Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Chaohui Du,Guoqiang Bai,Hongyi Chen

DOI: https://doi.org/10.1109/trustcom.2015.510

2015-01-01

Abstract:Lattice-based cryptography is considered as a main candidate for post-quantum cryptosystems. Its security is based on worst-case computational assumptions in lattices that remain hard even for quantum computers. In this paper, we present an efficient software implementation of lattice based Ring-LWE public key encryption scheme, which optimizes the two basic building blocks: multiplication over polynomial rings and discrete Gaussian sampling. We exploit the number theoretic transform (NTT) to speed up polynomial multiplication over rings and propose an optimized single instruction multiple data (SIMD) based implementation of NTT. It takes 1965/4411 clock cycles to perform a transform with 256/512 elements. Our implementation can save about 75% memory accesses and more than 51% modulo q operations during NTT computation. On the other hand, we propose an efficient implementation of high precision discrete Gaussian sampler, which is based on the inverse of the cumulative distribution function. Our implementation has maximum statistical distance of 2-90 to a theoretical discrete Gaussian distribution. It takes on average 15.4 ns and 9.5 uniformly random bits to generate a Gaussian sample. With these optimizations, our implementation of the public key encryption scheme performs encryption/decryption operations in 15.88/2.37 μs for medium security and 31.30/4.59 μs for high security on one core of an Intel Core i7-4771 processor. Its throughput is higher than the existing software implementation by about two orders of magnitude, and it is even higher than all the hardware implementations.

Albrecht Petzoldt,Jintai Ding,Lih-chung Wang

2016-01-01

Abstract:The SimpleMatrix encryption scheme as proposed by Tao et al. [16] is one of the very few existing approaches to create a secure and efficient encryption scheme on the basis of multivariate polynomials. However, in its basic version, decryption failures occur with non-negligible probability. Although this problem has been addressed in several papers [5,17], a general solution to it is still missing. In this paper we propose an improved version of the SimpleMatrix scheme, which eliminates decryption failures completely and therefore solves the biggest problem of the SimpleMatrix encryption scheme. Additionally, we propose a second version of the scheme, which reduces the blow-up factor between plain and ciphertext size to a value arbitrary close to 1.

Chengdong Tao,Adama Diene,Shaohua Tang,Jintai Ding

DOI: https://doi.org/10.1007/978-3-642-38616-9_16

2013-01-01

Abstract:There are several attempts to build asymmetric pubic key encryption schemes based on multivariate polynomials of degree two over a finite field. However, most of them are insecure. The common defect in many of them comes from the fact that certain quadratic forms associated with their central maps have low rank, which makes them vulnerable to the MinRank attack. We propose a new simple and efficient multivariate pubic key encryption scheme based on matrix multiplication, which does not have such a low rank property. The new scheme will be called Simple Matrix Scheme or ABC in short. We also propose some parameters for practical and secure implementation.

Zhe Liu,Reza Azarderakhsh,Howon Kim,Hwajeong Seo

DOI: https://doi.org/10.1007/978-3-319-62024-4_6

2017-01-01

Abstract:ARM NEON architecture has occupied a significant share of high-end Internet of Things platforms such as mini computer, tablet and smartphone markets due to its low cost and high performance. This paper studies efficient techniques of lattice-based cryptography on ARM processor and presents the first implementation of ring-LWE encryption on ARM NEON architecture. We propose a vectorized version of Iterative Number Theoretic Transform (NTT) for high-speed computation and present a 32-bit variant of SAMS2 technique, original from Liu et al. in CHES2015, for fast reduction. Subsequently, we present a full-fledged implementation of Ring-LWE by taking advantage of proposed and previous optimization techniques. Ultimately, our ring-LWE implementation requires only 145 k clock cycles for encryption and 32.8 k cycles for decryption for $$n=256$$. These results are more than 17.6 times faster than the fastest ECC implementation on ARM NEON with same security level.

