Dissertations / Theses on the topic 'Curve-key'

Digital signatures, which take the properties of classical signatures, are used to secure the actual content of documents, which can be modified during transmission over an insecure channel. The problems of security and protection of communicating participants are solved by cryptographic techniques. Identity verification, message integrity, credibility, the ownership of documents, and the secure transmission of information over an unsecured channel, are all dealt with in secure communications - Public Key Infrastructure, which uses digital signatures. Nowadays digital signatures are often used to secure data in communication over an unsecured channel. The aim of the following master’s thesis is to familiarize readers with the necessary technological aspects of digital signatures, as well as their advantages and disadvantages. By the time digital signatures are being used they will have to be improved and modified to be secure against more sophisticated attacks. In this paper, proposals of new efficient digital signature schemes and their comparison with current ones are described. Also are examined their implications for computationally weak devices, or deployment in low speed channel transmission systems. After an explanation of cryptography and a description of its basic subjects, digital signatures are introduced. The first chapter describes the possible formatting and architecture of the digital signature. The second part of this master’s thesis is about current digital signature schemes and their properties. Chapter 3 describes some proposals of new efficient digital signature schemes and their comparison to those currently in use. In the practical part, the implementations (in the environment .NET in C#) of two effective digital signature schemes as part of a client-server application are presented and described (Chapter 4). In the last chapter the comparison and analysis of the implemented signature schemes are provided.

The Internet of Things (IoT) is increasingly becoming an integral component of many applications in consumer, industrial and other areas. Notions such as smart industry, smart transport, and smart world are, in large part, enabled by IoT. At its core, the IoT is underpinned by a group of devices, such as sensors and actuators, working collaboratively to provide a required service. One of the important requirements most IoT applications are expected to satisfy is ensuring the security and privacy of users. Security is an umbrella term that encompasses notions such as confidentiality, integrity and privacy, that are typically achieved using cryptographic encryption techniques. A special form of communication common in many IoT applications is group communication, where there are two or more recipients of a given message. In or-der to encrypt a message broadcast to a group, it is required that the participating parties agree on a group key a priori. Establishing and managing a group key in IoT environments, where devices are resources-constrained and groups are dynamic, is a non-trivial problem. The problem presents unique challenges with regard to con-structing protocols from lightweight and secure primitives commensurate with the resource-constrained nature of devices and maintaining security as devices dynamically leave or join a group. This thesis presents lightweight group key management protocols proposed to address the aforementioned problem, in a widely adopted model of a generic IoT network consisting of a gateway with reasonable computational power and a set of resource-constrained nodes. The aim of the group key management protocols is to enable the gateway and the set of resource-constrained devices to establish and manage a group key, which is then used to encrypt group messages. The main problems the protocols attempt to solve are establishing a group key among participating IoT devices in a secure and computationally feasible manner; enabling additionor removal of a device to the group in a security preserving manner; and enabling generation of a group session key in an efficient manner without re-running the protocol from scratch. The main challenge in designing such protocols is ensuring that the computations that a given IoT device performs as part of participating in the protocol are computationally feasible during initial group establishment, group keyupdate, and adding or removing a node from the group. The work presented in this thesis shows that the challenge can be overcome by designing protocols from lightweight cryptographic primitives. Specifically, protocols that exploit the lightweight nature of crypto-systems based on elliptic curves and the perfect secrecy of the One Time Pad (OTP) are presented. The protocols are designed in such a way that a resource-constrained member node performs a constant number of computationally easy computations during all stages of the group key management process. To demonstrate that the protocols are practically feasible, implementation resultof one of the protocols is also presented, showing that the protocol outperforms similar state-of-the-art protocols with regard to energy consumption, execution time, memory usage and number of messages generated.

Vid tidpunkten för framläggningen av avhandlingen var följande delarbete opublicerat: delarbete 3 (manuskript).

At the time of the defence the following paper was unpublished: paper 3 (manuscript).

SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)

Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.

