Public Key Cryptography on Hardware Platforms: Design and Analysis of Elliptic Curve and Lattice-based Cryptoprocessors
Author:
Keywords:
Cathedral - 695305;info:eu-repo/grantAgreement/EC/H2020/695305, C16/15/058#53326573
Abstract:
The vast network of connected devices, ranging from tiny Radio Frequency Identification (RFID) tags to powerful desktop computers, generates massive amounts of information. Public-key cryptography (PKC) plays a crucial role in securing this network. In this thesis we focus on the efficient implementation of PKC to address the security challenges of the future. Aiming to secure resource-constrained connected devices, we design a lightweight elliptic-curve coprocessor for a 283-bit Koblitz curve, which offers 140-bit security. We optimize the scalar conversion which is an important part of point multiplication, and we introduce lightweight countermeasures against timing and power side-channel attacks. The coprocessor consumes only 4.3 KGE. In the second part of the thesis, we investigate implementation aspects of post-quantum PKC and homomorphic encryption schemes whose security is based on the hardness of the ring-LWE problem. These cryptographic schemes perform arithmetic operations in a polynomial ring and require sampling from a discrete Gaussian distribution. To design a discrete Gaussian sampler that satisfies a negligible statistical distance to the accurate distribution, we analyze the Knuth-Yao random walk, and propose an algorithm that is fast and lightweight. For efficient polynomial multiplication, we apply the number theoretic transform. From these primitives we design a compact coprocessor that takes only 20/9μs to compute encryption/decryption on a Xilinx Virtex VI FPGA. Homomorphic function evaluation is very slow in software due to its arithmetic involving very large polynomials with large coefficients. We design an FPGA-based accelerator for the homomorphic encryption scheme YASHE. We observe that though the computation intensive arithmetic can be accelerated, the overhead of external memory access becomes a bottleneck. Then we propose a more practical scheme that uses a special module to assist homomorphic function evaluation in less time. With this module we can evaluate encrypted search roughly 20 times faster than the implementation without this module.