Jintai Ding,Albrecht Petzoldt,Lih-chung Wang

DOI: https://doi.org/10.1007/978-3-319-11659-4_5

2014-01-01

Abstract:In this paper, we propose an improved version of the Simple Matrix encryption scheme of PQCrypto2013. The main goal of our construction is to build a system with even stronger security claims. By using square matrices with random quadratic polynomials, we can claim that breaking the system using algebraic attacks is at least as hard as solving a set of random quadratic equations. Furthermore, due to the use of random polynomials in the matrix A, Rank attacks against our scheme are not feasible.

Anna Inn-Tung Chen,Ming-Shing Chen,Tien-Ren Chen,Chen-Mou Cheng,Jintai Ding,Eric Li-Hsiang Kuo,Frost Yu-Shuang Lee,Bo-Yin Yang

DOI: https://doi.org/10.1007/978-3-642-04138-9_3

2009-01-01

Abstract:Multivariate Public Key Cryptosystems (MPKCs) are often touted as future-proofing against Quantum Computers. It also has been known for efficiency compared to "traditional" alternatives. However, this advantage seems to erode with the increase of arithmetic resources in modern CPUs and improved algorithms, especially with respect to Elliptic Curve Cryptography (ECC). In this paper, we show that hardware advances do not just favor ECC. Modern commodity CPUs also have many small integer arithmetic/logic resources, embodied by SSE2 or other vector instruction sets, that are useful for MPKCs. In particular, Intel's SSSE3 instructions can speed up both public and private maps over prior software implementations of Rainbow-type systems up to 4×. Furthermore, MPKCs over fields of relatively small odd prime characteristics can exploit SSE2 instructions, supported by most modern 64-bit Intel and AMD CPUs. For example, Rainbow over ${\mathbb F}_{31}$ can be up to 2× faster than prior implementations of similarly-sized systems over ${\mathbb F}_{16}$. Here a key advance is in using Wiedemann (as opposed to Gauss) solvers to invert the small linear systems in the central maps. We explain the techniques and design choices in implementing our chosen MPKC instances over fields such as ${\mathbb F}_{31}$, ${\mathbb F}_{16}$ and ${\mathbb F}_{256}$. We believe that our results can easily carry over to modern FPGAs, which often contain a large number of small multipliers, usable by odd-field MPKCs.

Houzhen Wang,Huanguo Zhang,Shaohua Tang

DOI: https://doi.org/10.1049/iet-ifs.2015.0183

2015-01-01

IET Information Security

Abstract:Eight years ago, Pei et al. described a matrix public-key encryption scheme based on the matrix factorisation over a finite field. Recently, Gu and Zheng also proposed a similar scheme based on the non-abelian factorisation assumption. The security of these schemes is essentially based on a two-side matrices exponentiation (TSME) problem. In this study, the authors show that the TSME problem is susceptible to a very efficient linearisation equations attack. Regardless of the public key parameters, the authors can easily find an equivalent key only in polynomial time O(2n(5)(log n +1)) from the public key alone, and thus it is very practical and can be implemented within less than 1/20 of a second on the recommended system parameters of the schemes.

Zhe Liu,Reza Azarderakhsh,Howon Kim,Hwajeong Seo

DOI: https://doi.org/10.1109/tc.2017.2750146

IF: 3.183

2020-10-01

IEEE Transactions on Computers

Abstract:Embedded processors have been widely used for building up Internet of Things (IoT) platforms, in which the security issue is becoming critical. This paper studies efficient techniques of lattice-based cryptography on these processors and presents the first implementation of ring-LWE encryption on ARM NEON and MSP430 architectures. For ARM NEON architecture, we propose a vectorized version of Iterative Number Theoretic Transform (NTT) for high-speed computation of polynomial multiplication on ARM NEON platforms and a 32-bit variant of SAMS2 technique for fast reduction. For MSP430 architecture, we propose an optimized SWAMS2 reduction technique, which consists of five different basic operations, including Shifting, Swapping, Addition, and two Multiplication-Subtractions. Regarding of the sampling from the discrete Gaussian distribution, we adopt Knuth-Yao sampler, accompanied with optimized methods such as Look-Up Table (LUT) and byte-scanning. Subsequently, a full-fledged implementation of Ring-LWE is presented by both taking advantage of our proposed method and previous optimization techniques re-designed for desired platforms. Our ring-LWE implementation of encryption/decryption at a classical security level of 128 bits requires only $149.4k/32.8k$149.4k/32.8k clock cycles on ARM NEON, and $2126.3k/244.5k$2126.3k/244.5k clock cycles on MSP430. These results are roughly 7 times faster than the fastest ECC implementation on desired platforms with same security level.

engineering, electrical & electronic,computer science, hardware & architecture

JianWei Liu,DongXu Cheng,ZhenYu Guan,Ziyu Wang

DOI: https://doi.org/10.1109/iisr.2018.8535680

2018-01-01

Abstract:With the rapid development of cloud computing, e-commerce, authentication among multi-robot systems, the highspeed implementation of Elliptic Curve Cryptography (ECC) is in widespread use. The performance of ECC is decided by the design of scalar point multiplier, which is one of the most time-consuming component. This paper presents a full set of methods to achieve an ultra high-speed scalar point multiplier, its Scalar Point Multiplication (SPM) is optimized comprehensively in terms of speed-first design approach by concurrently implementing the Point-add (PA) and Point-double (PD) algorithms, improving large integer modular inversion algorithm and large integer modular multiplication algorithm. Finally, Montgomery domain operation and Non-Adjacent Form (NAF) encoding theory are applied to enhance the speed of scalar point multiplier. In the VLSI design, a high-speed $\pmb{256\times 256}$ -bit scalar point multiplier is achieved based on SMIC's 65nm process. It can complete single calculation of SPM within 12.5us on average, in other word, 80,000 times of SPM can be computed in one second. Compared to the scalar point multiplier realized by other publications based on VLSI, the reports for circuits synthesis show that our multiplier is optimal in terms of $AT^{2}$ and ultrafast in terms of speed.

Ran Duan,Hongxun Wu,Renfei Zhou

DOI: https://doi.org/10.1109/focs57990.2023.00130

2023-01-01

Abstract:Fast matrix multiplication is one of the most fundamental problems in algorithm research. The exponent of the optimal time complexity of matrix multiplication is usually denoted by $\omega$. This paper discusses new ideas for improving the laser method for fast matrix multiplication. We observe that the analysis of higher powers of the Coppersmith-Winograd tensor [Coppersmith & Winograd 1990] incurs a “combination loss”, and we partially compensate for it using an asymmetric version of CW’s hashing method. By analyzing the eighth power of the CW tensor, we give a new bound of $\omega/\lt2.371866$, which improves the previous best bound of $\omega/\lt2.372860$ [Alman & Vassilevska Williams 2020]. Our result breaks the lower bound of 2.3725 in [Ambainis, Filmus & Le Gall 2015] because of the new method for analyzing component (constituent) tensors.

Chun Liu,Xuexian Hu,Xiaofeng Chen,Jianghong Wei,Wenfen Liu

DOI: https://doi.org/10.48550/arXiv.2105.05525

2021-05-12

Abstract:As one of the most important basic operations, matrix multiplication computation (MMC) has varieties of applications in the scientific and engineering community such as linear regression, k-nearest neighbor classification and biometric identification. However handling these tasks with large-scale datasets will lead to huge computation beyond resource-constrained client s computation power. With the rapid development of cloud computing, outsourcing intensive tasks to cloud server has become a promising method. While the cloud server is generally out of the control of clients, there are still many challenges concerned with the privacy security of clients sensitive data. Motivated by this, Lei et al. presented an efficient encryption scheme based on random permutation to protect the privacy of client s data in outsourcing MMC task. Nevertheless, there exists inherent security flaws in their scheme, revealing the statistic information of zero elements in the original data thus not satisfying the computational indistinguishability (IND-ZEA). Aiming to enhance the security of the outsourcing MMC task, we propose a new encryption scheme based on subtly designed invertible matrix where the additive perturbation is introduced besides the multiplicative perturbation. Furthermore, we show that the proposed encryption scheme can be applied to not only MMC task but also other kinds of outsourced tasks such as linear regression and principal component analysis. Theoretical analyses and experiments indicate that our methods are more secure in terms of data privacy, with comparable performance to the state-of-the-art scheme based on matrix transformation.

Cryptography and Security

Chengdong Tao,Hong Xiang,Albrecht Petzoldt,Jintai Ding

DOI: https://doi.org/10.1016/j.ffa.2015.06.001

IF: 1.655

2015-01-01

Finite Fields and Their Applications

Abstract:Multivariate cryptography is one of the main candidates to guarantee the security of communication in the presence of quantum computers. While there exist a large number of secure and efficient multivariate signature schemes, the number of practical multivariate encryption schemes is somewhat limited. In this paper we present our results on creating a new multivariate encryption scheme, which is an extension of the original Simple Matrix encryption scheme of PQCrypto 2013. Our scheme allows fast en- and decryption and resists all known attacks against multivariate cryptosystems. Furthermore, we present a new idea to solve the decryption failure problem of the original Simple Matrix encryption scheme. (C) 2015 Elsevier Inc. All rights reserved.

LI Ming,WU Dan,DAI Kui,ZOU Xue-cheng

2011-01-01

Abstract:In this paper,an effective strategy of point multiplication scheduling and an improved algorithm of dual-field high radix Montgomery modular multiplication are proposed.Based on them,a new high-performance scalable public-key cipher coprocessor architecture for RSA and ECC computing acceleration is designed,which is implemented using the 0.18μm 1P6M standard CMOS technology.The coprocessor has strong scalability and flexibility,which can support the modular exponentiation up to 2048 bit and the dual-field elliptic curve scalar multiplication up to 576 bit by enlarging the high-speed memory on chip and using the radix-length as processing base.The measured result shows that the coprocessor chip has high performance for accelerating the computation of RSA and ECC and can perform one 1024-bit modular exponentiation only in 197μs,one the prime field 192-bit scalar multiplication only in 225μs and the binary field 163-bit scalar multiplication only in 200.7μs.

Ruolin Zhang,Zejun Xiang,Shasha Zhang,Xiangyong Zeng,Min Song

DOI: https://doi.org/10.1049/2024/7047055

2024-06-25

IET Information Security

Abstract:The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called "split‐and‐join" and "off‐peak and stagger" to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the "off‐peak and stagger" technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

computer science, information systems, theory & methods

Renfeng Dou,Jun Han,Yifan Bo,Zhiyi Yu,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tvlsi.2013.2294339

2014-11-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:The modular multiplication (MM) is a key operation in cryptographic algorithms, such as RSA and elliptic-curve cryptography. Multicore processor is a suitable platform to implement MM because of its flexibility, high performance, and energy-efficiency. In this paper, we propose a block-level parallel algorithm for MM with quotient pipelining and optimally map it on a network-on-chip-based multicore platform equipped with broadcasting mechanism. Aiming at highest performance, a theoretical speedup model for parallel MM is also developed for parameter exploration that optimizes task partitioning. Experimental results based on a multicore prototype show that compared with the sequential MM on single core, the parallel implementation proposed in this paper maximizes the speedup ratio with regard to given intercore communication latency.

engineering, electrical & electronic,computer science, hardware & architecture

Yang Yang,Zhi Guan,Zhe Liu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-319-21966-0_4

