Hwajeong Seo

Efficient Ring-LWE Encryption on 8-Bit AVR Processors

Public-key cryptography based on the “ring-variant” of the Learning with Errors (ring-LWE) problem is both efficient and believed to remain secure in a post-quantum world. In this paper, we introduce a carefully-optimized implementation of a ring-LWE encryption scheme for 8-bit AVR processors like the ATxmega128. Our research contributions include several optimizations for the Number Theoretic Transform (NTT) used for polynomial multiplication. More concretely, we describe the Move-and-Add (MA) and the Shift-Add-Multiply-Subtract-Subtract (SAMS2) technique to speed up the performance-critical multiplication and modular reduction of coefficients, respectively. We take advantage of incompletely-reduced intermediate results to minimize the total number of reduction operations and use a special coefficient-storage method to decrease the RAM footprint of NTT multiplications. In addition, we propose a byte-wise scanning strategy to improve the performance of a discrete Gaussian sampler based on the Knuth-Yao random walk algorithm. For medium-term security, our ring-LWE implementation needs 590 k, 672 k, and 276 k clock cycles for key-generation, encryption, and decryption, respectively. On the other hand, for long-term security, the execution time of key-generation, encryption, and decryption amount to 2.2 M, 2.6 M, and 686 k cycles, respectively. These results set new speed records for ring-LWE encryption on an 8-bit processor and outperform related RSA and ECC implementations by an order of magnitude.

Multi-precision Multiplication for Public-Key Cryptography on Embedded Microprocessors

In this paper, we revisit the “operand caching” method for multi-precision multiplication, which reduces the number of required load instructions by caching the operands [6]. With the previous method, we can achieve high performance in terms of multiplication speed with modern micro-processors. However, this method does not provide full operand caching when changing the row of partial products. To overcome this problem, we propose a novel method, i.e., “consecutive operand caching”. We divide partial products and reconstruct them yielding common operands between previous and new partial products. Finally, we reduce the number of load instructions and boost the speed of multi-precision multiplication by 3.85%, as compared to previous best known results.

Efficient Implementation of NIST-Compliant Elliptic Curve Cryptography for 8-bit AVR-Based Sensor Nodes

In this paper, we introduce a highly optimized software implementation of standards-compliant elliptic curve cryptography (ECC) for wireless sensor nodes equipped with an 8-bit AVR microcontroller. We exploit the state-of-the-art optimizations and propose novel techniques to further push the performance envelope of a scalar multiplication on the NIST P-192 curve. To illustrate the performance of our ECC software, we develope the prototype implementations of different cryptographic schemes for securing communication in a wireless sensor network, including elliptic curve Diffie-Hellman (ECDH) key exchange, the elliptic curve digital signature algorithm (ECDSA), and the elliptic curve Menezes-Qu-Vanstone (ECMQV) protocol. We obtain record-setting execution times for fixed-base, point variable-base, and double-base scalar multiplication. Compared with the related work, our ECDH key exchange achieves a performance gain of roughly 27% over the best previously published result using the NIST P-192 curve on the same platform, while our ECDSA performs twice as fast as the ECDSA implementation of the well-known TinyECC library. We also evaluate the impact of Karatsubas multiplication technique on the overall execution time of a scalar multiplication. In addition to offering high performance, our implementation of scalar multiplication has a highly regular execution profile, which helps to protect against certain side-channel attacks. Our results show that NIST-compliant ECC can be implemented efficiently enough to be suitable for resource-constrained sensor nodes.

High-Performance Ideal Lattice-Based Cryptography on 8-Bit AVR Microcontrollers

Over recent years lattice-based cryptography has received much attention due to versatile average-case problems like Ring-LWE or Ring-SIS that appear to be intractable by quantum computers. In this work, we evaluate and compare implementations of Ring-LWE encryption and the bimodal lattice signature scheme (BLISS) on an 8-bit Atmel ATxmega128 microcontroller. Our implementation of Ring-LWE encryption provides comprehensive protection against timing side-channels and takes 24.9ms for encryption and 6.7ms for decryption. To compute a BLISS signature, our software takes 317ms and 86ms for verification. These results underline the feasibility of lattice-based cryptography on constrained devices.

Binary and prime field multiplication for public key cryptography on embedded microprocessors

Embedded microprocessors are used in a wide variety of platforms, including Radio frequency identification RFID systems, sensor networks, and smartphones. Unfortunately, as practical use of microprocessors has increased, so have the security problems associated with them. Although public key cryptography PKC can mitigate these problems, standard implementations of PKC also impose a steep computational cost on resource-constrained devices. To reduce this cost, researchers have proposed alternative implementations that accelerate multiprecision multiplication, the most expensive operation involved in PKC. In this paper, we focus on a further optimization of this same operation, using several innovative methods: carry-once, optimized multiplication and accumulation MAC, unbalanced comb, and optimized comb-window. These methods yield further performance improvements of 2%, 17%, 4.5%, and 9.5%, respectively, on representative modern microprocessors including ATmega128 and MSP430. Copyright

Performance enhancement of TinyECC based on multiplication optimizations

Because wireless sensor network (WSN), which is composed of a large number of low-cost and resource-constrained devices, communicates on the basis of wireless protocols such as IEEE 802.15.4, ZigBee, and DASH-7, it is easily vulnerable to eavesdropping, illegal modification, privacy infringement and denial-of-service attacks. These attacks destroy the data integrity, confidentiality, and authentication of the basic WSN security requirements and then the reliability and security of the WSN-based applications are deteriorated. There have been many research efforts to make secure WSN environments. Among these efforts, TinyECC is one of outstanding works. It provides several security protocols such as Elliptic Curve Diffie–Hellman, Elliptic Curve Digital Signature Algorithm, and Elliptic Curve Integrated Encryption Scheme, based on the Elliptic Curve Cryptography (ECC). TinyECC is basically a well-written TinyOS-based code and is optimized to resource-constrained environments. The Barrett reduction, hybrid multiplication, and several optimization techniques are also used for high performance even with low-energy consumption. However, the hybrid multiplication technique used in TinyECC is known to be not suitable for 16-bit processor, MSP430, which is a familiar processor for sensor node. This is due to the fact that the MSP 430 processor does not provide enough number of registers for hybrid multiplication techniques. Because the multiplication operation over the finite field is a major operation of the ECC, it causes a high latency of multiplication operations and eventually degrades the performance of the ECC operation. In this paper, we propose a novel multiplication operation based on the cached operands and reordered partial products. The proposed method shows that the latency of the polynomial multiplication, which is the core operation of the ECC, is 6% smaller than previously known results. Copyright

Low-Power Encryption Algorithm Block Cipher in JavaScript

Traditional block cipher Advanced Encryption Standard (AES) is widely used in the field of network security, but it has high overhead on each operation. In the 15th international workshop on information security applications, a novel lightweight and low-power encryption algorithm named low-power encryption algorithm (LEA) was released. This algorithm has certain useful features for hardware and software implementations, that is, simple addition, rotation, exclusive-or (ARX) operations, non-Substitute-BOX architecture, and 32-bit word size. In this study, we further improve the LEA encryptions for cloud computing. The Web-based implementations include JavaScript and assembly codes. Unlike normal implementation, JavaScript does not support unsigned integer and rotation operations; therefore, we present several techniques for resolving this issue. Furthermore, the proposed method yields a speed-optimized result and shows high performance enhancements. Each implementation is tested using various Web browsers, such as Google Chrome, Internet Explorer, and Mozilla Firefox, and on various devices including personal computers and mobile devices. These results extend the use of LEA encryption to any circumstance.

Montgomery Modular Multiplication on ARM-NEON Revisited

Montgomery modular multiplication constitutes the “arithmetic foundation” of modern public-key cryptography with applications ranging from RSA, DSA and Diffie-Hellman over elliptic curve schemes to pairing-based cryptosystems. The increased prevalence of SIMD-type instructions in commodity processors (e.g. Intel SSE, ARM NEON) has initiated a massive body of research on vector-parallel implementations of Montgomery modular multiplication. In this paper, we introduce the Cascade Operand Scanning (COS) method to speed up multi-precision multiplication on SIMD architectures. We developed the COS technique with the goal of reducing Read-After-Write (RAW) dependencies in the propagation of carries, which also reduces the number of pipeline stalls (i.e. bubbles). The COS method operates on 32-bit words in a row-wise fashion (similar to the operand-scanning method) and does not require a “non-canonical” representation of operands with a reduced radix. We show that two COS computations can be “coarsely” integrated into an efficient vectorized variant of Montgomery multiplication, which we call Coarsely Integrated Cascade Operand Scanning (CICOS) method. Due to our sophisticated instruction scheduling, the CICOS method reaches record-setting execution times for Montgomery modular multiplication on ARM-NEON platforms. Detailed benchmarking results obtained on an ARM Cortex-A9 and Cortex-A15 processors show that the proposed CICOS method outperforms Bos et al’s implementation from SAC 2013 by up to 57 % (A9) and 40 % (A15), respectively.

Parallel Implementations of LEA

LEA is a new lightweight and low-power encryption algorithm. This algorithm has a certain useful features which are especially suitable for parallel hardware and software implementations, i.e., simple ARX operations, non-S-BOX architecture, and 32-bit word size. In this paper we evaluate the performance of the LEA algorithm on ARM-NEON and GPUs by taking advantage of both the desirable features of LEA and a parallel computing platform and programming model by NEON and CUDA. Specifically, we propose novel parallel LEA implementations on representative SIMT and SIMD architectures such as CUDA and NEON. In case of CUDA, we firstly designed a thread-based computation model to fall into functional parallelism by computing several encryptions over one thread. To alleviate the memory transfer delay, we allocate memory to satisfy coalescing memory access. Secondly our method is block cipher implementation written in assembly language, which provides efficient and flexible programming environments. With these optimization techniques, we achieved 17.352 and 2.5 GBps (bytes per second) throughput without/with memory transfer. In case of NEON, we adopted pipeline instructions and SIMD-based execution models, which enhanced encryption by 49.85 % compared to previous ARM implementations.

Zigbee security for visitors in home automation using attribute based proxy re-encryption

ZigBee network has many advantages in terms of high availability, low power consumption and cost-effective device for constructing the wireless sensor network. For this reason, ZigBee network is the most attractive technology for home automation which allows users to designate home network and control home appliances depending on their ease. To improve the safety of home automation, messages exchanged through ZigBee network need to meet the appropriate security level, and it also provides various services to authorized users or would-be users such as visitors. For this reason, Attribute Based Proxy Re-encryption (ABPRE) is an enabling technology satisfying requirements mentioned before. In the paper, we apply an ABPRE scheme to ZigBee security. The proposal provides the delegation of the power and attribute based encryption. It is also reduces the number of key used for encryption.