, hence increasing the implementation's area and latency. In this work, we show how to design...

2022/612 (PDF) Last updated: 2022-05-23
Cryptanalysis of Reduced Round SPEEDY
Raghvendra Rohit, Santanu Sarkar
Secret-key cryptography

SPEEDY is a family of ultra low latency block ciphers proposed by Leander, Moos, Moradi and Rasoolzadeh at TCHES 2021. Although the designers gave some differential/linear distinguishers for reduced rounds, a concrete cryptanalysis considering key recovery attacks on SPEEDY was completely missing. The latter is crucial to understand the security margin of designs like SPEEDY which typically use low number of rounds to have low latency. In this work, we present the first third-party...

2022/603 (PDF) Last updated: 2022-05-17
Distributed Blockchain Price Oracle
Léonard Lys, Maria Potop-Butucaru
Foundations

Blockchain oracles are systems that connect blockchains with the outside world by interfacing with external data providers. They provide decentralized applications with the external information needed for smart contract execution. In this paper, we focus on decentralized price oracles, which are distributed systems that provide exchange rates of digital assets to smart contracts. They are the cornerstone of the safety of some decentralized finance applications such as stable coins or...

2022/507 (PDF) Last updated: 2022-05-13
Low-Latency Hardware Private Circuits
David Knichel, Amir Moradi
Implementation

Over the last years, the rise of the IoT, and the connection of mobile - and hence physically accessible - devices, immensely enhanced the demand for fast and secure hardware implementations of cryptographic algorithms which offer thorough protection against SCA attacks. Among a variety of proposed countermeasures against SCA, masking has transpired to be a promising candidate, attracting significant attention in both, academia and industry. Here, abstract adversary models have been derived,...

2022/505 (PDF) Last updated: 2022-10-17
Riding the Waves Towards Generic Single-Cycle Masking in Hardware
Rishub Nagpal, Barbara Gigerl, Robert Primas, Stefan Mangard
Implementation

Research on the design of masked cryptographic hardware circuits in the past has mostly focused on reducing area and randomness requirements. However, many embedded devices like smart cards and IoT nodes also need to meet certain performance criteria, which is why the latency of masked hardware circuits also represents an important metric for many practical applications. The root cause of latency in masked hardware circuits is the need for additional register stages that synchronize the...

2022/488 (PDF) Last updated: 2022-04-25
OrgAn: Organizational Anonymity with Low Latency
Debajyoti Das, Easwar Vivek Mangipudi, Aniket Kate
Cryptographic protocols

There is a growing demand for network-level anonymity for delegates at global organizations such as the UN and Red Cross. Numerous anonymous communication (AC) systems have been proposed over the last few decades to provide anonymity over the internet; however, they either introduce high latency overhead, provide weaker anonymity guarantees, or are difficult to be deployed at the organizational networks. Recently, the PriFi system introduced a client/relay/server model that suitably utilizes...

2022/469 (PDF) Last updated: 2022-04-22
Efficient ASIC Architectures for Low Latency Niederreiter Decryption
Daniel Fallnich, Shutao Zhang, Tobias Gemmeke
Implementation

Post-quantum cryptography addresses the increasing threat that quantum computing poses to modern communication systems. Among the available "quantum-resistant" systems, the Niederreiter cryptosystem is positioned as a conservative choice with strong security guarantees. As a code-based cryptosystem, the Niederreiter system enables high performance operations and is thus ideally suited for applications such as the acceleration of server workloads. However, until now, no ASIC architecture is...

2022/452 (PDF) Last updated: 2022-04-12
UTT: Decentralized Ecash with Accountable Privacy
Alin Tomescu, Adithya Bhat, Benny Applebaum, Ittai Abraham, Guy Gueta, Benny Pinkas, Avishay Yanai
Cryptographic protocols

We present UnTraceable Transactions (UTT), a system for decentralized ecash with accountable privacy. UTT is the first ecash system that obtains three critical properties: (1) it provides decentralized trust by implementing the ledger, bank, auditor, and registration authorities via threshold cryptography and Byzantine Fault Tolerant infrastructure; (2) it balances accountability and privacy by implementing anonymity budgets: users can anonymously send payments, but only up to a limited...

2022/418 (PDF) Last updated: 2022-04-06
LLTI: Low-Latency Threshold Implementations
Victor Arribas, Zhenda Zhang, Svetla Nikova
Implementation

With the enormous increase in portable cryptographic devices, physical attacks are becoming similarly popular. One of the most common physical attacks is Side-Channel Analysis (SCA), extremely dangerous due to its non-invasive nature. Threshold Implementations (TI) was proposed as the first countermeasure to provide provable security in masked hardware implementations. While most works on hardware masking are focused on optimizing the area requirements, with the newer and smaller...

2022/246 (PDF) Last updated: 2023-09-26
On the Concrete Security of TLS 1.3 PSK Mode
Hannah Davis, Denis Diemert, Felix Günther, Tibor Jager
Cryptographic protocols

The pre-shared key (PSK) handshake modes of TLS 1.3 allow for the performant, low-latency resumption of previous connections and are widely used on the Web and by resource-constrained devices, e.g., in the Internet of Things. Taking advantage of these performance benefits with optimal and theoretically-sound parameters requires tight security proofs. We give the first tight security proofs for the TLS 1.3 PSK handshake modes. Our main technical contribution is to address a gap in prior...

2022/231 (PDF) Last updated: 2022-02-25
Towards Low-Latency Implementation of Linear Layers
Qun Liu, Weijia Wang, Yanhong Fan, Lixuan Wu, Ling Sun, Meiqin Wang
Secret-key cryptography

Lightweight cryptography features a small footprint and/or low computational complexity. Low-cost implementations of linear layers usually play an important role in lightweight cryptography. Although it has been shown by Boyar et al. that finding the optimal implementation of a linear layer is a Shortest Linear Program (SLP) problem and NP-hard, there exist a variety of heuristic methods to search for near-optimal solutions. This paper considers the low-latency criteria and focuses on the...

2022/193 (PDF) Last updated: 2023-01-16
OptRand: Optimistically responsive distributed random beacons
Adithya Bhat, Nibesh Shrestha, Aniket Kate, Kartik Nayak
Cryptographic protocols

Public random beacons publish random numbers at regular intervals, which anyone can obtain and verify. The design of public distributed random beacons has been an exciting research direction with significant implications for blockchains, voting, and beyond. Distributed random beacons, in addition to being bias-resistant and unpredictable, also need to have low communication overhead and latency, high resilience to faults, and ease of reconfigurability. Existing synchronous random beacon...

2022/083 (PDF) Last updated: 2022-03-10
Zef: Low-latency, Scalable, Private Payments
Mathieu Baudet, Alberto Sonnino, Mahimna Kelkar, George Danezis
Cryptographic protocols

We introduce Zef, the first Byzantine-Fault Tolerant (BFT) protocol to support payments in anonymous digital coins at arbitrary scale. Zef follows the communication and security model of FastPay: both protocols are asynchronous, low-latency, linearly-scalable, and powered by partially-trusted sharded authorities. In contrast with FastPay, user accounts in Zef are uniquely-identified and safely removable. Zef coins are bound to an account by a digital certificate and otherwise stored...

2021/1378 (PDF) Last updated: 2021-10-15
Cryptanalysis of Efficient Masked Ciphers: Applications to Low Latency
Tim Beyne, Siemen Dhooghe, Amir Moradi, Aein Rezaei Shahmirzadi

This work introduces second-order masked implementations of LED, Midori, SKINNY, and PRINCE ciphers which do not require fresh masks to be updated at every clock cycle. The main idea lies on a combination of the constructions given by Shahmirzadi and Moradi at CHES~2021, and the theory presented by Beyne et al. at Asiacrypt~2020. The presented masked designs only use a minimal number of shares, i.e., three to achieve second-order security, and we make use of a trick to pair a couple of...

2021/1211 (PDF) Last updated: 2021-09-17
Grover on SPEEDY
Gyeongju Song, Kyungbae Jang, Hyunjun Kim, Siwoo Eum, Minjoo Sim, Hyunji Kim, Wai-Kong Lee, Hwajeong Seo
Implementation

With the advent of quantum computers, revisiting the security of cryptography has been an active research area in recent years. In this paper, we estimate the cost of applying Grover's algorithm to SPEEDY block cipher. SPEEDY is a family of ultra-low-latency block ciphers presented in CHES'21. It is ensured that the key search equipped with Grover's algorithm reduces the $n$-bit security of the block cipher to $\frac{n}{2}$-bit. The issue is how many quantum resources are required for...