2015-01-01

Abstract:In recent years, memory disclosure attacks, such as cold boot attack and DMA attack, have posed huge threats to cryptographic applications in real world. In this paper, we present a CPU-bounded memory disclosure attacks resistant yet efficient software implementation of elliptic curves cryptography on general purpose processors. Our implementation performs scalar multiplication using CPU registers only in kernel level atomatically to prevent the secret key and intermediate data from leaking into memory. Debug registers are used to hold the private key, and kernel is patched to restrict access to debug registers. We take full advantage of the AVX and CLMUL instruction sets to speed up the implementation. When evaluating the proposed implementation on an Intel i7-2600 processor (at a frequency of 3.4GHz), a full scalar multiplication over binary fields for key length of 163 bits only requires 129 aes, which outperforms the unprotected implementation in the well known OpenSSL library by a factor of 78.0%. Furthermore, our work is also flexible for typical Linux applications. To the best of our knowledge, this is the first practical ECC implementation which is resistant against memory disclosure attacks so far.

Jianyu Huang,Tyler M. Smith,Greg M. Henry,Robert A. van de Geijn

DOI: https://doi.org/10.48550/arXiv.1605.01078

2016-05-04

Abstract:We dispel with "street wisdom" regarding the practical implementation of Strassen's algorithm for matrix-matrix multiplication (DGEMM). Conventional wisdom: it is only practical for very large matrices. Our implementation is practical for small matrices. Conventional wisdom: the matrices being multiplied should be relatively square. Our implementation is practical for rank-k updates, where k is relatively small (a shape of importance for libraries like LAPACK). Conventional wisdom: it inherently requires substantial workspace. Our implementation requires no workspace beyond buffers already incorporated into conventional high-performance DGEMM implementations. Conventional wisdom: a Strassen DGEMM interface must pass in workspace. Our implementation requires no such workspace and can be plug-compatible with the standard DGEMM interface. Conventional wisdom: it is hard to demonstrate speedup on multi-core architectures. Our implementation demonstrates speedup over conventional DGEMM even on an Intel(R) Xeon Phi(TM) coprocessor utilizing 240 threads. We show how a distributed memory matrix-matrix multiplication also benefits from these advances.

Mathematical Software

Zhantao Zhang,Weijiang Wang,Jingqi Zhang,Xiang He,Mingzhi Ma,Shiwei Ren,Hua Dang

DOI: https://doi.org/10.3390/mi15101238

IF: 3.4

2024-10-08

Micromachines

Abstract:With the development of mobile communication, digital signatures with low latency, low area, and high security are in increasing demand. Elliptic curve cryptography (ECC) is widely used because of its security and lightweight. Elliptic curve scalar multiplication (ECSM) is the basic arithmetic in ECC. Based on this background information, we propose our own research objectives. In this paper, a low-latency and low-area ECSM architecture based on the comb algorithm is proposed. The detailed methodology is as follows. The recoding-k algorithm and randomization-Z algorithm are used to improve security, which can resist sample power analysis (SPA) and differential power analysis (DPA). A low-area multi-functional architecture for comb is proposed, which takes into account different stages of the comb algorithm. Based on this, the data dependency is considered and the comb architecture is optimized to achieve a uniform and efficient execution pattern. The interleaved modular multiplication algorithm and modified binary inverse algorithm are used to achieve short clock cycle delay and high frequency while taking into account the need for a low area. The proposed architecture has been implemented on Xilinx Virtex-7 series FPGA to perform ECSM on 256-bits prime field GF(p). In the hardware architecture with only 7351 slices of resource usage, a single ECSM only takes 0.74 ms, resulting in an area-time product (ATP) of 5.41. The implementation results show that our design can compete with the existing state-of-the-art engineering in terms of performance and has higher security. Our design is suitable for computing scenarios where security and computing speed are required. The implementation of the overall architecture is of great significance and inspiration to the research community.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied