Presentation is loading. Please wait.

Presentation is loading. Please wait.

14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.

Published byLaurel Cartmill Modified over 9 years ago

Similar presentations

Presentation on theme: "14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu."— Presentation transcript:

1 14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

2 Agenda Introduction Ring-LWE Encryption Lattice Processor Results Conclusion 14. Aug. 20132

3 Motivation Advantages of lattices: – Post-quantum security – Security proofs – Versatility Goal of this work: – Provide a simple and reusable hardware building block Starting point to solve more advanced implementation problems Make source code available – Deal with aspects important in practice Ciphertext expansion Error rate 14. Aug. 20133

4 Agenda Introduction Ring-LWE Encryption Lattice Processor Results Conclusion 14. Aug. 20134

5 Recap: Ideal Lattices 14. Aug. 2013 (*) Other choices are also possible but this one has emerged as standard for security and efficiency. 5

6 LWE-Encryption 14. Aug. 2013 x x + ++ x+ [LP11] Richard Lindner, Chris Peikert: Better Key Sizes (and Attacks) for LWE-Based Encryption. CT-RSA 2011 6

7 LWE-Encryption 14. Aug. 20137

8 Agenda Introduction Ring-LWE Encryption Lattice Processor Results Conclusion 14. Aug. 20138

9 Reconfigurable Hardware (FPGA) Field Programmable Gate Array (FPGA) – A chip containing programmable logic blocks – Logic blocks are connected by a configurable interconnect – Limited number of dedicated „hard-cores“ like block memory or embedded multipliers (DSPs) are available Hardware is inherently parallel – Time vs. area 14. Aug. 20139

10 The Challenge Ring-LWE encryption and also other schemes (e.g., signature schemes) basically just require polynomial arithmetic – So far results are only available for polynomial multiplication – Temporary values have to be stored – Operations for addition and subtraction are necessary – An easy interface is required Solution: Build a lattice processor/micro-code engine 14. Aug. 201310

11 Lattice Processor 14. Aug. 201311

12 Lattice Processor 14. Aug. 201312

13 Optimizing Encryption 14. Aug. 201313

14 Agenda Introduction Ring-LWE Encryption Lattice Processor Results Conclusion 14. Aug. 201314

15 Results Implemented encryption scheme on Spartan-6 and Virtex-6 for medium security (n=256,q=7681) and high security (n=512, q=12289) Core supports encryption, decryption and key generation Gaussian sampler is bounded with relatively low precision 14. Aug. 201315

16 14. Aug. 2013 Performance and Resources Post-place-and-route performance on a Virtex-6 LX75T FPGA. 16

17 Comparison with Previous Work Compared to previous implementation by Göttert et al. from CHES 2012 – Three times slower – Up to 60 times lower area While speed is important the design has to fit onto a reasonably sized FPGAs – Hardware allows parallel placement to make up for lower speed Higher flexibility with one general purpose core (Gen/Enc/Dec) 14. Aug. 2013 [Göttert et al.] Norman Göttert, Thomas Feller, Michael Schneider, Johannes Buchmann, Sorin A. Huss: On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes. CHES 2012 17

18 14. Aug. 2013 Comparison with Other Schemes 18

19 Agenda Introduction Ring-LWE Encryption Lattice Processor Results Conclusion 14. Aug. 201319

20 Future Work and Conclusion 14. Aug. 2013 Conclusion Flexible building block for a large number of applications in ideal lattice-based cryptography Source code (VHDL) of the encryption scheme/lattice processor available for evaluation at http://www.sha.rub.de/research/projects/lattice/ http://www.sha.rub.de/research/projects/lattice/ Future Work Side-channel evaluation Bimodal Lattice Signature Scheme (BLISS), Crypto 2013 Performance and resource optimization Implementation and acceleration of high-level constructions like homomorphic encryption or IBE 20

21 14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany Thank You for Your Attention! Any Questions?

Download ppt "14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu."

Similar presentations

FPGA and ASIC Technology Comparison - 1 © 2009 Xilinx, Inc. All Rights Reserved FPGA and ASIC Technology Comparison, Part 2.

FPGA and ASIC Technology Comparison - 1 © 2009 Xilinx, Inc. All Rights Reserved FPGA and ASIC Technology Comparison, Part 2.
FPGA (Field Programmable Gate Array)

FPGA (Field Programmable Gate Array)
Hao wang and Jyh-Charn (Steve) Liu

Hao wang and Jyh-Charn (Steve) Liu
Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.

Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.

A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.
Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.

Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.
Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.

Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.
Digital Signal Processing and Field Programmable Gate Arrays By: Peter Holko.

Digital Signal Processing and Field Programmable Gate Arrays By: Peter Holko.
EECE579: Digital Design Flows

EECE579: Digital Design Flows
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Lecture 26: Reconfigurable Computing May 11, 2004 ECE 669 Parallel Computer Architecture Reconfigurable Computing.

Lecture 26: Reconfigurable Computing May 11, 2004 ECE 669 Parallel Computer Architecture Reconfigurable Computing.
FPGA chips and DSP Algorithms By Emily Fabes. 2 Agenda FPGA Background Reasons to use FPGA’s Advantages and disadvantages of using FPGA’s Sample VHDL.

FPGA chips and DSP Algorithms By Emily Fabes. 2 Agenda FPGA Background Reasons to use FPGA’s Advantages and disadvantages of using FPGA’s Sample VHDL.
Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.

Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.
Configurable System-on-Chip: Xilinx EDK

Configurable System-on-Chip: Xilinx EDK
Technion – Israel Institute of Technology Department of Electrical Engineering High Speed Digital Systems Lab Project performed by: Naor Huri Idan Shmuel.

Technion – Israel Institute of Technology Department of Electrical Engineering High Speed Digital Systems Lab Project performed by: Naor Huri Idan Shmuel.

Similar presentations

Ads by Google