Results 1  10
of
306
Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems
, 1996
"... By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known cip ..."
Abstract

Cited by 417 (3 self)
 Add to MetaCart
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, networkbased cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and DiffieHellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
A PublicKey Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography
, 2004
"... We present the first known implementation of elliptic curve cryptography over F2 p for sensor networks based on the 8bit, 7.3828MHz MICA2 mote. Through instrumentation of UC Berkeley's TinySec module, we argue that, although secretkey cryptography has been tractable in this domain for some time, ..."
Abstract

Cited by 183 (3 self)
 Add to MetaCart
We present the first known implementation of elliptic curve cryptography over F2 p for sensor networks based on the 8bit, 7.3828MHz MICA2 mote. Through instrumentation of UC Berkeley's TinySec module, we argue that, although secretkey cryptography has been tractable in this domain for some time, there has remained a need for an efficient, secure mechanism for distribution of secret keys among nodes. Although publickey infrastructure has been thought impractical, we argue, through analysis of our own implementation for TinyOS of multiplication of points on elliptic curves, that publickey infrastructure is, in fact, viable for TinySec keys' distribution, even on the MICA2. We demonstrate that public keys can be generated within 34 seconds, and that shared secrets can be distributed among nodes in a sensor network within the same, using just over 1 kilobyte of SRAM and 34 kilobytes of ROM.
Remote Timing Attacks are Practical
 In Proceedings of the 12th USENIX Security Symposium
, 2003
"... Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSLbased web server runni ..."
Abstract

Cited by 170 (4 self)
 Add to MetaCart
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSLbased web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
A Survey of Fast Exponentiation Methods
 Journal of Algorithms
, 1998
"... Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation de ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation depends strongly on the group being used, the hardware the system is implemented on, and whether one element is being raised repeatedly to different powers, different elements are raised to a fixed power, or both powers and group elements vary. This problem has received much attention, but the results are scattered through the literature. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses. 1
Speeding Up The Computations On An Elliptic Curve Using AdditionSubtraction Chains
 Theoretical Informatics and Applications
, 1990
"... We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up acco ..."
Abstract

Cited by 100 (4 self)
 Add to MetaCart
We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up accordingly the factorization and primality testing algorithms using elliptic curves. 1. Introduction. Recent algorithms used in primality testing and integer factorization make use of elliptic curves defined over finite fields or Artinian rings (cf. Section 2). One can define over these sets an abelian law. As a consequence, one can transpose over the corresponding groups all the classical algorithms that were designed over Z/NZ. In particular, one has the analogue of the p \Gamma 1 factorization algorithm of Pollard [29, 5, 20, 22], the Fermatlike primality testing algorithms [1, 14, 21, 26] and the public key cryptosystems based on RSA [30, 17, 19]. The basic operation performed on an elli...
Fast Implementations of RSA Cryptography
 11th IEEE Symposium on COMPUTER ARITHMETIC
, 1993
"... We detail and analyse the critical techniques which may be combined in the design of fast hardware for RSA cryptography: chinese remainders, star chains, Hensel's odd division (a.k.a. Montgomery modular reduction), carrysave representation, quotient pipelining and asynchronous carry completion adde ..."
Abstract

Cited by 82 (6 self)
 Add to MetaCart
We detail and analyse the critical techniques which may be combined in the design of fast hardware for RSA cryptography: chinese remainders, star chains, Hensel's odd division (a.k.a. Montgomery modular reduction), carrysave representation, quotient pipelining and asynchronous carry completion adders. A PAM 1 implementation of RSA which combines all of the techniques presented here is fully operational at PRL: it delivers an RSA secret decryption rate over 600Kb/s for 512b keys, and 165Kb/s for 1Kb keys. This is an order of magnitude faster than any previously reported running implementation. While our implementation makes full use of the PAM's reconfigurability, we can nevertheless derive from our (multiple PAM designs) implementation a (single) gatearray specification whose size is estimated under 100K gates, and speed over 1Mb/s for RSA 512b keys. Each speedup in the hardware performance of RSA involves a matching gain in software performance which we also analyse. In addition ...
Analyzing and Comparing Montgomery Multiplication Algorithms
 IEEE Micro
, 1996
"... This paper discusses several Montgomery multiplication algorithms, two of whichhave been proposed before. We describe three additional algorithms, and analyze in detail the space and time requirements of all #ve methods. These algorithms have been implemented in C and in assembler. The analyses a ..."
Abstract

Cited by 75 (8 self)
 Add to MetaCart
This paper discusses several Montgomery multiplication algorithms, two of whichhave been proposed before. We describe three additional algorithms, and analyze in detail the space and time requirements of all #ve methods. These algorithms have been implemented in C and in assembler. The analyses and actual performance results indicate that the Coarsely Integrated Operand Scanning #CIOS# method, detailed in this paper, is the most e#cient of all #ve algorithms, at least for the general class of processor we considered. The Montgomery multiplication methods constitute the core of the modular exponentiation operation which is the most popular method used in publickey cryptography for encrypting and signing digital data. Indexing Terms: Modular multiplication and exponentiation, Montgomery method, RSA and Di#eHellman cryptosystems. 1 Introduction The motivation for studying highspeed and spacee#cient algorithms for modular multiplication comes from their applications in publ...
Factoring by electronic mail
, 1990
"... In this paper we describe our distributed implementation of two factoring algorithms. the elliptic curve method (ecm) and the multiple polynomial quadratic sieve algorithm (mpqs). Since the summer of 1987. our ermimplementation on a network of MicroVAX processors at DEC’s Systems Research Center h ..."
Abstract

Cited by 52 (8 self)
 Add to MetaCart
In this paper we describe our distributed implementation of two factoring algorithms. the elliptic curve method (ecm) and the multiple polynomial quadratic sieve algorithm (mpqs). Since the summer of 1987. our ermimplementation on a network of MicroVAX processors at DEC’s Systems Research Center has factored several most and more wanted numbers from the Cunningham project. In the summer of 1988. we implemented the multiple polynomial quadratic sieve algorithm on rhe same network On this network alone. we are now able to factor any!@I digit integer, or to find 35 digit factors of numbers up to 150 digits long within one month. To allow an even wider distribution of our programs we made use of electronic mail networks For the distribution of the programs and for interprocessor communicatton. Even during the mitial stage of this experiment machines all over the United States and at various places in Europe and Ausnalia conhibuted 15 percent of the total factorization effort. At all the sites where our program is running we only use cycles that would otherwise have been idle. This shows that the enormous computational task of factoring 100 digit integers with the current algoritluns can be completed almost for free. Since we use a negligible fraction of the idle cycles of alI the machines on the worldwide elecnonic mail networks. we could factor 100 digit integers within a few days with a little more help.
Some integer factorization algorithms using elliptic curves
 Australian Computer Science Communications
, 1986
"... Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order ..."
Abstract

Cited by 47 (13 self)
 Add to MetaCart
Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order log(p), where p is the factor which is found. In practice the speedup is significant. We mention some refinements which give greater speedup, an alternative way of implementing a second phase, and the connection with Pollard’s “p − 1” factorization algorithm. 1
Architectural Support for Fast SymmetricKey Cryptography
 in Proc. Intl. Conf. ASPLOS
, 2000
"... The emergence of the Internet as a trusted medium for commerce and communication has made cryptography an essential component of modern information systems. Cryptography provides the mechanisms necessary to implement accountability, accuracy, and confidentiality in communication. As demands for secu ..."
Abstract

Cited by 46 (0 self)
 Add to MetaCart
The emergence of the Internet as a trusted medium for commerce and communication has made cryptography an essential component of modern information systems. Cryptography provides the mechanisms necessary to implement accountability, accuracy, and confidentiality in communication. As demands for secure communication bandwidth grow, efficient cryptographic processing will become increasingly vital to good system performance. In this paper, we explore techniques to improve the performance of symmetric key cipher algorithms. Eight popular strong encryption algorithms are examined in detail. Analysis reveals the algorithms are computationally complex and contain little parallelism. Overall throughput on a highend microprocessor is quite poor, a 600 Mhz processor is incapable of saturating a T3 communication line with 3DES (triple DES) encrypted data. We introduce new instructions that improve the efficiency of the analyzed algorithms. Our approach adds instruction set support for fast substitutions, general permutations, rotates, and modular arithmetic. Performance analysis of the optimized ciphers shows an overall speedup of 59 % over a baseline machine with rotate instructions and 74 % speedup over a baseline without rotates. Even higher speedups are demonstrated with optimized substitutions (SBOXes) and additional functional unit resources. Our analyses of the original and optimized algorithms suggest future directions for the design of highperformance programmable cryptographic processors. 1