Public Keys

Lenstra, Arjen K.; Hughes, James P.; Augier, Maxime; Bos, Joppe W.; Kleinjung, Thorsten; Wachter, Christophe

doi:10.1007/978-3-642-32009-5_37

Cited by 77 publications

(35 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examples of nonce repetition are flawed implementations [8,10,19,22,34], bad management of nonces by the user, and backup resets or virtual machine clones when the nonce is stored as a counter.…”

Section: Introductionmentioning

confidence: 99%

COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse

Andreeva

Luykx

Mennink

et al. 2015

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. We present a new, misuse-resistant scheme for online authenticated encryption, following the framework set forth by Fleischmann et al. (FSE 2012). Our scheme, COBRA, is roughly as efficient as the GCM mode of operation for nonce-based authenticated encryption, performing one block cipher call plus one finite field multiplication per message block in a parallelizable way. The major difference from GCM is that COBRA preserves privacy up to prefix under nonce repetition. However, COBRA only provides authenticity against nonce-respecting adversaries. As compared to COPA (ASIACRYPT 2013), our new scheme requires no block cipher inverse and hence enjoys provable security under a weaker assumption about the underlying block cipher. In addition, COBRA can possibly perform better than COPA on platforms where finite field multiplication can be implemented faster than the block cipher in use, since COBRA essentially replaces half of the block cipher calls in COPA with finite field multiplications.

show abstract

Section: Introductionmentioning

confidence: 99%

COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse

Andreeva

Luykx

Mennink

et al. 2015

Fast Software Encryption

View full text Add to dashboard Cite

show abstract

“…Indeed, nonce misuse is a security threat in plenty of practical applications, not necessarily limited to the lightweight setting. Examples include flawed implementations of nonces [12,14,21,22,31], bad management of nonces by the user, and backup resets or virtual machine clones when the nonce is stored as a counter.…”

Section: Introductionmentioning

confidence: 99%

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Andreeva

Bilgin

Bogdanov

et al. 2015

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a hardware source of randomness, or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: Quark, Photon, and Spongent. For any of these permutations, an implementation that supports both encryption and decryption requires less than 1.9 kGE and 2.8 kGE for 80-bit and 128-bit security levels, respectively.

show abstract

“…For schemes like RSA [34], ElGamal [11] or DSA [36], the most common size of the modulus for parameters in use is large; 1024 bits long [20,28]. The typical modulus size will increase to 2048 and 3072 bits over the coming years, in order to comply with the current 112-and 128-bit security standard (cf.…”

Section: Introductionmentioning

confidence: 99%

Montgomery Multiplication Using Vector Instructions

Bos

Montgomery

Shumow

et al. 2014

Selected Areas in Cryptography -- SAC 2013

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper we present a parallel approach to compute interleaved Montgomery multiplication. This approach is particularly suitable to be computed on 2-way single instruction, multiple data platforms as can be found on most modern computer architectures in the form of vector instruction set extensions. We have implemented this approach for tablet devices which run the x86 architecture (Intel Atom Z2760) using SSE2 instructions as well as devices which run on the ARM platform (Qualcomm MSM8960, NVIDIA Tegra 3 and 4) using NEON instructions. When instantiating modular exponentiation with this parallel version of Montgomery multiplication we observed a performance increase of more than a factor of 1.5 compared to the sequential implementation in OpenSSL for the classical arithmetic logic unit on the Atom platform for 2048-bit moduli.

show abstract

Public Keys

Cited by 77 publications

References 18 publications

COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse

COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse

APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography

Montgomery Multiplication Using Vector Instructions

Contact Info

Product

Resources

About