Article

Implementing minimized multivariate PKC on low-resource embedded systems

Authors:

Chen-Mou Cheng,

Jiun-Ming ChenAuthors Info & Claims

SPC'06: Proceedings of the Third international conference on Security in Pervasive Computing

Pages 73 - 88

https://doi.org/10.1007/11734666_7

Published: 18 April 2006 Publication History

Abstract

Multivariate (or $\mathcal{MQ}$) public-key cryptosystems (PKC) are alternatives to traditional PKCs based on large algebraic structures (e.g., RSA and ECC); they usually execute much faster than traditional PKCs on the same hardware. However, one major challenge in implementing multivariates in embedded systems is that the key size can be prohibitively large for applications with stringent resource constraints such as low-cost smart cards, sensor networks (e.g., Berkeley motes), and radio-frequency identification (RFID). In this paper, we investigate strategies for shortening the key of a multivariate PKC. We apply these strategies to the Tame Transformation Signatures (TTS) as an example and quantify the improvement in key size and running speed, both theoretically and via implementation. We also investigate ways to save die space and energy consumption in hardware, reporting on our ASIC implementation of TTS on a TSMC 0.25μm process. Even without any key shortening, the current consumption of TTS is only 21 μA for computing a signature, using 22,000 gate equivalents and 16,000 100-kHz cycles (160 ms). With circulant-matrix key shortening, the numbers go down to 17,000 gates and 4,400 cycles (44 ms). We therefore conclude: besides representing a future-proofing investment against the emerging quantum computers, multivariates can be immediately useful in niches.

References

[1]

M. Akkar, N. Courtois, R. Duteuil, and L. Goubin, A Fast and Secure Implementation of SFLASH, PKC'03, LNCS 2567, pp. 267-278.

Digital Library

[2]

C.-Y. Chou, Y.-H. Hu, F.-P. Lai, L.-C. Wang, and B.-Y. Yang, Tractable Rational Map Signature, PKC'05, LNCS 3386, pp. 244-257.

Digital Library

[3]

N. Courtois, Generic Attacks and the Security of Quartz, PKC'03, LNCS 2567, pp. 351-364.

Digital Library

[4]

N. Courtois, L. Goubin, W. Meier, and J. Tacier, Solving Underdefined Systems of Multivariate Quadratic Equations, PKC'02, LNCS 2274, pp. 211-227.

Digital Library

[5]

N. Courtois, A. Klimov, J. Patarin, and A. Shamir, Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations, EUROCRYPT 2000, LNCS 1807, pp. 392-407.

Digital Library

[6]

J. Daemen and V. Rijmen, The Design of Rijndael, AES - the Advanced Encryption Standard. Springer 2002.

Digital Library

[7]

P. Davis, Circulant matrices, John Wiley & Sons, New York-Chichester-Brisbane, 1979.

[8]

C. Diem, The XL-algorithm and a conjecture from commutative algebra, ASIACRYPT'04, LNCS 3329, pp. 338-353.

[9]

J. Ding, A New Variant of the Matsumoto-Imai Cryptosystem through Perturbation, PKC'04, LNCS 2947, pp. 305-318.

[10]

J. Ding, J. Gower et al, Innoculating Multivariate Schemes against Differential Attacks, http://eprint.iacr.org/2005/255/.

[11]

J. Ding and D. Schmidt, Rainbow, a new Digitial Multivariate Signature Scheme, ACNS'05, LNCS 3531, pp. 164-177.

Digital Library

[12]

J. Ding and Z. Yin, Cryptanalysis of TTS and tame-like multivariable signature schemes, presentation, IWAP'04.

[13]

J.-C. Faugère, A New Efficient Algorithm for Computing Gröbner Bases without Reduction to Zero (F5), Proceedings of ISSAC'02, pp. 75-83, ACM Press 2002.

Digital Library

[14]

J.-C. Faugère, invited talk at AES4 conference, and private communication.

[15]

M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, Strong Authentication for RFID Systems Using the AES Algorithm, CHES 2004, LNCS 3156, pp. 357-370.

[16]

M. Garey and D. Johnson, Computers and Intractability, A Guide to the Theory of NPcompleteness, Freeman and Co., 1979, p. 251.

Digital Library

[17]

G. Gaubatz, J.-P. Kaps, and B. Sunar, Public Key Cryptography in Sensor Networks-- Revisited, 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), LNCS 3313, Heidelberg, Germany, August, 2004.

Digital Library

[18]

D. Gay, P. Levis, R. von Behren, M. Welsh, E. Brewer, and D. Culler, The nesC Language: A Holistic Approach to Networked Embedded Systems, ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI), San Diego, CA, USA, June, 2003.

Digital Library

[19]

H. Gilbert and M. Minier, Cryptanalysis of SFLASH, EUROCRYPT 2002, LNCS 2332, pp. 288-298.

Digital Library

[20]

W. Geiselmann, R. Steinwandt, and T. Beth, Attacking the Affine Parts of SFLASH, 8th International IMA Conference on Cryptography and Coding, LNCS 2260, pp. 355-359.

Digital Library

[21]

L. Goubin and N. Courtois, Cryptanalysis of the TTM Cryptosystem, ASIACRYPT 2000, LNCS 1976, pp. 44-57.

Digital Library

[22]

L. K. Grover, A fast quantum mechanical algorithm for database search, Proc. 28th Annual ACM Symposium on the Theory of Computing, (May '96) pp. 212-220.

Digital Library

[23]

J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. E. Culler, and K. S. J. Pister, System Architecture Directions for Networked Sensors, Proc. 9th International Conference on Architectural Support for Programming Languages and Operating Systems (November 2000), pp. 93-104.

Digital Library

[24]

Y. Hu, L. Wang, J. Chen, F. Lai, and C. Chou, A Performance Report and Security Analysis of a fast TTM implementation, 2003 IEEE Int'l Symp. on Information Theory, Yokohama, Japan, June 2003.

[25]

Y. Hu, L. Wang, F. Lai, and C. Chou, Similar Keys of Multivariate Quadratic Public Key Cryptosystems, CANS'05, LNCS 3810, pp. 211-222.

Digital Library

[26]

A. Joux, S. Kunz-Jacques, F. Muller, P.-M. Ricordel, Cryptanalysis of the Tractable Rational Map Cryptosystem, PKC'05, LNCS 3386, pp. 258-274.

Digital Library

[27]

A. Kipnis, J. Patarin, and L. Goubin, Unbalanced Oil and Vinegar Signature Schemes, CRYPTO'99, LNCS 1592, pp. 206-222.

Digital Library

[28]

R. Lidl and H. Niederreiter, Finite Fields. Addison-Wesley, 1984.

[29]

S. Ljungkvist, in the 8051 code library http://www.8052.com/codelib.phtm

[30]

D. Malan, M. Welsh, and M. Smith, A Public-Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography, First IEEE International Conference on Sensor and Ad hoc Communications and Networks (SECON), Santa Clara, CA, USA, October, 2004.

[31]

T. Matsumoto and H. Imai, Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption, EUROCRYPT'88, LNCS 330, pp. 419-453.

Digital Library

[32]

M. Matsumoto and T. Nishimura, Mersenne Twister: A 623-Dimensionally Equidistributed Uniform Pseudo-Random Number Generator, ACMTrans. on Modeling and Computer Sim., 8 (1998), pp. 3-30.

Digital Library

[33]

The NESSIE project homepage: http://www.cryptonessie.org.

[34]

C. Paar, Some Remarks on Efficient Inversion in Finite Fields, 1995 IEEE International Symposium on Information Theory, Whistler, B.C. Canada, September 1995, available from the author's website.

[35]

C. Paar, A New Architechture for a Parallel Finite Field Multiplier with Low Complexity Based on Composition Fields, Brief Contributions section of IEEE Transactions on Computers, vol. 45(1996), No. 7, pp. 856-861.

Digital Library

[36]

J. Patarin, Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88, CRYPTO'95, LNCS 963, pp. 248-261.

Digital Library

[37]

J. Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, EUROCRYPT'96, LNCS 1070, pp. 33-48.

Digital Library

[38]

J. Patarin, L. Goubin, and N. Courtois, C* -+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai, ASIACRYPT'98, LNCS 1514, pp. 35-49.

Digital Library

[39]

J. Patarin, N. Courtois, and L. Goubin, FLASH, a Fast Multivariate Signature Algorithm, CT-RSA'01, LNCS 2020, pp. 298-307. Updated version available at http://www.cryptonessie.org

Digital Library

[40]

P. W. Shor, Algorithms for quantum computation: Discrete logarithms and factoring, Proc. 35nd Annual Symposium on Foundations of Computer Science (S. Goldwasser, ed.), IEEE Computer Society Press (1994), 124-134.

Digital Library

[41]

C. Wolf and B. Preneel, Taxonomy of Public-Key Schemes based on the Problem of Multivariate Quadratic Equations, http://eprint.iacr.org/2005/077.

[42]

C. Wolf and B. Preneel, Equivalent Keys in HFE, C*, and variations, In Mycrypt'05, LNCS 3715, pp. 33-49, 2005.

Digital Library

[43]

B.-Y. Yang and J.-M. Chen, Rank Attacks and Defence in Tame-Like Multivariate PKC's, ACISP 2005, LNCS 3574, p. 518-531. Older version at E-Print Archive 2004/061.

[44]

B.-Y. Yang, Y.-H. Chen, and J.-M. Chen, TTS: High-Speed Signatures on a Low-Cost Smart Card, CHES'04, LNCS 3156, pp. 371-385.

[45]

B.-Y. Yang, C.-M. Cheng, B.-R. Chen, and J.-M. Chen, Technical Research Report Number 11, 2005, Taiwan Information Security Center (TWISC).

Cited By

Roman RAlcaraz CLopez J(2018)A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodesMobile Networks and Applications10.1007/s11036-007-0024-212:4(231-244)Online publication date: 26-Dec-2018
https://dl.acm.org/doi/10.1007/s11036-007-0024-2
Shim K(2017)BASISIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.266806212:7(1545-1554)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1109/TIFS.2017.2668062
Hülsing ARijneveld JSchwabe P(2016)ARMed SPHINCSProceedings, Part I, of the 19th IACR International Conference on Public-Key Cryptography --- PKC 2016 - Volume 961410.1007/978-3-662-49384-7_17(446-470)Online publication date: 6-Mar-2016
https://dl.acm.org/doi/10.1007/978-3-662-49384-7_17
Show More Cited By

Recommendations

TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks

Key distribution in Wireless Sensor Networks (WSNs) is challenging. Symmetric cryptosystems can perform it efficiently, but they often do not provide a perfect trade-off between resilience and storage. Further, even though conventional public key and ...
A novel group signature scheme based on MPKC
ISPEC'11: Proceedings of the 7th international conference on Information security practice and experience

Group signature allows a group member to sign messages anonymously on the behalf of a group. In the case of a dispute, the designated group manager can open the signature to reveal the identity of its originator. As far as we know, most of the group ...
Implementing public-key infrastructure for sensor networks

We present a critical evaluation of the first known implementation of elliptic curve cryptography over F_2p for sensor networks based on the 8-bit, 7.3828-MHz MICA2 mote. We offer, along the way, a primer for those interested in the field of cryptography ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SPC'06: Proceedings of the Third international conference on Security in Pervasive Computing

April 2006

242 pages

ISBN:3540333762

Editors:
John A. Clark
Department of Computer Science, University of York, York, England
,
Richard F. Paige
Department of Computer Science, University of York, York, UK
,
Fiona C. Polack
Department of Computer Science, University of York, York, UK
,
Phillip J. Brooke
School of Computing, University of Teesside, Middlesbrough, United Kingdom

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 April 2006

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Roman RAlcaraz CLopez J(2018)A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodesMobile Networks and Applications10.1007/s11036-007-0024-212:4(231-244)Online publication date: 26-Dec-2018
https://dl.acm.org/doi/10.1007/s11036-007-0024-2
Shim K(2017)BASISIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.266806212:7(1545-1554)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1109/TIFS.2017.2668062
Hülsing ARijneveld JSchwabe P(2016)ARMed SPHINCSProceedings, Part I, of the 19th IACR International Conference on Public-Key Cryptography --- PKC 2016 - Volume 961410.1007/978-3-662-49384-7_17(446-470)Online publication date: 6-Mar-2016
https://dl.acm.org/doi/10.1007/978-3-662-49384-7_17
Tang SLv BShen W(2016)Hybrid MQ Signature for Embedded DeviceProceedings, Part I, of the 21st Australasian Conference on Information Security and Privacy - Volume 972210.1007/978-3-319-40253-6_17(281-290)Online publication date: 4-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40253-6_17
Perlner RSmith-Tone D(2016)Security Analysis and Key Modification for ZHFEProceedings of the 7th International Workshop on Post-Quantum Cryptography - Volume 960610.1007/978-3-319-29360-8_13(197-212)Online publication date: 24-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29360-8_13
Tang SLv BChen GPeng Z(2014)Efficient Hardware Implementation of MQ Asymmetric Cipher PMI+ on FPGAsProceedings of the 10th International Conference on Information Security Practice and Experience - Volume 843410.1007/978-3-319-06320-1_15(187-201)Online publication date: 5-May-2014
https://dl.acm.org/doi/10.1007/978-3-319-06320-1_15
Manifavas CHatzivasilis GFysarakis KRantos K(2013)Lightweight Cryptography for Embedded Systems A Comparative AnalysisRevised Selected Papers of the 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security - Volume 824710.1007/978-3-642-54568-9_21(333-349)Online publication date: 12-Sep-2013
https://dl.acm.org/doi/10.1007/978-3-642-54568-9_21
Czypek PHeyse SThomae E(2012)Efficient implementations of MQPKS on constrained devicesProceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems10.1007/978-3-642-33027-8_22(374-389)Online publication date: 9-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-33027-8_22
Gligoroski DØdegård RJensen RPerret LFaugère JKnapskog SMarkovski S(2011)MQQ-SIGProceedings of the Third international conference on Trusted Systems10.1007/978-3-642-32298-3_13(184-203)Online publication date: 27-Nov-2011
https://dl.acm.org/doi/10.1007/978-3-642-32298-3_13
Smith-Tone D(2011)On the differential security of multivariate public key cryptosystemsProceedings of the 4th international conference on Post-Quantum Cryptography10.1007/978-3-642-25405-5_9(130-142)Online publication date: 29-Nov-2011
https://dl.acm.org/doi/10.1007/978-3-642-25405-5_9
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten