Results 1 
9 of
9
Parallel Collision Search with Cryptanalytic Applications
 Journal of Cryptology
, 1996
"... A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to ad ..."
Abstract

Cited by 146 (3 self)
 Add to MetaCart
A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to adapt the technique to finding discrete logarithms in cyclic groups, finding meaningful collisions in hash functions, and performing meetinthemiddle attacks such as a knownplaintext attack on double encryption. The new technique greatly extends the reach of practical attacks, providing the most costeffective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions such as MD5, RIPEMD, SHA1, MDC2, and MDC4; and double encryption and threekey triple encryption. The practical significance of the technique is illustrated by giving the design for three $10 million custom machines which could be built with current technology: one finds elliptic curve logarithms in GF(2 ) thereby defeating a proposed elliptic curve cryptosystem in expected time 32 days, the second finds MD5 collisions in expected time 21 days, and the last recovers a doubleDES key from 2 known plaintexts in expected time 4 years, which is four orders of magnitude faster than the conventional meetinthemiddle attack on doubleDES. Based on this attack, doubleDES offers only 17 more bits of security than singleDES.
Parallel collision search with application to hash functions and discrete logarithms
 In ACM CCS 94
, 1994
"... Current techniques for collision search with feasible memory requirements involve pseudorandom walks through some space where one must wait for the result of the current step before the next step can begin. These techniques are serial in nature, and direct parallelization is inefficient. We present ..."
Abstract

Cited by 60 (1 self)
 Add to MetaCart
Current techniques for collision search with feasible memory requirements involve pseudorandom walks through some space where one must wait for the result of the current step before the next step can begin. These techniques are serial in nature, and direct parallelization is inefficient. We present a simple new method of parallelizing collision searches that greatly extends the reach of practical attacks. The new method is illustrated with applications to hash functions and discrete logarithms in cyclic groups. In the case of hash functions, we begin with two messages; the first is a message that we want our target to digitally sign, and the second is a message that the target is willing to sign. Using collision search adapted for hashing collisions, one can find slightly altered versions of these messages such that the two new messages give the same hash result. As a particular example, a $10 million custom machine for applying parallel collision search to the MD5 hash function could complete an attack with an expected run time of 24 days. This machine would be specific to MD5, but could be used for any pair of messages. For discrete logarithms in cyclic groups, ideas from Pollard’s rho and lambda methods for index computation are combined to allow efficient parallel implementation using the new method. As a concrete example, we consider an elliptic curve cryptosystem over GF(2 155) with the order of the curve having largest prime factor of approximate size 10 36. A $10 million machine custom built for this finite field could compute a discrete logarithm with an expected run time of 36 days. 1.
Elliptic curve cryptosystems on reconfigurable hardware
 MASTER’S THESIS, WORCESTER POLYTECHNIC INST
, 1998
"... Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other publickey schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of realworld size can be implemented on commercially available FPGAs.
Customizable elliptic curve cryptosystems
 IEEE Transactions on Very Large Scale Integration (VLSI) Systems
, 2005
"... Abstract—This paper presents a method for producing hardware designs for elliptic curve cryptography (ECC) systems over the finite field qp@P A, using the optimal normal basis for the representation of numbers. Our field multiplier design is based on a parallel architecture containing multiplebit s ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Abstract—This paper presents a method for producing hardware designs for elliptic curve cryptography (ECC) systems over the finite field qp@P A, using the optimal normal basis for the representation of numbers. Our field multiplier design is based on a parallel architecture containing multiplebit serial multipliers; by changing the number of such serial multipliers, designers can obtain implementations with different tradeoffs in speed, size and level of security. A design generator has been developed which can automatically produce a customised ECC hardware design that meets userdefined requirements. To facilitate performance characterization, we have developed a parametric model for estimating the number of cycles for our generic ECC architecture. The resulting hardware implementations are among the fastest reported: for a key size of 270 bits, a point multiplication in a Xilinx XC2V6000 FPGA at 35 MHz can run over 1000 times faster
Superscalar coprocessor for highspeed curvebased cryptography
 Cryptographic Hardware and Embedded Systems (CHES’06), number 4249 in Lecture Notes in Computer Science
, 2006
"... Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocesso ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. We propose a superscalar coprocessor for highspeed curvebased cryptography. It accelerates scalar multiplication by exploiting instructionlevel parallelism (ILP) dynamically and processing multiple instructions in parallel. The systemlevel architecture is designed so that the coprocessor can fully utilize the superscalar feature. The implementation results show that scalar multiplication of Elliptic Curve Cryptography (ECC) over GF(2 163), Hyperelliptic Curve Cryptography (HECC) of genus 2 over GF(2 83) and ECC over a composite field, GF((2 83) 2)can be improved by a factor of 1.8, 2.7 and 2.5 respectively compared to the case of a basic singlescalar architecture. This speedup is achieved by exploiting parallelism in curvebased cryptography. The coprocessor deals with a single instruction that can be used for all field operations such as multiplications and additions. In addition, this instruction only allows one to compute point/divisor operations. Furthermore, we provide also a fair comparison between the three curvebased cryptosystems.
NESSIE D17  Preliminary list of realistic performance estimates
, 2002
"... A preliminary list of realistic performance estimates Keywords NESSIE, Performance Evaluation. Version 1.0 Report on the Performance Evaluation of the NESSIE Candidates + B. Preneel , B. Van Rompay , S. B. ..."
Abstract
 Add to MetaCart
A preliminary list of realistic performance estimates Keywords NESSIE, Performance Evaluation. Version 1.0 Report on the Performance Evaluation of the NESSIE Candidates + B. Preneel , B. Van Rompay , S. B.
CHOICES ON DESIGNING GF (P) ELLIPTIC CURVE COPROCESSOR BENEFITING FROM MAPPING HOMOGENEOUS CURVES IN PARALLEL MULTIPLICATIONS Qasem Abu AlHaija ' 1
"... ABSTRACTـــ ـ Modular inversion operation is known to be the most time consuming operation in ECC field arithmetic computations. In addition, Many ECC designs that use projective coordinates over GF (p) have not considered different factors that affect the design of ECC such as area, hardware utiliz ..."
Abstract
 Add to MetaCart
ABSTRACTـــ ـ Modular inversion operation is known to be the most time consuming operation in ECC field arithmetic computations. In addition, Many ECC designs that use projective coordinates over GF (p) have not considered different factors that affect the design of ECC such as area, hardware utilization, cost (AT2) and performance factors which are crucial in many ECC applications. This paper proposes to use several projective coordinates to compute the standard ECC point doubling over GF (p) with no inversion operations due to the ability of projective coordinates to convert each inversion to several multiplication steps which are applied in parallel. We tuneup the mentioned factors by using a variable degree of parallelization benefiting from the inherent parallelism in ECC computations. The aim is to provide different design choices that can be utilized in several ECC applications. Out results show that projection (X/Z, Y/Z) gives the best results in terms of timeconsuming using 5 parallel multipliers compared to other projections. Furthermore, both projections (X/Z, Y/Z) and (X/Z2, Y/Z3) achieve the highest hardware utilization enhancements when using 2 and 3 parallel multipliers respectively. A tradeoff between factors such as security, area and timeconsuming is which control the design of ECC, the more parallelization leads to less timeconsuming. However, with extra area needed for parallel ECC operations.
unknown title
"... The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As l ..."
Abstract
 Add to MetaCart
The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As late as 1918, one of the most influential cryptanalytic papers of the twentieth century, William F. Friedman’s monograph The Index of Coincidence and Its Applications in Cryptography, appeared as a research report of the private Riverbank Laboratories [577]. And this, despite the fact that the work had been done as part of the war effort. In the same year Edward H. Hebern of Oakland, California filed the first patent for a rotor machine [710], the device destined to be a mainstay of military cryptography for nearly 50 years. After the First World War, however, things began to change. U.S. Army and Navy organizations, working entirely in secret, began to make fundamental advances in cryptography. During the thirties and forties a few basic papers did appear in the open literature and several treatises on the subject were published, but the latter were farther and farther behind the state of the art. By the end of the war the transition was complete. With one notable exception, the public literature had died. That exception was Claude Shannon’s paper “The Communication Theory of Secrecy Systems, ” which