Julian Wälde scite author profile

We present an implementation of the hash-based post-quantum signature scheme SPHINCS + that enables heavily memory-restricted devices to sign messages by streaming-out a signature during its computation and to verify messages by streaming-in a signature. We demonstrate our implementation in the context of Trusted Platform Modules (TPMs) by proposing a SPHINCS + integration and a streaming extension for the TPM specification. We evaluate the overhead of our signature-streaming approach for a stand-alone SPHINCS + implementation and for its integration in a proof-of-concept TPM with the proposed streaming extension running on an ARM Cortex-M4 platform. Our streaming interface greatly reduces the memory requirements without introducing a significant performance penalty. This is achieved not only by removing the need to store an entire signature but also by reducing the stack requirements of the key generation, sign, and verify operations. Therefore, our streaming interface enables small embedded devices that do not have sufficient memory to store an entire SPHINCS + signature or that previously were only able to use a parameter set that results in smaller signatures to sign and verify messages using all SPHINCS + variants.

show abstract

Breaking DVB-CSA

Tews

Wälde

Weiner

2012

View full text Add to dashboard Cite

Digital Video Broadcasting (DVB) is a set of standards for digital television. DVB supports the encryption of a transmission using the Common Scrambling Algorithm (DVB-CSA). This is commonly used for PayTV or for other conditional access scenarios. While DVB-CSA support 64 bit keys, many stations use only 48 bits of entropy for the key and 16 bits are used as a checksum. In this paper, we outline a timememory-tradeoff attack against DVB-CSA, using 48 bit keys. The attack can be used to decrypt major parts a DVB-CSA encrypted transmission online with a few seconds delay at very moderate costs. We first propose a method to identify plaintexts in an encrypted transmission and then use a precomputed rainbow table to recover the corresponding keys. The attack can be executed on a standard PC, and the precomputations can be accelerated using GPUs. We also propose countermeasures that prevent the attack and can be deployed without having to alter the receiver hardware. 2002. This implementation was reverse-engineered to extract the missing details of the cipher, such as the S-Box used. The first academic publication analyzing DVB-CSA appeared one year later [13]. Other publications we found about DVB-CSA consider physical attacks, i.e. fault attacks [14] and side-channel attacks [9] or only analyze the stream cipher part of DVB-CSA [12], while DVB-CSA also contains a block cipher (see Section 2). However, those attacks do not work in a real-life scenario. Common PayTV setups consist of four core components: a Smart Card, a Conditional Access Module (CAM), a set-top box and the television. The Smart Card is personalized to the PayTV subscriber and provides the DVB-CSA keys, which are changed frequently. It is able to compute the DVB-CSA keys based on a secret stored on the card and control messages from the TV station. The Conditional Access Module is the interface between the Smart Card and the set-top box. The CAM is either a PCMCIA card connected to the set-top box over the Common Interface (CI) or it is integrated into the set-top box. The set-top box decodes the MPEG stream and forwards it to the television, and the television finally displays the video. All public practical attacks on encrypted DVB streams we know consider attacking the DVB-CSA key derivation scheme-this includes physical attacks against SmartCards as well as Card Sharing, i.e. distributing the DVB-CSA keys generated by a SmartCard to multiple users.

show abstract

Polynomial Multiplication in NTRU Prime

Alkım

Cheng

Chung

et al. 2020

TCHES

View full text Add to dashboard Cite

This paper proposes two different methods to perform NTT-based polynomial multiplication in polynomial rings that do not naturally support such a multiplication. We demonstrate these methods on the NTRU Prime key-encapsulation mechanism (KEM) proposed by Bernstein, Chuengsatiansup, Lange, and Vredendaal, which uses a polynomial ring that is, by design, not amenable to use with NTT. One of our approaches is using Good’s trick and focuses on speed and supporting more than one parameter set with a single implementation. The other approach is using a mixed radix NTT and focuses on the use of smaller multipliers and less memory. On a ARM Cortex-M4 microcontroller, we show that our three NTT-based implementations, one based on Good’s trick and two mixed radix NTTs, provide between 32% and 17% faster polynomial multiplication. For the parameter-set ntrulpr761, this results in between 16% and 9% faster total operations (sum of key generation, encapsulation, and decapsulation) and requires between 15% and 39% less memory than the current state-of-the-art NTRU Prime implementation on this platform, which is using Toom-Cook-based polynomial multiplication.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Julian Wälde

XMSS and Embedded Systems

Post-quantum authentication in OpenSSL with hash-based signatures

Streaming SPHINCS+ for Embedded Devices Using the Example of TPMs

Breaking DVB-CSA

Polynomial Multiplication in NTRU Prime

Contact Info

Product

Resources

About