Made available in DSpace on 2017-05-12T14:47:41Z (GMT). No. of bitstreams: 1 Cristiany Fosquiani.pdf: 1334289 bytes, checksum: 9235d563e3a64368c95f17fc02f96891 (MD5) Previous issue date: 2007-07-13
The goal of this research was to quantify the amount of liquid, the drop of sediments, nutrients and micro-organisms from Portuguesa river hydrografical basin, Piquiri tributary in Ubiratã/PR. The river basin has an area of 40,819 km2, and from this total 6% is inside the urban area and 94% in the rural area. It was analyzed the physical-chemical parameters, microbiologicals the amount of sediments and quantify of flow. Every datas was about the flow, the use and the soil occupied. The evaluated of water quality from the Portuguesa river trough the analysis of parameters physical-chemical and biologics; the dissolved oxygen, electrical conductivity, pH, water temperature, turbidity, color, total kjeldahl nitrogen, nitrate, nitrite, total phosphorus, total coliforms and thermotolerant coliforms and solids in suspension. There were chosen 3 points at Portuguesa river called P1, P2 and P3 to the realization of the cross-section. The collection was done between a couple of weeks, or with the meaning increase of the amount of liquid. The parameters physical-chemical were analyzed in agreement of metodology described by Standard Methods for the Examination of Water and Wastewater (APHA-AWWA-WEF, 1995) and the bacteriologicals parameters were studied trough the subtract method COLILERT (cellophanes). The results show us the water temperature had a fluctuation, could have being associated with the time and the period of the year when sample was done such as the soil accupation. There were relations between electric conduction and dissolved oxygen. The parameter pH was closed to the neutrality in the whole studied points. The electric conduction, color and turbidity had the relation with flow such as increase or decrease of it. The variable dissolved oxygen showed the degrees less than 5mg.L-1 in all points between 08/03/2007 and 03/04/2007, having a relation to the temperature and flow. In relation of variability from nutrients (total phosphorus, nitrite and nitrate) exception to total kjeldahl nitrogen, that doesn t have relation to the flow, the smaller values found were associated with smaller flow. About the total coliforms, the P1 showed the biggest concentration associated to the increase of flow. Thermotolerant coliforms, P2 and P3 showed the biggest concentration, these points are localized next to the urban area. The key-curve of solid flush in suspension and flow, bring up good correlation among the three monitored points, shows up the worth of flow and sediments obtained are about the flush of basic flow by inecessability to the control stages of rain. About the production of sediments trough the analysis of the solids values in suspension and the bigger flows. To help the future use of water from Portuguesa river, was compared the parameters analyzeds to the stabilished limits from resolution CONAMA 357/2005, to put them in the class and use. Some parameters set the Portuguesa river in class 2 and others in class 3.
O presente trabalho teve como objetivo quantificar a vazão líquida, o aporte de sedimentos, de nutrientes e de microorganismos da bacia hidrográfica do rio Portuguesa, tributário do Piquiri, no município de Ubiratã/PR. A bacia possui uma área de 40,819 km2, sendo que deste total, 6% está inserido na área urbana e 94% na área rural. Foram realizadas análises referentes a parâmetros físico-químicos, microbiológicos, carga de sedimentos quantificação de vazão. Todos os dados foram correlacionados com a vazão e com o uso e ocupação do solo. Avaliou-se a qualidade das águas do rio Portuguesa através da análise de parâmetros físico-químicos e biológicos: oxigênio dissolvido, condutividade elétrica, pH, temperatura da água, turbidez, cor, nitrato, nitrito, nitrogênio total kjeldahl, fósforo total, coliformes totais e termotolerantes e sólidos em suspensão. Foram escolhidos para realização da amostragem, 3 pontos localizados no rio Portuguesa, denominados P1, P2 e P3. As coletas foram realizadas com periodicidade de 15 dias, ou com aumento significativo da vazão. Os parâmetros físico-químicos foram analisados de acordo com as metodologias descritas no Standard Methods for the Examination of Water and Wastewater (APHA-AWWA-WEF, 1995) e os parâmetros bacteriológicos foram analisados através do método substrato COLILERT (Cartelas). Os resultados obtidos demonstraram que a temperatura da água apresentou uma oscilação, podendo estar associado com o horário, a época do ano que foi realizada amostragem e o uso e ocupação do solo. Houve ainda uma relação com a condutividade elétrica e oxigênio dissolvido. O parâmetro pH manteve-se próximo a neutralidade em todos os pontos estudados. Condutividade elétrica, cor e turbidez tiveram relação com a vazão, tanto com o aumento quanto com diminuição da mesma. A variável oxigênio dissolvido apresentou valores abaixo de 5 mg. L-1 em todos os pontos nos dias 08/03/2007 e 03/04/2007, havendo uma relação com temperatura e vazão. Em relação as variáveis nutrientes (fósforo total, nitrito e nitrato) com exceção do nitrogênio total kjeldhal, que não teve relação com a vazão, os menores valores encontradas estiveram associados com baixas vazões. Em relação a coliformes totais, o P1 apresentou maiores concentrações associados ao aumento da vazão. Coliformes termotolerantes, P2 e P3 apresentaram maiores concentrações, estes pontos localizam-se próximos a área urbana. A curva-chave de descarga sólida em suspensão e vazão, apresentou boa correlação nos três pontos monitorados, destaca-se que os valores de vazão e sedimentos obtidos referem-se ao fluxo de vazão básica, pela inacessibilidade às secções de controle durante a chuva. Em relação à produção de sedimentos, através das análises de sólidos em suspensão pode-se observar que P1 apresentou os maiores valores de sólidos em suspensão e maiores vazões. Como auxílio no uso futuro das águas do rio Portuguesa, comparou-se os parâmetros analisados aos limites estabelecidos pela Resolução CONAMA 357/2005, a fim de enquadra-lo na classe de uso. Alguns parâmetros enquadraram o rio Portuguesa em classe 2 e outros em classe 3.

Made available in DSpace on 2017-05-12T14:47:46Z (GMT). No. of bitstreams: 1 Caroline Iost.pdf: 1234608 bytes, checksum: d5a0ddd1cd06d5366dc84b88a138a1dc (MD5) Previous issue date: 2008-02-12
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior
The objective of this work was to evaluate the influence of land use in the production of sediment and water quality of the micro basin of river Mandarina micro basin, located in the city of Cascavel-PR. The liquid discharge, the suspended sediment and the physic-chemical parameters dissolved oxygen (DO), electrical conductivity, pH, temperature of the water, turbidity, color, nitrate, nitrite, total nitrogen, total phosphorus was monitoring between the months January and August 2007 at the river's main. It was determined the curve-key of the liquid discharge and discharge of suspended solid, which showed good correlation (R2 equal to 0.98 and 0.93, respectively). The results indicated a low production of sediment, average of 0,27 t dia-1 and good water quality, because the parameters have not gone beyond the limits praised by Resolution 345/05 of CONAMA for rivers, Class 2, with the exception of dissolved oxygen in some collections was below 5 mg L-1, color and total phosphorus which also exceeded the limits stipulated. Agriculture is the predominant activity in the micro basin (88%) and water courses have about 79% of the area of riparian forest required by law. It is believed that the soil management in the area of agriculture with practices such as tillage and system of terraces, as well as the presence of riparian forest in rivers, influenced for the good quality water and low production sediment on the water.
O objetivo deste trabalho foi verificar a influência do uso do solo na produção de sedimento e na qualidade da água da microbacia hidrográfica da sanga Mandarina, localizada no município de Cascavel-PR. A vazão, o sedimento em suspensão e os parâmetros físico-químicos da água, oxigênio dissolvido (OD), condutividade elétrica, pH, temperatura da água, turbidez, cor, nitrato, nitrito, nitrogênio total e fósforo total foram monitorados entre os meses de janeiro e agosto de 2007, no principal rio da microbacia. Determinou-se a curva-chave da vazão e da descarga sólida em suspensão, as quais apresentaram boa correlação (R2 igual a 0,98 e 0,93, respectivamente). Os resultados indicaram uma baixa produção, média de 0,27 t dia-1 de sedimento e uma boa qualidade da água, pois os parâmetros não ultrapassaram os limites regidos pela Resolução 345/05 do CONAMA para rios de Classe 2, com exceção do oxigênio dissolvido que em algumas coletas esteve abaixo de 5 mg L-1, cor e fósforo total que também ultrapassaram os limites estipulados. A agricultura é a atividade predominante na microbacia (88%) e os cursos d água apresentam cerca de 79% da área de mata ciliar exigida por lei. Acredita-se que o manejo do solo na área agricultável com práticas como o plantio direto e sistema de terraços, assim como a presença de mata ciliar nos rios influenciaram para o boa qualidade da água e baixa produção de sedimento no curso d água.

Data security will play a central role in the design of future IT systems. The PC has been a major driver of the digital economy. Recently, there has been a shift towards IT applications realized as embedded systems, because they have proved to be good solutions for many applications, especially those which require data processing in real time. Examples include security for wireless phones, wireless computing, pay-TV, and copy protection schemes for audio/video consumer products and digital cinemas. Most of these embedded applications will be wireless, which makes the communication channel vulnerable. The implementation of cryptographic systems presents several requirements and challenges. For example, the performance of algorithms is often crucial, and guaranteeing security is a formidable challenge. One needs encryption algorithms to run at the transmission rates of the communication links at speeds that are achieved through custom hardware devices. Public-key cryptosystems such as RSA, DSA and DSS have traditionally been used to accomplish secure communication via insecure channels. Elliptic curves are the basis for a relatively new class of public-key schemes. It is predicted that elliptic curve cryptosystems (ECCs) will replace many existing schemes in the near future. The main reason for the attractiveness of ECC is the fact that significantly smaller parameters can be used in ECC than in other competitive system, but with equivalent levels of security. The benefits of having smaller key size include faster computations, and reduction in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments where resources such as power, processing time and memory are limited. The implementation of ECC requires several choices, such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic, the type of the elliptic curve, algorithms for implementing the elliptic curve group operation, and elliptic curve protocols. Many of these selections may have a major impact on overall performance. In this dissertation a finite field from a special class called the Optimal Extension Field (OEF) is chosen as the underlying finite field of implementing ECC. OEFs utilize the fast integer arithmetic available on modern microcontrollers to produce very efficient results without resorting to multiprecision operations or arithmetic using polynomials of large degree. This dissertation discusses the theoretical and implementation issues associated with the development of this finite field in a low end embedded system. It also presents various improvement techniques for OEF arithmetic. The main objectives of this dissertation are to --Implement the functions required to perform the finite field arithmetic operations. -- Implement the functions required to generate an elliptic curve and to embed data on that elliptic curve. -- Implement the functions required to perform the elliptic curve group operation. All of these functions constitute a library that could be used to implement any elliptic curve cryptosystem. In this dissertation this library is implemented in an 8-bit AVR Atmel microcontroller.
Dissertation (MEng (Computer Engineering))--University of Pretoria, 2006.
Electrical, Electronic and Computer Engineering
unrestricted

Cílem této práce je zpracovat úvod do problematiky hypereliptických křivek s důrazem na konečná pole. T práci je dále popsán úvod do teorie divizorů na hypereliptických křivkách, jejich reprezentace, aritmetika nad divizory a jejich využití v kryptografii. Teorie je hojně demonstrována příklady a výpočty v systému Mathematica.

A criptografia de chave pública sem certificado (certificateless) é uma alternativa ao modelo convencional de criptografia assimétrica, pois a autenticação da chave pública ocorre implicitamente durante a execução dos protocolos, sem a necessidade de gerenciamento e distribuição de certificados digitais. Potencialmente reduz custos computacionais e o nível de segurança alcançado é maior quando comparado ao modelo baseado em identidade. Nesta tese de doutorado, modelos formais de segurança para acordo de chave com autenticação sem certificado são aprimorados visando dois objetivos paralelos: (1) aumentar o nível de confiança que usuários podem depositar na autoridade geradora de chaves secretas parciais e (2) viabilizar protocolos que sejam eficientes computacionalmente e com propriedades de segurança relevantes, dentre as quais se inclui resistência a ataques de adversários que têm total controle do canal de comunicação e que podem substituir chaves públicas de usuários por valores arbitrários. Para atestar que as melhorias efetuadas são praticáveis e possibilitam que os objetivos sejam alcançados, novos protocolos são propostos para o caso que envolve dois participantes na comunicação. Os protocolos são provados seguros, usando-se técnica de redução de problemas computacionais.
Certificateless public key cryptography is an alternative model to traditional asymmetric key cryptography, because the public key authentication occurs implicitly during a protocol run, with no need of digital certificates management and distribution. It has the potential to reduce computing costs, and it allows a higher security level than the one in the identity-based model. In this PhD thesis, formal security models for certificateless authenticated key agreement are improved with two independent objectives: (1) to increase the trust level for the partial secret key generating authority on which users rely, and (2) to enable computationally efficient protocols, with significant security properties, such as resistance against attacks from adversaries with full control of the communication channel, and from adversaries who are able to replace users\' public keys by any chosen value. In order to demonstrate that these improvements made are feasible and achieve the objectives, new protocols are proposed in the two-party case. These protocols are proved secure by using reduction techniques for provable security.

Embedded systems are so ubiquitous that they account for almost 90% of all the computing devices. They range from very small scale devices with an 8-bit microcontroller and few kilobytes of RAM to large-scale devices featuring PC-like performance with full-blown 32-bit or 64-bit processors, special-purpose acceleration hardware and several gigabytes of RAM. Each of these classes of embedded systems have unique set of challenges in terms of hardware utilization, performance and power consumption. As network connectivity becomes a standard feature in these devices, security becomes an important concern. Public Key Cryptography is an indispensable tool to implement various security features necessary on these embedded platforms. In this thesis, we provide optimized PKC solutions on platforms belonging to two extreme classes of the embedded system spectrum. First, we target high-end embedded platforms Qualcomm Snapdragon and Intel Atom. Each of these platforms features a dual-core processor, a GPU and a gigabyte of RAM. We use the SIMD coprocessor built into these processors to accelerate the modular arithmetic which accounts for the majority of execution time in Elliptic Curve Cryptography. We exploit the structure of NIST primes to perform the reduction step as we perform the multiplication. Our implementation runs over two times faster than OpenSSL implementations on the respective platforms. The second platform we targeted is an energy-harvested wireless sensor node which has a 16-bit MSP430 microcontroller and a low power RF interface. The system derives its power from a solar panel and is constrained in terms of available energy and computational power. We analyze the computation and communication energy requirements for different signature schemes, each with a different trade-off between computation and communication. We investigate the Elliptic Curve Digital Signature Algorithm (ECDSA), the Lamport-Diffie one-time hash-based signature scheme (LD-OTS) and the Winternitz one-time hash-based signature scheme (W-OTS). We demonstrate that there’s a trade-off between energy needs, security level and algorithm selection. However, when we consider the energy needs for the overall system, we show that all schemes are within one order of magnitude from each another.
Master of Science

Protocolos de autenticação e de estabelecimento de chaves são peças fundamentais em implementações de segurança para comunicação de dispositivos eletrônicos. Em aplicações que envolvam dispositivos com poder computacional restrito (tais como smartphones ou tablets) comunicando-se com um servidor, é primordial a escolha de protocolos eficientes e que necessitem de uma infraestrutura mais simples. Neste trabalho selecionamos e implementamos protocolos de acordo de chave seguros nos modelos de criptografia de chave pública baseado em identidade (ID-based) e sem certificado (Certificateless) em plataformas com processadores ARM. Comparamos tempos de execução, utilização de memória e uso do canal de comunicação.
Protocols for authentication and key establishment are fundamental parts in security implementations for electronic devices communication. In applications involving devices with limited computational power (such as smartphones and tablets) communicating with a server, the choice of efficient protocols that require a simpler infrastructure is essential. In this work we select and implement secure key agreement protocols in ID-based and Certificateless public key cryptography models on ARM processor platforms. We also compare running times, memory and network usage.

This thesis focuses on issues related to authentication in low-cost radio frequency identification technology, more commonly referred to as RFID. This technology it is often referred to as the next technological revolution after the Internet. However, due to the very limited resources in terms of computation, memory and energy on RFID tags, conventional security algorithms cannot be implemented on low-cost RFID tags making security and privacy an important research subject today. First of all, we investigate the scalability in low-cost RFID systems by developing a ns-3 module to simulate the universal low-cost RFID standard EPC Class-1 Generation-2 in order to establish a strict framework for secure identification in low-cost RFID systems. We show that, the symmetrical key cryptography is excluded from being used in any scalable low-cost RFID standard. Then, we propose a scalable authentification protocol based on our adaptation of the famous public key cryptosystem NTRU. This protocol is specially designed for low-cost RFID systems, it can be efficiently implemented into low-cost tags. Finally, we consider the zero-knowledge identification i.e. when the no secret sharing between the tag and the reader is needed. Such identification approaches are very helpful in many RFID applications when the tag changes constantly the field of administration. We propose two lightweight zero-knowledge identification approaches based on GPS and randomized GPS schemes. The proposed approaches consist in storing in the back-end precomputed values in the form of coupons. So, the GPS-based variant can be private and the number of coupons can be much higher than in other approaches thus leading to higher resistance to denial of service attacks for cheaper tags

Telemetry system, Optimisation, Sensoric networks, Smart Grid, Internet of Things, Sensors, Information security, Cryptography, Cryptography algorithms, Cryptosystem, Confidentiality, Integrity, Authentication, Data freshness, Non-Repudiation.

碩士
國立中央大學
資訊工程學系
106
Private key plays an important character in public key cryptosystem, if private key was exposed, the confidentiality of previous messages would not be guaranteed. With the progress of technology, almost everyone has his/her own mobile device such as cell phone. Signature or decryption are often performed on a mobile device operation in an environment where the private key is likely to be exposed by stealing the mobile device. It is easier to obtain the private key by stealing mobile device than to break the computational assumption on which the security the system is based. In order to reduce the damage of key exposure, Dodis proposed a new paradigm called key-insulation. In the key-insulation cryptosystem, the private key's life time is divided into discrete time periods, and the private key will be updated by interacting with the "auxiliary device" which is placed in safety. It would only cause damage in time period $i$ if the private key exposed in time period $i$, it would not influence any other time periods. The computational cost and communication overhead in key-insulation signature schemes are higher than traditional signature scheme because of updating private key periodically. Signcryption proposed by Zheng can simultaneously achieve both the function of signature and encryption in a logical step, and with more efficient in computational cost and communication overhead than traditional signature-then-encryption. In this thesis, we modified the exsisting key-insulation signature scheme and proposed a new key-insulation signcryption scheme based on elliptic curve with a cost significantly lower than that required by traditional "key-insulation signature-then-encryption" and remains all the properties in key-insulation cryptosystem.

碩士
南台科技大學
資訊管理系
98
The purpose of this study is to develop two multiple group key distribution protocols based on elliptic curve cryptography. They will allow all members in a group to share multiple group keys after executing the proposed protocol. Comparing with the existed schemes, our protocols are more efficient and more suitable for many applications. Besides, the security of the proposed protocols is the same with breaking elliptic curve cryptosystem. When the members join or leave, our protocols can renew group keys efficiently. And we prove that our protocols can protect the secret values of the members, and they can prevent the eavesdropping attack and the known key security.

It is essential to secure the implementation of cryptosystems in embedded devices agains side-channel attacks. Namely, in order to resist differential (DPA) attacks, randomization techniques should be employed to decorrelate the data processed by the device from secret key parts resulting in the value of this data. Among the countermeasures that appeared in the literature were those that resulted in a random representation of the key known as the binary signed digit representation (BSD). We have discovered some interesting properties related to the number of possible BSD representations for an integer and we have proposed a different randomization algorithm. We have also carried our study to the $\tau$-adic representation of integers which is employed in elliptic curve cryptosystems (ECCs) using Koblitz curves. We have then dealt with another randomization countermeasure which is based on randomly splitting the key. We have investigated the secure employment of this countermeasure in the context of ECCs.

碩士
東海大學
資訊工程與科學系
91
In this thesis, we proposed two authenticated key agreement protocols on Elliptic Curve Cryptography. The basic Diffie-Hellman protocol doesn’t authenticate the communicating entities and is vulnerable to the man-in-the-middle attack. To provide authenticity to key agreement protocols, we respectively use shared-password in our first protocol and certificates to our second protocol. Besides, we applied the elliptic curve cryptography for the generation of keys to improve the efficiency. In the first protocol, the authenticated message is generated with the shared-password and the receiver can verify it with his shared-password to ascertain the sender’s identify. The second protocol is one round tripartite authenticated key agreement protocol on the public key infrastructure. Each entity in the second protocol must send a message including his own signature to demonstrate that he is the owner of the certificate. To avoid an adversary intercepting the signature and resending it to others, signature of the sender includes his ephemeral public key and a short-lived timestamp. Besides, we provide the security analysis about our protocols.

Indiana University-Purdue University Indianapolis (IUPUI)
Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.

by Yuen Ching Wah.
Thesis (M.Phil.)--Chinese University of Hong Kong, 1998.
Includes bibliographical references (leaves 61-[63]).
Abstract also in Chinese.
Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Why use cryptography? --- p.1
Chapter 1.2 --- Why is authentication important ？ --- p.2
Chapter 1.3 --- What is the relationship between authentication and digital sig- nature? --- p.3
Chapter 1.4 --- Why is random number important? --- p.3
Chapter 2 --- Background --- p.5
Chapter 2.1 --- Cryptography --- p.5
Chapter 2.1.1 --- Symmetric key cryptography --- p.5
Chapter 2.1.2 --- Asymmetric key cryptography --- p.7
Chapter 2.1.3 --- Authentication --- p.8
Chapter 2.2 --- Elliptic curve cryptography --- p.9
Chapter 2.2.1 --- Mathematical background for Elliptic curve cryptography --- p.10
Chapter 2.3 --- Pseudorandom number generator --- p.12
Chapter 2.3.1 --- Linear Congruential Generator --- p.13
Chapter 2.3.2 --- Inversive Congruential Generator --- p.13
Chapter 2.3.3 --- PN-sequence generator --- p.14
Chapter 2.4 --- Digital Signature Scheme --- p.14
Chapter 2.5 --- Babai's lattice vector algorithm --- p.16
Chapter 2.5.1 --- First Algorithm: Rounding Off --- p.17
Chapter 2.5.2 --- Second Algorithm: Nearest Plane --- p.17
Chapter 3 --- Several Digital Signature Schemes --- p.18
Chapter 3.1 --- DSA --- p.19
Chapter 3.2 --- Nyberg-Rueppel Digital Signature --- p.21
Chapter 3.3 --- EC.DSA --- p.23
Chapter 3.4 --- EC-Nyberg-Rueppel Digital Signature Scheme --- p.26
Chapter 4 --- Miscellaneous Digital Signature Schemes and their PRNG --- p.29
Chapter 4.1 --- DSA with LCG --- p.30
Chapter 4.2 --- DSA with PN-sequence --- p.33
Chapter 4.2.1 --- Solution --- p.35
Chapter 4.3 --- DSA with ICG --- p.39
Chapter 4.3.1 --- Solution --- p.40
Chapter 4.4 --- EC_DSA with PN-sequence --- p.43
Chapter 4.4.1 --- Solution --- p.44
Chapter 4.5 --- EC一DSA with LCG --- p.45
Chapter 4.5.1 --- Solution --- p.46
Chapter 4.6 --- EC-DSA with ICG --- p.46
Chapter 4.6.1 --- Solution --- p.47
Chapter 4.7 --- Nyberg-Rueppel Digital Signature with PN-sequence --- p.48
Chapter 4.7.1 --- Solution --- p.49
Chapter 4.8 --- Nyberg-Rueppel Digital Signature with LCG --- p.50
Chapter 4.8.1 --- Solution --- p.50
Chapter 4.9 --- Nyberg-Rueppel Digital Signature with ICG --- p.51
Chapter 4.9.1 --- Solution --- p.52
Chapter 4.10 --- EC- Nyberg-Rueppel Digital Signature with LCG --- p.53
Chapter 4.10.1 --- Solution --- p.54
Chapter 4.11 --- EC- Nyberg-Rueppel Digital Signature with PN-sequence --- p.55
Chapter 4.11.1 --- Solution --- p.56
Chapter 4.12 --- EC-Nyberg-Rueppel Digital Signature with ICG --- p.56
Chapter 4.12.1 --- Solution --- p.57
Chapter 5 --- Conclusion --- p.59
Bibliography --- p.61

碩士
南台科技大學
資訊管理系
96
This paper proposed two scheme of digital signature and key management for ad hoc networks.One is threshold signature Scheme based on the elliptic curve cryptosystem(ECCTDS),the other is threshold key management Scheme based on the elliptic curve cryptosystem(ECCTKM). In ECCTDS,for reduce computing cost,we selecting the certain amount of server node within the network that distribute the certificate center (CA) to the server group,and make use of lagrange interpolation polynomial with elliptic curve signature algorithm to produce and combine a partial signature.In the combine process of signature, the participant doesn't need to disclosure a private key and node after to receive a sub secret namely don't need certificate center.In ECCTKM,we detailed description the process about key generate,new member join,node sub security key refresh and system private key refresh,otherwise,we also solve security channel problem.

碩士
國立成功大學
數學系應用數學碩博士班
107
With the popular usage of Bitcoin, safety in making payments or transactions becomes a topic of concern. In brief, the security chiefly relies on the easiness of finding the secret key/ private key in Bitcoin. To a large extent, this depends on how easy it is to resolve an Elliptic Curve Discrete Logarithm Problem (ECDLP). With that in mind, the main focus of this paper is to review any mathematical approaches and their variants that can theoretically tackle an ECDLP in Bitcoin. The objective is to discuss the security of Bitcoin by studying methods of uncovering the private key. On the other hand, the existence of non-mathematical approaches provides an alternative to figure out the private key faster. Notably, they work only in the presence of implementation vulnerabilities. Even so, in consideration of the influence that non-mathematical approaches may bring about, this paper also includes an outline of some of the frequently mentioned ones. Last but not least, results indicated that using Bitcoin for payments or transactions appears to be secure at this stage, but the development of quantum computers may alter the situation in the future. By taking this into account, this paper ends up with a comment on the impact of quantum computers on Bitcoin.

Secure communication is critical to many applications. To this end, various security goals can be achieved using elliptic/hyperelliptic curve and pairing based cryptography. Polynomial multiplication is used in the underlying operations of these protocols. Therefore, as part of this thesis different recursive algorithms are studied; these algorithms include Karatsuba, Toom, and Bernstein. In this thesis, we investigate algorithms and implementation techniques to improve the performance of the cryptographic protocols. Common factors present in explicit formulae in elliptic curves operations are utilized such that two multiplications are replaced by a single multiplication in a higher field. Moreover, we utilize the idea based on common factor used in elliptic curves and generate new explicit formulae for hyperelliptic curves and pairing. In the case of hyperelliptic curves, the common factor method is applied to the fastest known even characteristic hyperelliptic curve operations, i.e. divisor addition and divisor doubling. Similarly, in pairing we observe the presence of common factors inside the Miller loop of Eta pairing and the theoretical results show significant improvement when applying the idea based on common factor method. This has a great advantage for applications that require higher speed.

Cryptography algorithms like the Advanced Encryption Standard, Elliptic Curve Cryptography algorithms etc are designed using algebraic properties of finite fields. Thus performance of these algorithms depend on performance of the underneath field operations. Moreover, different algorithms use finite fields of widely varying order. In order to cater to these finite fields of different orders in an area efficient manner, it is necessary to design solutions in the form of hardware-consolidations, keeping the performance requirements in mind. Due to their small area occupancy and high utilization, such circuits are less likely to stay idle and therefore are less prone to loss of energy due to leakage power dissipation. There is another class of applications that rely on finite field algebra namely the various error detection and correction techniques. Most of the classical block codes used for detection of bit-error in communications over noisy communication channels apply the algebraic properties of finite fields. Cyclic redundancy check is one such algorithm used for detection of error in data in computer network. Reed-Solomon code is most notable among classical block codes because of its widespread use in storage devices like CD, DVD, HDD etc. In this work we present the architecture of a polymorphic multiplier for operations over various extensions of GF(2). We evolved the architecture of a textbook shift-and-add multiplier to arrive at the architecture of the polymorphic multiplier through a generalized mathematical formulation. The polymorphic multiplier is capable of morphing itself in runtime to create data-paths for multiplications of various orders. In order to optimally exploit the resources, we also introduced the capability of sub-word parallel execution in the polymorphic multiplier. The synthesis results of an instance of such a polymorphic multipliershowsabout41% savings in area with 21% degradation in maximum operating frequency compared to a collection of dedicated multipliers with equivalent functionality. We introduced the multiplier as an accelerator unit for field operations in the coarse grained runtime reconfigurable platform called REDEFINE. We observed about 40-50% improvement in performance of the AES algorithm and about 52×improvement in performance of Karatsuba-Ofman multiplication algorithm.

As the information-processing and telecommunications revolutions now underway will continue to change our life styles in the rest of the 21st century, our personal and economic lives rely more and more on our ability to transact over the electronic medium in a secure way. The privacy, authenticity, and integrity of the information transmitted or stored on networked computers must be maintained at every point of the transaction. Fortunately, cryptography provides algotrithms and techniques for keeping information secret, for determining that the contents of a transaction have not been tampered with, for determining who has really authorized the transaction, and for binding the involved parties with the contents of the transaction. Since we need security on every piece of digital equipment that helps conduct transactions over the internet in the near future, space and time performances of cryptographic algorithms will always remain to be among the most critical aspects of implementing cryptographic functions. A major class of cryptographic algorithms comprises public-key schemes which enable to realize the message integrity and authenticity check, key distribution, digital signature functions etc. An important category of public-key algorithms is that of elliptic curve cryptosystems (ECC). One of the major advantages of elliptic curve cryptosystems is that they utilize much shorter key lengths in comparison to other well known algorithms such as RSA cryptosystems. However, as do the other public-key cryptosystems ECC also requires computationally intensive operations. Although the speed remains to be always the primary concern, other design constraints such as memory might be of significant importance for certain constrained platforms. In this thesis, we are interested in developing space- and time-efficient hardware and software implementations of the elliptic curve cryptosystems. The main focus of this work is to improve and devise algorithms and hardware architectures for arithmetic operations of finite fields used in elliptic curve cryptosystems.
Graduation date: 2001

Leung Ka Ho.
Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.
Includes bibliographical references (leaves [85]-90).
Abstracts in English and Chinese.
Abstract --- p.i
Acknowledgments --- p.iii
List of Figures --- p.ix
List of Tables --- p.xi
Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Motivation --- p.1
Chapter 1.2 --- Aims --- p.3
Chapter 1.3 --- Contributions --- p.3
Chapter 1.4 --- Thesis Outline --- p.4
Chapter 2 --- Cryptography --- p.6
Chapter 2.1 --- Introduction --- p.6
Chapter 2.2 --- Foundations --- p.6
Chapter 2.3 --- Secret Key Cryptosystems --- p.8
Chapter 2.4 --- Public Key Cryptosystems --- p.9
Chapter 2.4.1 --- One-way Function --- p.10
Chapter 2.4.2 --- Certification Authority --- p.10
Chapter 2.4.3 --- Discrete Logarithm Problem --- p.11
Chapter 2.4.4 --- RSA vs. ECC --- p.12
Chapter 2.4.5 --- Key Exchange Protocol --- p.13
Chapter 2.4.6 --- Digital Signature --- p.14
Chapter 2.5 --- Secret Key vs. Public Key Cryptography --- p.16
Chapter 2.6 --- Summary --- p.18
Chapter 3 --- Mathematical Background --- p.19
Chapter 3.1 --- Introduction --- p.19
Chapter 3.2 --- Groups and Fields --- p.19
Chapter 3.3 --- Finite Fields --- p.21
Chapter 3.4 --- Modular Arithmetic --- p.21
Chapter 3.5 --- Polynomial Basis --- p.21
Chapter 3.6 --- Optimal Normal Basis --- p.22
Chapter 3.6.1 --- Addition --- p.23
Chapter 3.6.2 --- Squaring --- p.24
Chapter 3.6.3 --- Multiplication --- p.24
Chapter 3.6.4 --- Inversion --- p.30
Chapter 3.7 --- Summary --- p.33
Chapter 4 --- Literature Review --- p.34
Chapter 4.1 --- Introduction --- p.34
Chapter 4.2 --- Hardware Elliptic Curve Implementation --- p.34
Chapter 4.2.1 --- Field Processors --- p.34
Chapter 4.2.2 --- Curve Processors --- p.36
Chapter 4.3 --- Software Elliptic Curve Implementation --- p.36
Chapter 4.4 --- Summary --- p.38
Chapter 5 --- Introduction to Elliptic Curves --- p.39
Chapter 5.1 --- Introduction --- p.39
Chapter 5.2 --- Historical Background --- p.39
Chapter 5.3 --- Elliptic Curves over R2 --- p.40
Chapter 5.3.1 --- Curve Addition and Doubling --- p.41
Chapter 5.4 --- Elliptic Curves over Finite Fields --- p.44
Chapter 5.4.1 --- Elliptic Curves over Fp with p>〉3 --- p.44
Chapter 5.4.2 --- Elliptic Curves over F2n --- p.45
Chapter 5.4.3 --- Operations of Elliptic Curves over F2n --- p.46
Chapter 5.4.4 --- Curve Multiplication --- p.49
Chapter 5.5 --- Elliptic Curve Discrete Logarithm Problem --- p.51
Chapter 5.6 --- Public Key Cryptography --- p.52
Chapter 5.7 --- Elliptic Curve Diffie-Hellman Key Exchange --- p.54
Chapter 5.8 --- Summary --- p.55
Chapter 6 --- Design Methodology --- p.56
Chapter 6.1 --- Introduction --- p.56
Chapter 6.2 --- CAD Tools --- p.56
Chapter 6.3 --- Hardware Platform --- p.59
Chapter 6.3.1 --- FPGA --- p.59
Chapter 6.3.2 --- Reconfigurable Hardware Computing --- p.62
Chapter 6.4 --- Elliptic Curve Processor Architecture --- p.63
Chapter 6.4.1 --- Arithmetic Logic Unit (ALU) --- p.64
Chapter 6.4.2 --- Register File --- p.68
Chapter 6.4.3 --- Microcode --- p.69
Chapter 6.5 --- Parameterized Module Generator --- p.72
Chapter 6.6 --- Microcode Toolkit --- p.73
Chapter 6.7 --- Initialization by Bitstream Reconfiguration --- p.74
Chapter 6.8 --- Summary --- p.75
Chapter 7 --- Results --- p.76
Chapter 7.1 --- Introduction --- p.76
Chapter 7.2 --- Elliptic Curve Processor with Serial Multiplier (p = 1) --- p.76
Chapter 7.3 --- Projective verses Affine Coordinates --- p.78
Chapter 7.4 --- Elliptic Curve Processor with Parallel Multiplier (p > 1) --- p.79
Chapter 7.5 --- Summary --- p.80
Chapter 8 --- Conclusion --- p.82
Chapter 8.1 --- Recommendations for Future Research --- p.83
Bibliography --- p.85
Chapter A --- Elliptic Curves in Characteristics 2 and3 --- p.91
Chapter A.1 --- Introduction --- p.91
Chapter A.2 --- Derivations --- p.91
Chapter A.3 --- "Elliptic Curves over Finite Fields of Characteristic ≠ 2,3" --- p.92
Chapter A.4 --- Elliptic Curves over Finite Fields of Characteristic = 2 --- p.94
Chapter B --- Examples of Curve Multiplication --- p.95
Chapter B.1 --- Introduction --- p.95
Chapter B.2 --- Numerical Results --- p.96