Rasta: A Cipher with Low ANDdepth and Few ANDs per Bit

Dobraunig, Christoph; Eichlseder, Maria; Grassi, Lorenzo; Lallemand, Virginie; Leander, Gregor; List, Eik; Mendel, Florian; Rechberger, Christian

doi:10.1007/978-3-319-96884-1_22

Cited by 60 publications

(35 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper we design our domain specific processor architecture to support applications with small multiplicative depth, say up to 4. This multiplicative depth is enough to support several statistical applications such as privacy-friendly forecasting for the smart grid [4], evaluation of low-complexity block cipher such as Rasta [25] on ciphertext, private information retrieval or encrypted search in a table of 2 16 entries, encrypted sorting etc. To achieve a multiplicative depth of four and at least 80-bit security [26], we set the size of modulus q to 180-bit, the length of polynomials to 4096 coefficients, the standard deviation of the error distribution to 102 and the width of the larger modulus Q to at least 372-bit.…”

Section: Parameter Setmentioning

confidence: 99%

FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data

Roy

Turan

Järvinen

et al. 2019

2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)

View full text Add to dashboard Cite

Homomorphic encryption is a tool that enables computation on encrypted data and thus has applications in privacy-preserving cloud computing. Though conceptually amazing, implementation of homomorphic encryption is very challenging and typically software implementations on general purpose computers are extremely slow. In this paper we present our domain specific architecture in a heterogeneous Arm+FPGA platform to accelerate homomorphic computing on encrypted data. We design a custom co-processor for the computationally expensive operations of the well-known Fan-Vercauteren (FV) homomorphic encryption scheme on the FPGA, and make the Arm processor a server for executing different homomorphic applications in the cloud, using this FPGA-based co-processor. We use the most recent arithmetic and algorithmic optimization techniques and perform design-space exploration on different levels of the implementation hierarchy. In particular we apply circuit-level and block-level pipeline strategies to boost the clock frequency and increase the throughput respectively. To reduce computation latency, we use parallel processing at all levels. Starting from the highly optimized building blocks, we gradually build our multicore multi-processor architecture for computing. We implemented and tested our optimized domain specific programmable architecture on Xilinx Zynq UltraScale+ MPSoC ZCU102 Evaluation Kit. At 200 MHz FPGAclock, our implementation achieves over 13x speedup with respect to a highly optimized software implementation of the FV homomorphic encryption scheme on an Intel i5 processor running at 1.8 GHz.

show abstract

Section: Parameter Setmentioning

confidence: 99%

FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data

Roy

Turan

Järvinen

et al. 2019

2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)

View full text Add to dashboard Cite

show abstract

“…A new stream cipher FLIP [47] is based on a novel design strategy that its permutation layer is randomly generated for every encryption without increasing the algebraic degree of the secret key. Rasta [23] is a stream cipher aiming at higher throughput at the cost of lower latency using random affine layers defined by an extendable output function (XOF).…”

Section: B Related Workmentioning

confidence: 99%

“…In [23], a variant of the linear attack has been considered to be applied to Rasta; an adversary constructs an over-defined system of linear approximations that are valid with a certain probability, and recovers the secret key by using the LPNproblem solver. Considering this attack, the block size and the algebraic depth of Rasta have been newly estimated for each security level.…”

Section: ) Linear Attacksmentioning

confidence: 99%

“…Comparison between Masta and Rasta on the client-side is summarized in Table 4. The source code of Rasta is brought from the github repository [50] which is officially written in the paper [23].…”

Section: A Benchmarksmentioning

confidence: 99%

“…Rasta and Its Drawbacks. The Rasta stream cipher [23] is one of the latest HE-friendly ciphers, which offers the fewest AND/bits and the lowest ANDdepth among the existing ciphers. It features an ASASA-like stream cipher, where affine layers are freshly generated for every encryption.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Masta: An HE-Friendly Cipher Using Modular Arithmetic

Kim

Choi

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The Rasta cipher, proposed by Dobraunig et al. (CRYPTO 2018), is an HE-friendly cipher enjoying the fewest ANDs per bit and the lowest ANDdepth among the existing ciphers. A novel feature of Rasta is that its affine layers are freshly and randomly generated for every encryption. In this paper, we propose a new variant of Rasta, dubbed Masta. Similarly to Rasta, Masta takes as input a (master) secret key and a nonce, and generates a keystream block for each counter. On the other hand, Masta has two main differences from Rasta: Masta uses modular arithmetic to support HE schemes over a non-binary plaintext space, and it uses a smaller number of random bits in the affine layers by defining them with finite field multiplication. In this way, Masta outperforms Rasta in a transciphering framework with BGV/FV-style HE schemes. Our implementation shows that Masta is 505 to 592 times faster in terms of the throughput on the client-side, while 4792 to 6986 times faster on the server-side.

show abstract

New Fields in Symmetric Cryptography

PERRIN

2023

Symmetric Cryptography 2

View full text Add to dashboard Cite

Rasta: A Cipher with Low ANDdepth and Few ANDs per Bit

Cited by 60 publications

References 37 publications

FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data

FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data

Masta: An HE-Friendly Cipher Using Modular Arithmetic

New Fields in Symmetric Cryptography

Contact Info

Product

Resources

About