< Terug naar vorige pagina
Publicatie
Security of Cryptographic Implementations
Boek - Dissertatie
This thesis focuses on issues arising when implementing cryptography, specifically
performance, side-channels and integration. All these issues must be addressed
to turn a cryptographic algorithm into a practical system which can provide
security properties such as confidentiality or authenticity.
Considering the potential threat by quantum computers we deal with
performance optimizations for supersingular isogeny Diffie-Hellman (SIDH).
We compare different approaches for modular multiplication and show that
Montgomery multiplication is theoretically the fastest and that product scanning
is the fastest implementation. We also propose 2^391 19^88 – 1 and other primes
suitable for SIDH which give an additional 12% speed-up. Further, we extend
this comparison to Twisted Edwards curves with optimized addition chains and
show that the increased flexibility in creating addition chains cannot compensate
for the slower operations. Afterwards, practical performance improvements by
using special multiplication instructions on ARM platforms are shown. Using
these and an extended set of suitable primes gives a speed-up of 50%.
We then consider a complete cryptographic system. We provide a security
analysis of end-to-end encrypted email. It is shown how the complex behaviors
of the components, when integrated into a single system, compromise or weaken
security. Vulnerabilities are presented for 23 out of 35 tested S/MIME clients
and 10 out of 28 tested OpenPGP clients.
Finally, a side-channel attack on the Frodo scheme is presented. The attack can
be performed with a single trace due to the reuse of secret values at multiple
times during the algorithm. The attack extracts the key with probability 50%
and 99% for parameter sets NIST1 and NIST2 respectively, also showing that
it is more effective for supposedly more secure parameters. We also propose a
mitigation with only minor impact on performance.
Jaar van publicatie:2019
Toegankelijkheid:Open