Uploads Contact
/
Login Upload
SupersingularIsogenyKeyEncapsulationPresentedbyDavidJaoUniversityofWat SupersingularIsogenyKeyEncapsulationPresentedbyDavidJaoUniversityofWat

SupersingularIsogenyKeyEncapsulationPresentedbyDavidJaoUniversityofWat - PDF document

dora
dora . @dora
Follow
346 views
Uploaded On 2021-06-30
About Share Download

SupersingularIsogenyKeyEncapsulationPresentedbyDavidJaoUniversityofWat - PPT Presentation

SIKESupersingularIsogenyKeyEncapsulationSIKEIINDCCA2KEMIBasedonSupersingularIsogenyDi14eHellmanSIDHIUsesHofheinzetaltransformationTCC2017onSIDHtoachieveCCAsecurityTheSIKEprotocolspeci12 ID: 849809

compressed sikep434 106ccsikep503 2019 sikep434 compressed 2019 106ccsikep503 sike 106ccsikep751 scheme andsendse fp2 amirjalali sidh hellman tani gdw rezaazarderakhsh

Share:

Link:

Embed:

Download Presentation from below link

Download Pdf The PPT/PDF document "SupersingularIsogenyKeyEncapsulationPres..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

1 SupersingularIsogenyKeyEncapsulationPres
SupersingularIsogenyKeyEncapsulationPresentedbyDavidJaoUniversityofWaterlooandevolutionQ,Inc.Fulllistofsubmitters:RezaAzarderakhsh,FAUAmirJalali,LinkedInMichaelNaehrig,MSRMattCampagna,AmazonDavidJao,UWGeovandroPereira,UWCraigCostello,MSRBrianKoziel,TIJoostRenes,RadboudLucaDeFeo,UVSQBrianLaMacchia,MSRVladimirSoukharev,ISGBa

2 silHess,ISGPatrickLonga,MSRDavidUrbanik,
silHess,ISGPatrickLonga,MSRDavidUrbanik,UofThttps://sike.orgAugust23,2019 SIKESupersingularIsogenyKeyEncapsulation(SIKE)IIND-CCA2KEMIBasedonSupersingularIsogenyDie-Hellman(SIDH)IUsesHofheinzetal.transformation(TCC2017)onSIDHtoachieveCCAsecurityTheSIKEprotocolspeci es:IParametersetsIKey/ciphertextformatsIEncapsulat

3 ion/decapsulationmechanismsIChoiceofsymm
ion/decapsulationmechanismsIChoiceofsymmetricprimitives(hashfunctions,etc.) OverviewofSIDH1.Publicparameters:SupersingularellipticcurveEoverFp2.2.AlicechoosesakernelAE(Fp2)andsendsE=AtoBob.3.BobchoosesakernelBE(Fp2)andsendsE=BtoAlice.4.ThesharedsecretisE=hA;Bi=(E=A)=A(B)=(E=B)=B(A): Die-Hellman(DH)

4 g gx gy gxy SIDH E E=A E=B E=hA;Bi 
g gx gy gxy SIDH E E=A E=B E=hA;Bi B A ChangesforSIKEinsecondroundINewparametersets:SIKEp434,SIKEp503,SIKEp610,SIKEp751, SIKEp964INewstartingcurveE:y2=x3+6x2+xIKeycompression:40%smallerpublickeysandciphertextsIUpdatedsecurityanalysis Parametersets Scheme primeplog2pSecuritylevel SIKEp434 22163137�1433.14

5 NIST1SIKEp503 22503159�1502.01NIST2SI
NIST1SIKEp503 22503159�1502.01NIST2SIKEp610 23053192�1609.31NIST3SIKEp751 23723239�1750.81NIST5 Newstartingcurve Thepreviousstartingcurvey2=x3+xhascomplexmultiplicationsymmetries,reducingkeyentropy.IRedkernelpointyieldscurveisomorphictostartingcurve.IBlueandgreenkernelpointsyieldcurvesisomorphictoeachother. Keycom

6 pression Scheme PublickeyDecaps(x86 64)
pression Scheme PublickeyDecaps(x86 64) SIKEp434 330bytes11.3106ccSIKEp434 compressed 196bytes18.9106ccSIKEp503 378bytes15.6106ccSIKEp503 compressed 224bytes25.5106ccSIKEp610 462bytes28.6106ccSIKEp610 compressed 273bytes45.5106ccSIKEp751 564bytes45.4106ccSIKEp751 compressed 331bytes72.8106cc

7 Securityanalysis SIKEp434 SIKEp610 Atta
Securityanalysis SIKEp434 SIKEp610 Attackcost GDW GDW Grover[1] 12611610 17116010 Tani(optimal#G)[2] 12411425 16915925 Tani(optimalDW)[2] 13112210 17716610 VanOorschot-Wiener[2] 13214128 17714173 1.AframeworkforreducingtheoverheadofthequantumoracleforusewithGrover'salgorithmwithapplicationstocryptanalysisofSIKE,Benjam

8 inI.PringandJean-FrancoisBiasse,Mat
inI.PringandJean-FrancoisBiasse,MathCrypt20192.QuantumcryptanalysisintheRAMmodel:Claw- ndingattacksonSIKE,SamJaquesandJohnSchanck,CRYPTO2019 Recentimplementations Decapsulationtimes,cc106 SIKEp503SIKEp751 ARM64(NIST2ndround) 47.4159.5ARM64[1] 39.7138.4CortexM4[2] 183491 1.ARMv8SIKE:OptimizedSupersingularIsogen

9 yKeyEncapsulationonARMv8Processors,AmirJ
yKeyEncapsulationonARMv8Processors,AmirJalali,RezaAzarderakhsh,MehranMoza ariKermani,MatthewCampagna,andDavidJao,IEEETCAS,10.1109/TCSI.2019.2920869.Codeavailableathttps://github.com/amirjalali65/armv8-sike2.SIKERound2SpeedRecordonARMCortex-M4,HwajeongSeo,AmirJalali,andRezaAzarderakhsh,2019/535. SummarySIKEadvantages:IS

10 mallestpublickeysizeIStraightforwardpara
mallestpublickeysizeIStraightforwardparameterselectionINodecryptionerror,Gaussians,rejectionsampling,etc.IGenericattacksarewellunderstoodIOnlyKEMproposalnotbasedonlattices/codes/LW[ER]SIKEdisadvantages:ISlowIFutureanalysismayuncovernon-genericattacksagainstSIKE(thoughnoneareknownsofar)Futurework:ICryptanalysisandside-chann

Related Contents


Next Show more