Implementation Of Cryptosystem Research Articles

RegKey: A Register-based Implementation of ECC Signature Algorithms Against One-shot Memory Disclosure

To ensure the security of cryptographic algorithm implementations, several cryptographic key protection schemes have been proposed to prevent various memory disclosure attacks. Among them, the register-based solutions do not rely on special hardware features and offer better applicability. However, due to the size limitation of register resources, the performance of register-based solutions is much worse than conventional cryptosystem implementations without security enhancements. This paper presents RegKey, an efficient register-based implementation of ECC (elliptic curve cryptography) signature algorithms. Different from other schemes that protect the whole cryptographic operations, RegKey only uses CPU registers to execute simple but critical operations, significantly reducing the usage of register resources and performance overheads. To achieve this goal, RegKey splits the ECC signing into two parts, (1) complex elliptic curve group operations on non-sensitive data in main memory as normal implementations, and (2) simple prime field operations on sensitive data inside CPU registers. RegKey guarantees the plaintext private key and random number used for signing only appear in registers to effectively resist one-shot memory disclosure attacks such as cold-boot attacks and warm-boot attacks, which are usually launched by physically accessing the victim machine to acquire partial or even entire memory data but only once. Compared with existing cryptographic key protection schemes, the performance of RegKey is greatly improved. Regkey is applicable to different platforms because it does not rely on special CPU hardware features. Since RegKey focuses on one-shot memory disclosure instead of persistent software-based attacks, it works as a choice suitable for embedded devices or offline machines where physical attacks are the main threat.

Lattice attacks on pairing-based signatures

ABSTRACT Practical implementations of cryptosystems often suffer from critical information leakage through side-channels (such as their power consumption or their electromagnetic emanations). For public-key cryptography on embedded systems, the core operation is usually group exponentiation – or scalar multiplication on elliptic curves – which is a sequence of group operations derived from the private-key that may reveal secret bits to an attacker (on an unprotected implementation). We present lattice-based polynomial-time (heuristic) algorithms that recover the signer’s secret in popular pairing-based signatures when used to sign several messages under the assumption that blocks of consecutive bits of the corresponding exponents are known by the attacker. Our techniques rely upon Coppersmith's method and apply to many signatures in the so-called exponent-inversion framework in the standard security model (i.e. Boneh-Boyen, Gentry and Pontcheval-Sanders signatures) as well as in the random oracle model (i.e. Sakai-Kasahara signatures).

Igh-speed Multiplier of Numbers Module for Public Key Cryptosystems

The features of the implementation of asymmetric cryptosystems and the need to implement them in hardware are considered. Based on the data encryption and decryption algorithm, the digital blocks are listed, where the basic operations of raising and multiplying numbers module are done. Various approaches to multiplying multi-digit numbers module are considered. A method of multiplying multi-digit numbers module is proposed. In each step, the multiplier is shifted to certain discharge in the direction of higher one with further reduction on the module. For this purpose, partial and intermediate residue formers, a multiplier of two bits of the multiplier for partial residues are introduced into the composition of the device. The advantage of this method is that there is no need for a preliminary calculation and the intermediate results of the calculation do not go beyond the bit grid of the module. In conclusion there is given an example for multiplying numbers module, where two digits of multiplier are analyzed on each step of the multiplier

Development of pipelined polynomial multiplier modulo irreducible polynomials for cryptosystems

In this paper, we consider a schematic solution of the pipeline multiplier modulo, where multiplication begins with the analysis of the lowest order of the polynomial multiplier, which can serve as an operating unit for high-speed encryption and decryption of data by hardware implementation of cryptosystems based on a non-positional polynomial notation. The functional diagram of the pipeline and the structure of its logical blocks, as well as an example of performing the operation of multiplying polynomials modulo, are given. The correct functioning of the developed circuit was checked by modeling in the Vivado Design Suite computer-aided design for the implementation of the multiplication device on the development/evaluation kit Artix-7 based on the Spartan 6 field-programmable gate array series by Xilinx. The effectiveness of the proposed hardware pipeline multiplier in modulo is confirmed by the Verilog Testbench timing diagram implemented for the evaluation kit Artix-7 field-programmable gate array. In addition, the developed pipelined modulo multiplier takes no more than 0.02 % of the resources of the used field-programmable gate array for a given length of input data. Compared to the matrix multiplication method, a pipelined modulo multiplier can handle a large data stream without waiting for the result of the previous multiplication step. The modulo pipelined multiplier depth depends on the bit width of the input data. The developed pipeline device can be used in digital computing devices operating in a polynomial system of residue classes, as well as for high-speed data encryption in blocks of cipher processors operating on the basis of a non-positional polynomial number system.

Secure Chaff-less Fuzzy Vault for Face Identification Systems

Biometric cryptosystems such as fuzzy vaults represent one of the most popular approaches for secret and biometric template protection. However, they are solely designed for biometric verification, where the user is required to input both identity credentials and biometrics. Several practical questions related to the implementation of biometric cryptosystems remain open, especially in regard to biometric template protection. In this article, we propose a face cryptosystem for identification (FCI) in which only biometric input is needed. Our FCI is composed of a one-to-N search subsystem for template protection and a one-to-one match chaff-less fuzzy vault (CFV) subsystem for secret protection. The first subsystem stores N facial features, which are protected by index-of-maximum (IoM) hashing, enhanced by a fusion module for search accuracy. When a face image of the user is presented, the subsystem returns the top k matching scores and activates the corresponding vaults in the CFV subsystem. Then, one-to-one matching is applied to the k vaults based on the probe face, and the identifier or secret associated with the user is retrieved from the correct matched vault. We demonstrate that coupling between the IoM hashing and the CFV resolves several practical issues related to fuzzy vault schemes. The FCI system is evaluated on three large-scale public unconstrained face datasets (LFW, VGG2, and IJB-C) in terms of its accuracy, computation cost, template protection criteria, and security.

Implementation of hybrid cryptosystem using Rabin-p algorithm and One Time Pad to secure images

Cryptography is a study of mathematical techniques to secure messages by encoding the messages so it cannot be read by a third party. There are two types of algorithms in cryptography, symmetric algorithm and asymmetric algorithm. Asymmetric algorithms, such as Rabin-p cryptosystem, are known to be secure if the key sizes are long enough. However, asymmetric algorithms are ineffective to encrypt large data since the calculations consume CPU time and the resulting ciphertext is multiple times bigger than the original data. In this research, we combine Rabin-p cryptosystem and One Time Pad (OTP) in a hybrid scheme to solve this problem. The OTP is used to encrypt the data (images) and Rabin-p algorithm is used to encrypt the OTP key. In this research, we demonstrate how to secure a *.bmp file with this hybrid scheme.

An implementation of Rabin-p cryptosystem and affine cipher in a hybrid scheme to secure text

One way to keep digital information secure is by using cryptographic techniques. With respect to its keys, cryptography generally is divided into two types: symmetric and asymmetric. Symmetric cryptography algorithm uses the same key in both encryption and decryption while asymmetric uses different keys for each of these processes. Asymmetric cryptography algorithm is known to be ineffective to encrypt big messages since it takes more CPU time to do the computation and the resulting ciphertext is usually much bigger than the original message. To eliminate these problems, in this research, we combine Rabin-p cryptosystem, an asymmetric cryptography algorithm, and affine cipher, a symmetric cryptography algorithm, in a hybrid scheme in order to secure messages from unwanted parties. The affine cipher is used for message encryption while Rabin-p is used for affine cipher’s key encryption. The result of this research is a hybrid cryptography scheme that can encrypt and decrypt message in the form of *.pdf files and be able to restore the message without losing integrity.

Novel fault attack resistant architecture for elliptic curve cryptography

Abstract Hardware implementations of cryptosystems are susceptible to fault attacks. By analyzing the side channel information from implementation, the attacker can retrieve the secret information. Generally, in the hardware implementations, validations of results are reported at the end of the computation. If faults are injected at the input side of computation, all the computations performed afterward are wasteful and this is a potential situation which can leak the secret key information using side channel attacks. The current work proposes fault attack resistant implementation of an elliptic curve cryptosystem using a shared point validator unit, zero-one detector, and double coherence check by modified Montgomery Powering Ladder Algorithm. The architecture is robust to fault attacks along with power and area efficiency.

Keep it Unsupervised: Horizontal Attacks Meet Deep Learning

To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a “scalar blinding” is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct private keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of wrong bits from randomized scalars (or exponents).When a simple horizontal attack can recover around 52% of attacked multiple private key bits, the proposed iterative framework improves the private key accuracy to above 90% on average and to 100% for at least one of the attacked keys. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.

Systematic Side-Channel Analysis of Curve25519 with Machine Learning

Profiling attacks, especially those based on machine learning, proved to be very successful techniques in recent years when considering the side-channel analysis of symmetric-key crypto implementations. At the same time, the results for implementations of asymmetric-key cryptosystems are very sparse. This paper considers several machine learning techniques to mount side-channel attacks on two implementations of scalar multiplication on the elliptic curve Curve25519. The first implementation follows the baseline implementation with complete formulae as used for EdDSA in WolfSSl, where we exploit power consumption as a side-channel. The second implementation features several countermeasures, and in this case, we analyze electromagnetic emanations to find side-channel leakage. Most techniques considered in this work result in potent attacks, and especially the method of choice appears to be convolutional neural networks (CNNs), which can break the first implementation with only a single measurement in the attack phase. The same convolutional neural network demonstrated excellent performance for attacking AES cipher implementations. Our results show that some common grounds can be established when using deep learning for profiling attacks on very different cryptographic algorithms and their corresponding implementations.

Chaos-based Cryptography: A Brief Look Into An Alternate Approach to Data Security

The present scale of computing inevitably demanded increased level of data security, which is the concern of cryptography. Security of the cipher depends on the strength of the key and the algorithm used to generate the keys. Many modern cryptographic algorithms are based on Number Theory, but in recent years an alternative approach has been studied which is based on Chaos Theory. Many properties of chaotic systems such as nonlinearity, randomness, and sensitivity to initial conditions bear resemblance to those required by cryptography such as diffusion and confusion. Implementations of chaos-based cryptosystems have been proposed by other researchers and yet the strength of these systems from a cryptographic point of view has not been thoroughly considered. This paper discusses the appeal of chaos-based cryptography, some of the researches already done, and the challenges that this approach faces to be established as a fully secure method for data security.

A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices

Distributed embedded devices are widely used in sensor networks and the Internet of Things for gathering and sending data. Many of them are deployed in an unattended manner (e.g., sensor nodes and tag readers), while others may be easily lost (e.g., smart wristbands and watches). These distributed embedded devices could be potentially captured and accessed in an unauthorized manner due to their physical natures. From a security perspective, they are typically working in the white-box attack context, where adversaries have total visibility on the implementations of built-in cryptosystems and full control over their execution processes. It is undoubtedly a significant challenge to deal with white-box attacks on these devices. Existing encryption algorithms for white-box attack contexts require large memory footprint and thus are not suitable for resource- constrained embedded devices. To address this challenge, we propose a novel light-weight encryption scheme for protecting data confidentiality. The encryption is conducted with specialized secret components, and the encryption algorithm requires a small volume of static data for storing critical information. In addition, this scheme uniquely supports efficient key-updating at very small cost. The security and the cost of the proposed scheme have been theoretically analyzed with positive results, and the extensive experimental evaluations indicate that the new scheme satisfies the requirements of distributed embedded devices in terms of limited memory usage and low computational cost.

Cache-Timing Attacks on RSA Key Generation

During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL’s constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag. In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal. Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state. Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to: (1) granularity issues due to word-size operands to the GCD function; (2) bulk processing of desynchronized trace data; (3) non-trivial error rate during information extraction; and (4) limited high-confidence information on the modulus factors. Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 27% success rate for key recovery using the empirical data from 10K trials.

Криптосистема Рабіна на основі операції додавання

The paper presents the theoretical backgrounds of the Rabin's cryptosystem using only on the addition operation in virtue of reducing the time complexity of the encryption / decryption process of information flows. The proposed approach allows to increase the dimension of the input parameters to improve stability without loss of performance. An example of application of the proposed implementation of Rabin's cryptosystem is presented

Fast and Area Efficient Implementation of RSA Algorithm

Abstract Efficient hardware implementations of public-key cryptosystems have been gaining interest in the past few decades. To achieve the goal, a high frequency as well as low latency Rivest-Shamir-Adleman (RSA) cryptosystem is reported in this paper. To configure such cryptosystem shift-add multiplier have been re-constructed and binary digit based modular exponentiation circuitry is proposed. Such exponentiation circuitry has been implemented through binary bit distribution technique, where, most significant bit (MSB) has been discarded for the implementation, owing to increase the operating frequency. The functionality of the reported algorithms were justified and compared in Hardware Description Language (HDL), simulated in Modelsim and synthesized in Xilinx ISE 14.2 platform. The proposed hardware implementation of RSA algorithm has a maximum frequency of operation of 545 MHz and 298 MHz for the bit sizes of 8 and 64 respectively. The proposed method shows improvements in terms of speed as well as in number of Look-up-tables (LUTs). Moreover, application-specific integrated circuit (ASIC) implementation of such cryptosystem of RSA was carried out through Encounter® RTL Compiler v11.10-p005_1 of Cadence® tool.

Data Flow Oriented Hardware Design of RNS-based Polynomial Multiplication for SHE Acceleration

This paper presents a hardware implementation of a Residue Polynomial Multiplier (RPM), designed to accelerate the full Residue Number System (RNS) variant of the Fan-Vercauteren scheme proposed by Bajard et al. [BEHZ16]. Our design speeds up polynomial multiplication via a Negative Wrapped Convolution (NWC) which locally computes the required RNS channel dependent twiddle factors. Compared to related works, this design is more versatile regarding the addressable parameter sets for the BFV scheme. This is mainly brought by our proposed twiddle factor generator that makes the design BRAM utilization independent of the RNS basis size, with a negligible communication bandwidth usage for non-payload data. Furthermore, the generalization of a DFT hardware generator is explored in order to generate RNS friendly NTT architectures. This approach helps us to validate our RPM design over parameter sets from the work of Halevi et al. [HPS18]. For the depth-20 setting, we achieve an estimated speed up for the residue polynomial multiplications greater than 76 during ciphertexts multiplication, and greater than 16 during relinearization. It thus results in a single-threaded Mult&Relin ciphertext operation in 109.4 ms (×3.19 faster than [HPS18]) with RPM counting for less than 15% of the new computation time. Our RPM design scales up with reasonable use of hardware resources and realistic bandwidth requirements. It can also be exploited for other RNS based implementations of RLWE cryptosystems.

Implementation of new hybrid lightweight cryptosystem

Embedded systems, Internet of Things (IoT) and mobile computing devices are used in various domains which include public-private infrastructure, industrial installation and critical environment. Generally, information handled by these devices is private and critical. Therefore, it must be appropriately secured from different attacks and hackers. Lightweight cryptography is an aspiring field which investigates the implementation of cryptographic primitives and algorithms for resource constrained devices. In this paper, a new compact hybrid lightweight encryption technique has been proposed. Proposed technique uses the fastest bit permutation instruction PERMS with S-box of PRESENT block cipher for non-linearity. An arbitrary n-bit permutation is performed using PERMS instruction in less than log (n) number of instructions. This new hybrid system has been analyzed for software performance on Advanced RISC Machine (ARM) and Intel processor whereas Cadens tool is used to analyze the hardware performance. The result of the proposed technique is improved by the factor of eight as compared to the PRESENT-GRP hybrid block cipher. Moreover, PERMS instruction bit permutation properties result a very good avalanche effect and compact implementation in the both hardware and software environment.

Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions

In this work, side-channel attacks (SCAs) are considered as a security metric for the implementation of hybrid cryptosystems utilizing the neural network-based Tree Parity Re-Keying Machines (TPM). A virtual study is presented within the MATLAB environment that explores various scenarios in which the TPM may be compromised. Performance metrics are evaluated to model possible embedded system implementations. A new algorithm is proposed and coined as Man-in-the-Middle Power Analysis (MIMPA) as a means to copy the TPM’s generated keys. It is shown how the algorithm can identify vulnerabilities in the physical device in which the cryptosystem is implemented by using its power emissions. Finally, a machine learning approach is used to identify the capabilities of neural networks to recognize properties of keys produced in the TPM as they are transferred to an encryption algorithm. The results show that physical exploits of TPM implementations in embedded systems can be identified and accounted for before a final release. The experiments and data acquisition is demonstrated with an implementation of a TPM-AES hybrid cryptosystem in an AVR microcontroller.

A Black-Box Construction of Strongly Unforgeable Signature Scheme in the Leakage Setting

Traditional cryptography considers the security of cryptosystems when the attackers have no access to the secret key. However, due to the imperfect implementation of cryptosystems, the attackers are able to obtain partial secret state of the systems via side-channel attacks, which are not considered in the traditional security notions of cryptographic primitives, including digital signature, and thus break their security. Leakage-resilient cryptography was then proposed to solve the problem. Recently, Wang et al. showed that any signature scheme can be transformed to a strongly unforgeable one in the leakage setting. However, their transformation requires to change the key pair of the scheme. In this paper, we present a key-modification-free solution in both the bounded leakage model and the auxiliary input model. Specifically, we propose a black-box construction of strongly unforgeable signature scheme in the leakage setting, and show that if the underlying building blocks are leakage-resilient, so is the resulting scheme.

Implementation of Hybrid Cryptosystem using AES-256 and SHA-2 256 by LabVIEW

Implementation of Hybrid Cryptosystem using AES-256 and SHA-2 256 by LabVIEW