Dissertations / Theses on the topic 'Digital signature algorithms'

One emerging threat to Public Key Infrastructures is the possible development of large-scale quantum computers, which would be able to break the public-key cryptosystems used today. Several possibly post-quantum secure cryptographic algorithms have been proposed but so far they have not been used in many practical settings. The purpose of this thesis was to find post-quantum digital signature algorithms that might be suitable for use in Public Key Infrastructures today. To answer the research question, an extensive literature study was conducted where relevant algorithms were surveyed. Algorithms with high-grade implementations in different cryptographic libraries were benchmarked for performance. Hash-based XMSS and SPHINCS, multivariate-based Rainbow and lattice-based BLISS-B were benchmarked and the results showed that BLISS-B offered the best performance, on par with RSA and ECDSA. All the algorithms did however have relatively large signature sizes and/or key sizes. Support for post-quantum digital signature algorithms in Public Key Infrastructure products could easily be achieved since many algorithms are implemented in cryptographic libraries. The algorithms that could be recommended for use today were SPHINCS for high-security applications and possibly BLISS-B for lower security applications requiring higher efficiency. The biggest obstacles to widespread deployment of post-quantum algorithms was deemed to be lack of standardisation and either inefficient operations compared to classical algorithms, uncertain security levels, or both.
Ett nytt hot mot Public Key Infrastructures är den möjliga utvecklingen av storskaliga kvantdatorer som kan knäcka de asymmetriska kryptosystem som används idag. Ett flertal eventuellt kvantsäkra algoritmer har presenterats men de har än så länge inte sett mycket praktisk användning. Målet med detta examensarbete var att försöka identifiera eventuellt kvantsäkra signaturalgoritmer som skulle kunna lämpa sig för användning i Public Key Infrastructures idag. För att besvara forskningsfrågan gjordes en utredande litteraturstudie där relevanta signaturalgoritmer identifierades. Därefter prestandatestades de algoritmer som var implementerade i kryptografiska bibliotek. De algoritmer som prestandatestades var de hash-baserade algoritmerna XMSS och SPHINCS, flervariabel-baserade Rainbow och gitter-baserade BLISS-B. Resultaten visade att BLISS-B hade bäst prestanda och att prestandan var i nivå med RSA och ECDSA. Samtliga algoritmer hade emellertid relativt stora signatur- och/eller nyckelstorlekar. Eventuellt kvantsäkra algoritmer skulle redan idag kunna stödjas i Public Key Infrastructures eftersom många algoritmer finns implementerade i kryptografiska bibliotek. SPHINCS kunde rekommenderas när hög säkerhet krävs medan BLISS-B möjligtvis skulle kunna användas när lägre säkerhet kan tolereras i utbyte mot bättre prestanda. Största hindren för utbredd användning ansågs vara en brist på standardisering samt ineffektiva operationer jämfört med klassiska algoritmer och/eller tveksamma säkerhetsnivåer.

The purpose of the investigation is to determine the most effective solution, which allows safe storing and transmitting of financial information in terms of execution speed, resistance to hacking and ease of implementation. Research object is subject area related to the transfer of encrypted financial information like: encryption algorithms, algorithm of hashing functions, algorithm of electronic digital signature. The result of research is the software implementation of the server and client for sending encrypted information. Also client could only encrypt/decrypt information. The main part of research is to find the most suitable algorithm for transfer of encrypted banking information. The solution has been implemented on the Java programming language in programming environment IntelliJ IDEA 8, using Java Cryptography Extension (JCE) for digital signature.

This thesis deals with new teaching software, which supports asymmetric encryption algorithms based on the issue of large numbers´ factorization. A model program was created. It allows to carry out operations related to encryption and decryption with an interactive control. There is a simple way to understand the principle of the RSA encryption method with its help. The encryption of algorithms is generally analysed in chapters 1,2. Chapters 3 and 4 deals with RSA encryption algorithm in much more details, and it also describes the principles of the acquisition, management and usage of encryption keys. Chapters 5 suggest choosing of appropriate technologies for the creation of the final software product, which allow an appropriate way to present the characteristics of the extended RSA encryption algorithm. The final software product is the java applet. Aplet is described in the chaprers 6 and 7. It is divided into a theoretical and practical part. The theoretical part presents general information about the RSA encryption algorithm. The practical part allows the users of the program to have a try at tasks connected with the RSA algorthm in their own computers. The last part of Java applet deals with the users´ work results. The information obtained by the user in the various sections of the program are satisfactory enough to understand the principle of this algorithm´s operations.

The conventional digital signature schemes widely used today may have their security threatened with the possibility of the rising of a large quantum computer. Moreover, such schemes are not entirely suitable for utilization on very constrained-resource platforms. Therefore, there is a need to look at alternatives that present reasonable security in the medium and long term, in addition to attaining acceptable performance when few resources are available. This work provides more efficient multivariate and hash-based post-quantum digital signatures and targets the deployment in scenarios like Internet of Things and Wireless Sensor Networks where the typical devices are very resource-constrained. In the context of multivariable quadratic digital signatures we describe a new technique that attempts to minimize the main drawbacks of these schemes, the large key sizes. The new technique explores certain structures compact matrix rings. Some of the analyzed matrix rings are not secure (one of the attacks runs in polynomial time). Other less compact matrix rings are investigated and they apparently do not suffer a polynomial time attack, but unfortunately are still far from deployment on very constrained platforms. On the other hand, this work describes a method for hash-based signatures providing a 2/3 reduction of the signature sizes in the Merkle-Winternitz multi-time signature scheme. In fact, the signature sizes constitute the main bottleneck of these schemes. The improvement also leads to a 2/3 reduction in the run times (key generation, signing and verifying) and in energy consumption for all these operations on an AVR ATmega128L microcontroller, typically found in Wireless Sensor Networks. This result is much more promising for the deployment in an IoT scenario.
Os esquemas convencionais de assinatura digital mais usados na atualidade têm sua segurança ameaçada com a possibilidade da construção de um computador quântico de grande porte. Ademias, tais esquemas não têm se mostrado completamente adequados para uso em plataformas com recursos computacionais extremamente escassos. Surge então a necessidade da busca por alternativas que satisfaçam as condições de segurança a médio e longo prazo, além de apresentarem desempenho razoável quando poucos recursos computacionais estão disponíveis. Este trabalho obtém assinaturas digitais pós-quânticas multivariadas quadráticas e baseadas em hash mais eficientes e tem o intuito de torna-las práticas em cenários como Internet das Coisas e Redes de Sensores Sem Fio (RSSF), caracterizados por apresentarem dispositivos com recursos computacionais limitados. No contexto de assinaturas multivariadas quadráticas, descreve-se uma nova técnica que tenta minimizar o principal gargalo desses esquemas, o grande tamanho de chaves. A nova técnica explora certos anéis matriciais com estrutura compacta. Mostra-se que alguns dos anéis analisados não são seguros (um dos ataques apresenta tempo polinomial), enquanto outros anéis menos compactos aparentam não sofrer ataque polinomial, mas infelizmente ainda não são adequados para uso em dispositivos muito restritos. Por outro lado, descreve-se um método para obter assinaturas digitais baseadas em hash que fornece redução das assinaturas para 2/3 do tamanho original do esquema multi-time Merkle-Winternitz. De fato, o tamanho das assinaturas constitui o principal gargalo desses esquemas, A melhoria também acarreta uma redução em 2/3 nos tempos de execução (geração de chave, geração de assinaturas e verificação de assinatura) e no consumo de energia para essas operações quando executadas em um microcontrolador AVR tipicamente usado em Redes de Sensores Sem Fio, o AT-mega 128L. Este resultado torna-se promissor para implantação de assinaturas baseadas em hash no cenário de Internet das Coisas.

This master thesis is about Elliptic Curve Digital Signature Algorithm or ECDSA and two of the known attacks on this security system. The purpose of this thesis is to find points that are likely to be points of high order on an elliptic curve. If we have a point P of high order and if Q = mP, then we have a large set of possible values of m. Therefore it is hard to solve the Elliptic Curve Discrete Logarithm Problem or ECDLP. We have investigated on the time of finding the solution of ECDLP for a certain amount of elliptic curves based on the order of the point which is used to create the digital signatures by those elliptic curves. Method: Algebraic Structure of elliptic curves over finite fields and Discrete logarithms. This has been done by two types of attacks namely Baby Step, Giant Step and Pollard’s Rho and all of the programming parts has been done by means of Mathematica. Conclusion: We have come into a conclusion of having the probable good points which are the points of high order on elliptic curves through the mentioned attacks in which solving the ECDLP is harder if these points have been used in generating the digital signature. These probable good points can be estimated by means of a function we have come up with. The input of this function is the order of the point and the output is the time of finding the answer of ECDLP.

This thesis deals with the development and evaluation of blind discrete cosine transform-based watermarking algorithms for copyright protection of digital still images using handwritten signatures and mobile phone numbers. The new algorithms take into account the perceptual capacity of each low frequency coefficients inside the Discrete Cosine Transform (DCT) blocks before embedding the watermark information. They are suitable for grey-scale and colour images. Handwritten signatures are used instead of pseudo random numbers. The watermark is inserted in the green channel of the RGB colour images and the luminance channel of the YCrCb images. Mobile phone numbers are used as watermarks for images captured by mobile phone cameras. The information is embedded multiple-times and a shuffling scheme is applied to ensure that no spatial correlation exists between the original host image and the multiple watermark copies. Multiple embedding will increase the robustness of the watermark against attacks since each watermark will be individually reconstructed and verified before applying an averaging process. The averaging process has managed to reduce the amount of errors of the extracted information. The developed watermarking methods are shown to be robust against JPEG compression, removal attack, additive noise, cropping, scaling, small degrees of rotation, affine, contrast enhancements, low-pass, median filtering and Stirmark attacks. The algorithms have been examined using a library of approximately 40 colour images of size 512 512 with 24 bits per pixel and their grey-scale versions. Several evaluation techniques were used in the experiment with different watermarking strengths and different signature sizes. These include the peak signal to noise ratio, normalized correlation and structural similarity index measurements. The performance of the proposed algorithms has been compared to other algorithms and better invisibility qualities with stronger robustness have been achieved.

In this thesis, the work of Menezes on the isomorphism classes of elliptic curves over finite fields of characteristic two is studied. Basic definitions and some facts of the elliptic curves required in this context are reviewed and group structure of elliptic curves are constructed. A fairly detailed investigation is made for the isomorphism classes of elliptic curves due to Menezes and Schoof. This work plays an important role in Elliptic Curve Digital Signature Algorithm. In this context, those isomorphism classes of elliptic curves recommended by National Institute of Standards and Technology are listed and their properties are discussed.

In recent years, Internet of Things has developed rapidly, and now has penetrated into human life and industrial production. It is speculated that the internet of things will become ubiquitous in the future, which will bring a series of problems. First, the large number of things will lead to operated system and software updates consuming a lot of manpower and resources. Another problem is the Internet of things facing security issues, in recent years for the means of Internet of things and tools have been increasing largely. Therefore, to achieve a secure automatic update on the Internet of Things is essential. This report will follow such an automatic update system based on Internet of things to expand. First it elaborated on the main motive of this problem, found three existing related works and three security methods for communication to analyze. Then combined results of analysis, put forward own a secure automatic update solution: manager and devices connect and mutual authentication in real time, at the same time, the manager will regularly check the database to see if there is new version application. When the administrator uploads a new version, the manager will download the version and then sends to all devices, then device installs and finally restart itself. Next, the report described how to implement this system in detail and evaluated it. In the end, this report summarized and introduces the future work.

Dans cette thèse nous nous intéressons à la cryptographie utilisant des codes correcteurs. Cette proposition, née du système de chiffrement à clef publique de McEliece, est à ce jour considérée comme post-quantique, ie : pouvant être utilisée sur ordinateur classique et résistante face à un adversaire muni d'un ordinateur quantique. Nous avons élaboré des attaques contre le schéma de signature RankSign, qui faisait partie des soumissions au processus de standardisation post-quantique du NIST, ainsi que contre le premier chiffrement fondée sur l'identité utilisant des codes. Nous proposons une nouvelle signature utilisant des codes : Wave. Nous avons introduit une nouvelle trappe, les codes (U,U+V)-généralisés. Nous montrons comment les utiliser pour décoder en des distances où le décodage est génériquement difficile. Nous montrons ensuite que pour ces codes la stratégie de Gentry Peikert et Vaikuntanathan, fructueuse en cryptographie utilisant des réseaux, peut être suivie. Cela est en partie dû à une méthode de rejet qui évite toute fuite d’information. Notre système repose sur le décodage générique à grande distance. Nous avons alors étudié la complexité de résolution de ce problème et proposé le meilleur algorithme connu à ce jour pour le résoudre. Nous étudions une des rares alternatives du décodage par ensemble d'information : le décodage statistique. Nous améliorons les techniques pour trouver des équations de parité de modéré puis nous donnons la première étude asymptotique de ce décodeur grâce à de nouveaux sur les polynômes de Krawtchouk. Nous montrons alors que le décodage statistique n'est pas compétitif avec les décodeurs par ensemble d'information
In this thesis we study code-based cryptography. By this term we mean the crypto-systems whose security relies on the generic decoding problem. The first of those systems is a public key encryption scheme proposed by McEliece in 1978. Four decades later, no attack is known to present a serious threat on the system, even on a quantum computer. This makes code-based cryptography a credible candidate for post-quantum cryptography. First we give attacks against the code-based signature scheme RankSign, which was proposed to the post-quantum standardization of the NIST, and against the first code-based Identity-Based-Encryption scheme. On the other hand we propose a new code-based signature scheme: Wave. For this design we introduced a new trapdoor, the family of generalized (U,U+V)-codes. We show how to decode them for weights such that the generic decoding problem is hard. Then we show how to follow the Gentry-Peikert and Vaikuntanathan strategy which has proved to be fruitful in lattice-based cryptography. This was done by avoiding any information leakage of signatures thanks to an efficient rejection sampling. Furthermore, for the first time we propose a crypto-system whose security relies on the generic decoding problem for high distances. We give in this thesis the best known algorithm to solve this problem. At last, we study one of the few alternatives to information set decoding: the statistical decoding. First we improve algorithms to compute parity-check equations of small or moderate weight and we make the first asymptotic study of its complexity. We show that statistical decoding is not competitive with information set decoding contrary to what was claimed. This study relies on new results about Krawtchouk polynomials

Diploma thesis is focused on matters of electronic signatures and their possible usage in accounting and business process. The paper is divided into two parts. Subject of the first part is general analysis of terminology and characteristics of electronic signature, certificates and certification authorities and time stamps, including analysis of strengths and weaknesses of these services. At the end of this theory part are outlined some of the most common choices of using electronic signature in accounting system. In second part are analysed results of research, which was performed by sending questionnaire to a number of randomly chosen companies.

La sécurité de l’information repose sur la bonne interaction entre différents niveaux d’abstraction : les composants matériels, systèmes d’exploitation, algorithmes, et réseaux de communication. Cependant, protéger ces éléments a un coût ; ainsi de nombreux appareils sont laissés sans bonne couverture. Cette thèse s’intéresse à ces différents aspects, du point de vue de la sécurité et de la cryptographie. Nous décrivons ainsi de nouveaux algorithmes cryptographiques (tels que des raffinements du chiffrement de Naccache–Stern), de nouveaux protocoles (dont un algorithme d’identification distribuée à divulgation nulle de connaissance), des algorithmes améliorés (dont un nouveau code correcteur et un algorithme efficace de multiplication d’entiers),ainsi que plusieurs contributions à visée systémique relevant de la sécurité de l’information et à l’intrusion. En outre, plusieurs de ces contributions s’attachent à l’amélioration des performances des constructions existantes ou introduites dans cette thèse
Information security relies on the correct interaction of several abstraction layers: hardware, operating systems, algorithms, and networks. However, protecting each component of the technological stack has a cost; for this reason, many devices are left unprotected or under-protected. This thesis addresses several of these aspects, from a security and cryptography viewpoint. To that effect we introduce new cryptographic algorithms (such as extensions of the Naccache–Stern encryption scheme), new protocols (including a distributed zero-knowledge identification protocol), improved algorithms (including a new error-correcting code, and an efficient integer multiplication algorithm), as well as several contributions relevant to information security and network intrusion. Furthermore, several of these contributions address the performance of existing and newly-introduced constructions

Sparti elektroninės komercijos plėtra ir augimas natūraliai sąlygojo modernių, online aplinkai pritaikytų atsiskaitymo, mokėjimo sistemų atsiradimą. Itin svarbu tai, kad technologijų tobulėjimo pasėkoje ne tik eksponentiškai išaugo perduodamos informacijos kiekis, tačiau pakito pačios informacijos prigimtis – ji pati savaime, per se, tapo ekonominę vertę turinčiu objektu. Vartotojų noras saugiai atsiskaityti internete įtakojo, kad „online“ aplinkoje mažėja naudojimas tokių tradicinių atsiskaitymo priemonių kaip mokėjimo kortelės. Interneto vartotojai vis rečiau pasitiki šiuo mokėjimo įrankiu, kadangi vartotojai, pateikdami pardavėjui savo mokėjimo kortelės duomenis, susiduria su neteisėta šių duomenų panaudojimo rizika. Šiame darbe pateikiamas siūlomas dalinai prijungties režime veikiančios elektroninių pinigų cirkuliacijos sistemos, skirtos mažiems ir vidutiniams mokėjimams, modelis, besiremiantis sukurta Payword mikromokėjimų sistemos koncepcija.
Fast developing and growing of e-commerce determined the coming of modern payment systems. Intention of users to pay safely on the internet impacted the decrease of use of traditional payment system such as credit cards. It’s started to look for and design alternative ways of payment, such as smart cards systems or systems using software for saving monetary value. Traditional payment systems currently used by most e-commerce sites are not suitable for high volume, tiny valued transactions. There is a need of payment system that is cost effective, secure and easy to use. The purpose of this work is to propose a model of semi-online electronic money circulation system for small and average payments, which is based on a concept of R. Rivest and A. Shamir created micropayment system called Payword. The proposed model’s architecture and protocol are explained in detail. To increase performance of the system there was done a research to find out which hash algorithm and electronic signature algorithm is most suitable for the proposed model.

Bien que relativement récente, la cryptographie à base de réseaux euclidiens s’est distinguée sur de nombreux points, que ce soit par la richesse des constructions qu’elle permet, par sa résistance supposée à l’avènement des ordinateursquantiques ou par la rapidité dont elle fait preuve lorsqu’instanciée sur certaines classes de réseaux. Un des outils les plus puissants de la cryptographie sur les réseaux est le Gaussian sampling. À très haut niveau, il permet de prouver qu’on connaît une base particulière d’un réseau, et ce sans dévoiler la moindre information sur cette base. Il permet de réaliser une grande variété de cryptosystèmes. De manière quelque peu surprenante, on dispose de peu d’instanciations pratiques de ces schémas cryptographiques, et les algorithmes permettant d’effectuer du Gaussian sampling sont peu étudiés. Le but de cette thèse est de combler le fossé qui existe entre la théorie et la pratique du Gaussian sampling. Dans un premier temps, nous étudions et améliorons les algorithmes existants, à la fois par une analyse statistique et une approche géométrique. Puis nous exploitons les structures sous-tendant de nombreuses classes de réseaux, ce qui nous permet d’appliquer à un algorithme de Gaussian sampling les idées de la transformée de Fourier rapide, passant ainsi d’une complexité quadratique à quasilinéaire. Enfin, nous utilisons le Gaussian sampling en pratique et instancions un schéma de signature et un schéma de chiffrement basé sur l’identité. Le premierfournit des signatures qui sont les plus compactes obtenues avec les réseaux à l’heure actuelle, et le deuxième permet de chiffrer et de déchiffrer à une vitesse près de mille fois supérieure à celle obtenue en utilisant un schéma à base de couplages sur les courbes elliptiques
Although rather recent, lattice-based cryptography has stood out on numerous points, be it by the variety of constructions that it allows, by its expected resistance to quantum computers, of by its efficiency when instantiated on some classes of lattices. One of the most powerful tools of lattice-based cryptography is Gaussian sampling. At a high level, it allows to prove the knowledge of a particular lattice basis without disclosing any information about this basis. It allows to realize a wide array of cryptosystems. Somewhat surprisingly, few practical instantiations of such schemes are realized, and the algorithms which perform Gaussian sampling are seldom studied. The goal of this thesis is to fill the gap between the theory and practice of Gaussian sampling. First, we study and improve the existing algorithms, byboth a statistical analysis and a geometrical approach. We then exploit the structures underlying many classes of lattices and apply the ideas of the fast Fourier transform to a Gaussian sampler, allowing us to reach a quasilinearcomplexity instead of quadratic. Finally, we use Gaussian sampling in practice to instantiate a signature scheme and an identity-based encryption scheme. The first one yields signatures that are the most compact currently obtained in lattice-based cryptography, and the second one allows encryption and decryption that are about one thousand times faster than those obtained with a pairing-based counterpart on elliptic curves

Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.

Cryptographic digital signatures provide authentication to communicating parties over communication networks. They are integral asymmetric primitives in cryptography. The current digital signature infrastructure adopts schemes that rely on the hardness of finding discrete logarithms and factoring in finite groups. Given the recent advances in physics which point towards the eventual construction of large scale quantum computers, these hard problems will be solved in polynomial time using Shor’s algorithm. Hence, there is a clear need to migrate the cryptographic infrastructure to post-quantum secure alternatives. Such an initiative is demonstrated by the PQCRYPTO project and the current Post-Quantum Cryptography (PQC) standardization competition run by the National Institute of Standards and Technology (NIST). This dissertation considers hash-based digital signature schemes. Such algorithms rely on simple security notions such as preimage, and weak and strong collision resistances of hash functions. These notions are well-understood and their security against quantum computers has been well-analyzed. However, existing hash-based signature schemes have large signature sizes and high computational costs. Moreover, the signature size increases with the number of messages to be signed by a key pair. The goal of this work is to develop hash-based digital signature schemes to overcome the aforementioned limitations. First, FORS, the underlying few-time signature scheme of the NIST PQC alternate candidate SPHINCS+ is analyzed against adaptive chosen message attacks, and DFORS, a few-time signature scheme with adaptive chosen message security, is proposed. Second, a new variant of SPHINCS+ is introduced that improves the computational cost and security level. Security analysis for the new variant is presented. In addition, the hash-based group digital signature schemes, Group Merkle (GM) and Dynamic Group Merkle (DGM), are studied and their security is analyzed. Group Merkle Multi-Treem (GMMT) is proposed to solve some of the limitations of the GM and DGM hash-based group signature schemes.
Graduate

Cryptography algorithms like the Advanced Encryption Standard, Elliptic Curve Cryptography algorithms etc are designed using algebraic properties of finite fields. Thus performance of these algorithms depend on performance of the underneath field operations. Moreover, different algorithms use finite fields of widely varying order. In order to cater to these finite fields of different orders in an area efficient manner, it is necessary to design solutions in the form of hardware-consolidations, keeping the performance requirements in mind. Due to their small area occupancy and high utilization, such circuits are less likely to stay idle and therefore are less prone to loss of energy due to leakage power dissipation. There is another class of applications that rely on finite field algebra namely the various error detection and correction techniques. Most of the classical block codes used for detection of bit-error in communications over noisy communication channels apply the algebraic properties of finite fields. Cyclic redundancy check is one such algorithm used for detection of error in data in computer network. Reed-Solomon code is most notable among classical block codes because of its widespread use in storage devices like CD, DVD, HDD etc. In this work we present the architecture of a polymorphic multiplier for operations over various extensions of GF(2). We evolved the architecture of a textbook shift-and-add multiplier to arrive at the architecture of the polymorphic multiplier through a generalized mathematical formulation. The polymorphic multiplier is capable of morphing itself in runtime to create data-paths for multiplications of various orders. In order to optimally exploit the resources, we also introduced the capability of sub-word parallel execution in the polymorphic multiplier. The synthesis results of an instance of such a polymorphic multipliershowsabout41% savings in area with 21% degradation in maximum operating frequency compared to a collection of dedicated multipliers with equivalent functionality. We introduced the multiplier as an accelerator unit for field operations in the coarse grained runtime reconfigurable platform called REDEFINE. We observed about 40-50% improvement in performance of the AES algorithm and about 52×improvement in performance of Karatsuba-Ofman multiplication algorithm.

碩士
東海大學
數學系
94
In this thesis, we propose a variant of the ANSI X9.62 ECDSA. We give a brief introduction to the digital signature algorithm in chapter 2, and then give the basic concepts of the elliptic curve cryptosystems in chapter 3. The next chapter includes the elliptic curve version of DSA, and finally a variant of ECDSA will be given in chapter 5.

碩士
國立臺灣大學
電機工程學研究所
93
ECDSA is a widely adopted standard. We present a (t,2t,n) threshold Elliptic Curve Digital Signature Algorithm (ECDSA) scheme. In our scheme, the regular ECDSA signer is distributed into a $n$-participant group which shares the elliptic curve private key by Secret Sharing (SS) with the parameter 2t