2021/978 (PDF) Last updated: 2021-07-22
Polymath: Low-Latency MPC via Secure Polynomial Evaluations and its Applications
Donghang Lu, Albert Yu, Aniket Kate, Hemanta Maji
Cryptographic protocols

While the practicality of secure multi-party computation (MPC) has been extensively analyzed and improved over the past decade, we are hitting the limits of efficiency with the traditional approaches of representing the computed functionalities as generic arithmetic or Boolean circuits. This work follows the design principle of identifying and constructing fast and provably-secure MPC protocols to evaluate useful high-level algebraic abstractions; thus, improving the efficiency of all...

2021/960 (PDF) Last updated: 2021-07-22
The SPEEDY Family of Block Ciphers - Engineering an Ultra Low-Latency Cipher from Gate Level for Secure Processor Architectures
Gregor Leander, Thorben Moos, Amir Moradi, Shahram Rasoolzadeh
Secret-key cryptography

We introduce SPEEDY, a family of ultra low-latency block ciphers. We mix engineering expertise into each step of the cipher’s design process in order to create a secure encryption primitive with an extremely low latency in CMOS hardware. The centerpiece of our constructions is a high-speed 6-bit substitution box whose coordinate functions are realized as two-level NAND trees. In contrast to other low-latency block ciphers such as PRINCE, PRINCEv2, MANTIS and QARMA, we neither constrain...

2021/892 (PDF) Last updated: 2021-06-29
Low-Latency Keccak at any Arbitrary Order
Sara Zarei, Aein Rezaei Shahmirzadi, Hadi Soleimany, Raziye Salarifard, Amir Moradi
Implementation

Correct application of masking on hardware implementation of cryptographic primitives necessitates the instantiation of registers in order to achieve the non-completeness (commonly said to stop the propagation of glitches). This sometimes leads to a high latency overhead, making the implementation not necessarily suitable for the underlying application. As a concrete example, this holds for Keccak. Application of d + 1 Domain Oriented Masking (DOM) on a round-based implementation of Keccak...

2021/868 (PDF) Last updated: 2021-06-24
Low-Latency Hardware Masking of PRINCE
Nicolai Müller, Thorben Moos, Amir Moradi
Implementation

Efficient implementation of Boolean masking in terms of low latency has evolved into a hot topic due to the necessity of embedding a physically secure and at-the-same-time fast implementation of cryptographic primitives in e.g., the memory encryption of pervasive devices. Instead of fully minimizing the circuit's area and randomness requirements at the cost of latency, the focus has changed into finding optimal tradeoffs between the circuit area and the execution time. The main latency...

2021/734 (PDF) Last updated: 2024-04-23
Guarding the First Order: The Rise of AES Maskings
Amund Askeland, Siemen Dhooghe, Svetla Nikova, Vincent Rijmen, Zhenda Zhang
Implementation

We provide three first-order hardware maskings of the AES, each allowing for a different trade-off between the number of shares and the number of register stages. All maskings use a generalization of the changing of the guards method enabling the re-use of randomness between masked S-boxes. As a result, the maskings do not require fresh randomness while still allowing for a minimal number of shares and providing provable security in the glitch-extended probing model. The low-area...

2021/453 (PDF) Last updated: 2021-05-31
Merkle^2: A Low-Latency Transparency Log System
Yuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung Jin Yang, Raluca Ada Popa
Cryptographic protocols

Transparency logs are designed to help users audit untrusted servers. For example, Certificate Transparency (CT) enables users to detect when a compromised Certificate Authority (CA) has issued a fake certificate. Practical state-of-the-art transparency log systems, however, suffer from high monitoring costs when used for low-latency applications. To reduce monitoring costs, such systems often require users to wait an hour or more for their updates to take effect, inhibiting low-latency...

2021/390 (PDF) Last updated: 2021-03-27
Orthros: A Low-Latency PRF
Subhadeep Banik, Takanori Isobe, Fukang Liu, Kazuhiko Minematsu, Kosei Sakamoto
Secret-key cryptography

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive,...

2021/384 (PDF) Last updated: 2022-07-08
Analysis and Probing of Parallel Channels in the Lightning Network
Alex Biryukov, Gleb Naumenko, Sergei Tikhomirov
Applications

Bitcoin can process only a few transactions per second, which is insufficient for a global payment network. The Lightning Network (LN) aims to address this challenge. The LN allows for low-latency bitcoin transfers through a network of payment channels. In contrast to regular Bitcoin transactions, payments in the LN are not globally broadcast. Thus it may improve not only Bitcoin’s scalability but also privacy. However, the probing attack allows an adversary to discover channel balances,...

2021/060 (PDF) Last updated: 2024-10-21
UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts
Ran Canetti, Rosario Gennaro, Steven Goldfeder, Nikolaos Makriyannis, Udi Peled
Cryptographic protocols

We present a distributed ECDSA protocol, for any number of signatories. The protocol improves on that of the authors (CCS'20), which in turn builds on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS '18). Specifically: ** Only the last round of the protocol requires knowledge of the message, and the other rounds can take place in a preprocessing stage, lending to a non-interactive threshold ECDSA protocol. ** The protocol withstands adaptive corruption of signatories....

2021/004 (PDF) Last updated: 2021-02-16
LLMonPro: Low-Latency Montgomery Modular Multiplication Suitable for Verifiable Delay Functions
Ismail San
Implementation

This study presents a method to perform low-latency modular multiplication operation based on both Montgomery and Ozturk methods. The design space exploration of the proposed method on a latest FPGA device is also given. Through series of experiments on the FPGA using an high-level synthesis tool, optimal parameter selection of the proposed method for the low-latency constraint is also presented for the proposed technique.

2020/1374 (PDF) Last updated: 2022-07-20
ELM : A Low-Latency and Scalable Memory Encryption Scheme
Akiko Inoue, Kazuhiko Minematsu, Maya Oda, Rei Ueno, Naofumi Homma
Secret-key cryptography

Memory encryption with an authentication tree has received significant attentions due to the increasing threats of active attacks and the widespread use of non-volatile memories. It is also gradually deployed to real-world systems, as shown by SGX available in Intel processors. The topic of memory encryption has been recently extensively studied, most actively from the viewpoint of system architecture. In this paper, we study the topic from the viewpoint of provable secure symmetric-key...

2020/1269 (PDF) Last updated: 2020-11-10
PRINCEv2 - More Security for (Almost) No Overhead
Dušan Božilov, Maria Eichlseder, Miroslav Kneževic, Baptiste Lambin, Gregor Leander, Thorben Moos, Ventzislav Nikov, Shahram Rasoolzadeh, Yosuke Todo, Friedrich Wiemer
Secret-key cryptography

In this work, we propose tweaks to the PRINCE block cipher that help us to increase its security without changing the number of rounds or round operations. We get substantially higher security for the same complexity. From an implementation perspective, PRINCEv2 comes at an extremely low overhead compared to PRINCE in all key categories, such as area, latency and energy. We expect, as it is already the case for PRINCE, that the new cipher PRINCEv2 will be deployed in various settings.

2020/1125 (PDF) Last updated: 2021-08-04
High-Speed FPGA Implementation of SIKE Based on An Ultra-Low-Latency Modular Multiplier
Jing Tian, Bo Wu, Zhongfeng Wang
Implementation

The supersingular isogeny key encapsulation (SIKE) protocol, as one of the post-quantum protocol candidates, is widely regarded as the best alternative for curve-based cryptography. However, the long latency, caused by the serial large-degree isogeny computation which is dominated by modular multiplications, has made it less competitive than most popular post-quantum candidates. In this paper, we propose a high-speed and low-latency architecture for our recently presented optimized SIKE...

2020/492 (PDF) Last updated: 2021-10-21
UC Non-Interactive, Proactive, Threshold ECDSA
Ran Canetti, Nikolaos Makriyannis, Udi Peled
Cryptographic protocols

Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS ’18), we present a threshold ECDSA protocol, for any number of signatories and any threshold, that improves as follows over the state of the art: * Signature generation takes only 4 rounds (down from the current 8 rounds), with a comparable computational cost. Furthermore, 3 of these rounds can take place in a preprocessing stage before the signed message is known, lending to a non-interactive threshold ECDSA protocol. *...

2020/480 (PDF) Last updated: 2020-09-18
Low-Latency ASIC Algorithms of Modular Squaring of Large Integers for VDF Evaluation
Ahmet Can Mert, Erdinc Ozturk, Erkay Savas
Implementation

This study is an attempt in quest of the fastest hardware algorithms for the computation of the evaluation component of verifiable delay functions (VDFs), $a^{2^T} \bmod N$, proposed for use in various distributed protocols, in which no party is assumed to compute it significantly faster than other participants. To this end, we propose a class of modular squaring algorithms suitable for low-latency ASIC implementations. The proposed algorithms aim to achieve highest levels of parallelization...

2020/463 (PDF) Last updated: 2021-12-24
Leia: A Lightweight Cryptographic Neural Network Inference System at the Edge
Xiaoning Liu, Bang Wu, Xingliang Yuan, Xun Yi
Applications

The advances in machine learning have revealed its great potential for emerging mobile applications such as face recognition and voice assistant. Models trained via a Neural Network (NN) can offer accurate and efficient inference services for mobile users. Unfortunately, the current deployment of such service encounters privacy concerns. Directly offloading the model to the mobile device violates model privacy of the model owner, while feeding user input to the service compromises user...

2020/178 (PDF) Last updated: 2020-02-14
A >100 Gbps Inline AES-GCM Hardware Engine and Protected DMA Transfers between SGX Enclave and FPGA Accelerator Device
Santosh Ghosh, Luis S Kida, Soham Jayesh Desai, Reshma Lal
Implementation

This paper proposes a method to protect DMA data transfer that can be used to offload computation to an accelerator. The proposal minimizes changes in the hardware platform and to the application and SW stack. The paper de-scribes the end-to-end scheme to protect communication between an appli-cation running inside a SGX enclave and a FPGA accelerator optimized for bandwidth and latency and details the implementation of AES-GCM hard-ware engines with high bandwidth and low latency.

2020/173 (PDF) Last updated: 2021-01-27
Securing Proof-of-Work Ledgers via Checkpointing
Dimitris Karakostas, Aggelos Kiayias
Cryptographic protocols

Our work explores mechanisms that secure a distributed ledger in the presence of adversarial mining majorities. Distributed ledgers based on the Proof-of-Work (PoW) paradigm are typically most vulnerable when mining participation is low. During these periods an attacker can mount devastating attacks, such as double spending or censorship of transactions. We put forth the first rigorous study of checkpointing as a mechanism to protect distributed ledgers from such 51% attacks. The core idea...

2020/155 (PDF) Last updated: 2020-03-18
Low Latency Privacy-preserving Outsourcing of Deep Neural Network Inference
Yifan Tian, Laurent Njilla, Jiawei Yuan, Shucheng Yu

Efficiently supporting inference tasks of deep neural network (DNN) on the resource-constrained Internet of Things (IoT) devices has been an outstanding challenge for emerging smart systems. To mitigate the burden on IoT devices, one prevalent solution is to outsource DNN inference tasks to the public cloud. However, this type of ``cloud-backed" solutions can cause privacy breach since the outsourced data may contain sensitive information. For privacy protection, the research community has...

2020/051 (PDF) Last updated: 2020-01-17
Low-Latency Hardware Masking with Application to AES
Pascal Sasdrich, Begül Bilgin, Michael Hutter, Mark Marson
Implementation

During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the...

2020/030 (PDF) Last updated: 2021-02-17
K-Cipher: A Low Latency, Bit Length Parameterizable Cipher
Michael Kounavis, Sergej Deutsch, Santosh Ghosh, David Durham
Secret-key cryptography

We present the design of a novel low latency, bit length parameterizable cipher, called the ``K-Cipher''. K-Cipher is particularly useful to applications that need to support ultra low latency encryption at arbitrary ciphertext lengths. We can think of a range of networking, gaming and computing applications that may require encrypting data at unusual block lengths for many different reasons, such as to make space for other unencrypted state values. Furthermore, in modern applications,...

2019/883 (PDF) Last updated: 2019-08-01
HoneyBadgerMPC and AsynchroMix: Practical AsynchronousMPC and its Application to Anonymous Communication
Donghang Lu, Thomas Yurek, Samarth Kulshreshtha, Rahul Govind, Rahul Mahadev, Aniket Kate, Andrew Miller
Cryptographic protocols

Multiparty computation as a service (MPSaaS) is a promising approach for building privacy-preserving communication systems.However, in this paper, we argue that existing MPC implementations are inadequate for this application as they do not address fairness, let alone robustness. Even a single malicious server can cause the protocol to abort while seeing the output for itself, which in the context of an anonymous communication service would create a vulnerability to censorship and...

2019/827 (PDF) Last updated: 2020-02-06
k-root-n: An efficient algorithm for avoiding short term double-spending alongside distributed ledger technologies such as blockchain
Zvi Schreiber
Applications

Blockchains such as the bitcoin blockchain depend on reaching a global consensus on the distributed ledger; therefore, they suffer from well know scalability problems. This paper proposes an algorithm that avoids double-spending in the short term with just O(√n) messages instead of O(n); each node receiving money off-chain performs the due diligence of consulting k√n random nodes to check if any of them is aware of double-spending. Two nodes receiving double-spent money will in...

2019/826 (PDF) Last updated: 2019-07-17
Modular Multiplication Algorithm Suitable For Low-Latency Circuit Implementations
Erdinç Öztürk
Implementation

Modular multiplication is one of the most compute-intensive arithmetic operations. Most public-key cryptosytems utilize modular multiplications of integers of various lengths, depending on security requirements. Efficient algorithms and implementations are required to realize a practical public-key cryptosystem. Different parameters, such as area, power and time, can be optimized for different implementation requirements. Low latency was not as important as high throughput requirement for...

2019/433 (PDF) Last updated: 2022-01-09
Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) versus QUIC
Shan Chen, Samuel Jero, Matthew Jagielski, Alexandra Boldyreva, Cristina Nita-Rotaru
Cryptographic protocols

Secure channel establishment protocols such as Transport Layer Security (TLS) are some of the most important cryptographic protocols, enabling the encryption of Internet traffic. Reducing latency (the number of interactions between parties before encrypted data can be transmitted) in such protocols has become an important design goal to improve user experience. The most important protocols addressing this goal are TLS 1.3, the latest TLS version standardized in 2018 to replace the widely...

2019/116 (PDF) Last updated: 2019-09-12
Multi-Key Homomophic Encryption from TFHE
Hao Chen, Ilaria Chillotti, Yongsoo Song
Public-key cryptography

In this paper, we propose a Multi-Key Homomorphic Encryption (MKHE) scheme by generalizing the low-latency homomorphic encryption by Chillotti et al. (ASIACRYPT 2016). Our scheme can evaluate a binary gate on ciphertexts encrypted under different keys followed by a bootstrapping. The biggest challenge to meeting the goal is to design a multiplication between a bootstrapping key of a single party and a multi-key RLWE ciphertext. We propose two different algorithms for this hybrid product....

2019/107 (PDF) Last updated: 2019-02-05
Constructing Low-latency Involutory MDS Matrices with Lightweight Circuit
Shun Li, Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu
Secret-key cryptography

MDS matrices are important building blocks providing diffusion functionality for the design of many symmetric-key primitives. In recent years, continuous efforts are made on the construction of MDS matrices with small area footprints in the context of lightweight cryptography. Just recently, Duval and Leurent (ToSC 2018/FSE 2019) reported some $32 \times 32$ binary MDS matrices with branch number 5, which can be implemented with only 67 XOR gates, whereas the previously known lightest ones...

2018/1246 (PDF) Last updated: 2019-01-03
Senopra: Reconciling Data Privacy and Utility via Attested Smart Contract Execution
Dat Le Tien, Frank Eliassen
Implementation

The abundance of smart devices and sensors has given rise to an unprecedented large-scale data collection. While this benefits various data-driven application domains, it raises numerous security and privacy concerns. In particular, recent high-profile data breach incidents demonstrate security dangers and single point vulnerability of multiple systems. Moreover, even if the data is properly protected at rest (i.e., during storage), data confidentiality may still be compromised once it is...

2018/1112 (PDF) Last updated: 2018-11-19
DEXON: A Highly Scalable, Decentralized DAG-Based Consensus Algorithm
Tai-Yuan Chen, Wei-Ning Huang, Po-Chun Kuo, Hao Chung, Tzu-Wei Chao
Cryptographic protocols

A blockchain system is a replicated state machine that must be fault tolerant. When designing a blockchain system, there is usually a trade-off between decentralization, scalability, and security. In this paper, we propose a novel blockchain system, DEXON, which achieves high scalability while remaining decentralized and robust in the real-world environment. We have two main contributions. First, we present a highly scalable sharding framework for blockchain. This framework takes an...

2018/1062 (PDF) Last updated: 2018-11-09
DAGsim: Simulation of DAG-based distributed ledger protocols
Manuel Zander, Tom Waite, Dominik Harz
Applications

Scalability of distributed ledgers is a key adoption factor. As an alternative to blockchain-based protocols, directed acyclic graph (DAG) protocols are proposed with the intention to allow a higher volume of transactions to be processed. However, there is still limited understanding of the behaviour and security considerations of DAG-based systems. We present an asynchronous, continuous time, and multi-agent simulation framework for DAG-based cryptocurrencies. We model honest and...

2018/922 (PDF) Last updated: 2018-10-02
Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications
Dušan Božilov, Miroslav Knežević, Ventzislav Nikov

Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In the original version of TI, the number of input shares was dependent on both security order $d$ and algebraic degree of a function $t$, namely $td + 1$. At CRYPTO 2015, a new method was presented yielding to a $d$-th order secure implementation using $d+1$ input shares. In this work, we first provide a construction for $d+1$ TI sharing which...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.