后量子加密算法的硬件实现综述

现有的密码体制大多基于RSA、ECC等公钥密码体制,在信息安全系统中实现密钥交换、数字签名和身份认证等,有其独特的优势,其安全性分别依赖于解决整数分解问题和离散对数问题的难度。近年来,随着量子计算机的快速发展,破解上述数学问题的时间大幅减少,这将严重损害数字通信的安全性、保密性和完整性。与此同时,一个新的密码学领域,即后量子密码学应运而生,基于它的加密算法可以对抗量子计算机的攻击,因此成为近年来的热点研究方向。2016年以来,NIST向世界各地的研究者征集候选抗量子密码学方案,并对全部方案进行安全性、成本和性能的评估,最终通过评估的候选方案将被标准化。本文比较了NIST后量子密码学算法征集(第2轮、第3轮)的各个方案,概述目前后量子加密算法的主要实现方法:基于哈希、基于编码、基于格和基于多变量,分析了各自的安全性,签名参数及计算量的特点以及后期的优化方向。PQC算法在硬件实现上的挑战其一是算法规范的数学复杂性,这些规范通常是由密码学家编写的,关注的重点是其安全性而非实现的效率,其二需要存储大型公钥、私钥和内部状态,这可能会导致不能实现真正的轻量级,从而降低硬件实现的效率。本文重点介绍了目前后量子加密算法的硬件实现方式,包括PQC硬件应用程序编程接口的开发,基于HLS的抽象实现和基于FPGA/ASIC平台的硬件实现。PQC方案的硬件化过程中不仅需要算法的高效实现,同时需要抵抗针对硬件结构的侧信道攻击。侧信道攻击可以通过来自目标设备泄露的相关信息来提取密码设备的密钥。本文讨论了后量子加密算法在具体实现和应用中受到侧信道攻击类别和防御对策。     

SOTS:一个基于哈希函数更短的后量子数字签名方案

在后量子数字签名方案中,基于哈希函数的签名方案是高效和可证明安全的.然而,过长的密钥和签名是基于哈希函数的签名方案最主要的问题.在已有签名方案的基础上,提出一个新的一次签名方案,该方案不仅减少了签名的数量,同时减少了每个签名的长度.和Winternitz OTS方案相比,新的方案在密钥和签名尺寸上分别减少了77 ％和82％,和WOTS+方案相比,在密钥和签名尺寸上分别减少了60.7％和60.5％.在签名长度上,新方案与近2年提出的NOTS,SDS-OTS和WOTS-S方案相比,分别减少了17％,24.5％和48.1％.另外,证明了新的方案在选择明文攻击(Chosen-Plaintext Attack,CPA)下是存在不可伪造的,安全性可规约为底层哈希函数的单向性.除此之外,实验证实了与WOTS+方案相比,在密钥生成、签名生成和签名验证所需时间上,新的方案分别减少了71.4％,47.7％和60.9％.     

一种基于身份的不可传递性环签名

网络环境中的某些应用(如匿名电子举报)要求数字签名同时具备签名者身份模糊性和签名不可传递性,而现存的签名方案都不能完全满足此类需求.为此,提出了一种新的签名方案即基于身份的不可传递性环签名方案,设计了一个基于双线性对的特殊哈希函数,并将该哈希函数引入到环签名中,使方案很好地满足了上述需求.形式化分析表明,方案生成的签名在随机预言模型(Random Oracle Model,ROM)下具有不可伪造性.     

基于代理重签名的电子政务数据安全交换方案

针对电子政务数据交换的安全问题,基于离散对数设计一个双陷门哈希函数,并证明新函数满足有效性、陷门碰撞、抗碰撞和抗密钥泄露等性质。结合该陷门哈希函数和代理重签名方案,提出一种新的电子政务数据安全交换方案,并证明新方案的安全性可归约到所基于的代理重签名方案和陷门哈希函数的安全性。分析结果表明,新方案的重签名生成和验证开销小,数据交换实时性高,存储空间小,适用于计算资源有限的设备。     

基于椭圆曲线的代理多重盲签名方案

针对代理盲签名中的密钥泄漏问题,将代理签名、盲签名及前向安全的思想相结合,提出一种基于椭圆曲线的前向安全代理多重盲签名方案。由一个代理签名人同时代表多个原始签名人生成一个有效的签名,综合运用授权证书、哈希函数和椭圆曲线密码体制增强系统安全性,即使代理签名私钥泄漏,以前所产生的代理盲签名依然有效。分析结果表明,该方案具有安全性,能有效抵抗原始签名者的内部攻击,与基于ElGamal签名体制的方案相比,计算效率更高。     

一个安全无证书的盲签名方案

提出了一个安全无证书的盲签名方案。新方案预运算e(P,P)=g作为系统公开参数,无需使用特殊的MapToPoint哈希函数,提高了方案的计算效率;同时方案中密钥生成中心（KGC）与用户间不再需要可信的安全通道,更加适合实际应用。此外新方案采用了无证书公钥密码体制,解决了基于证书签名方案的证书管理问题和基于身份签名方案的密钥托管问题。在q-SDH和CDH困难假设下新方案是不可伪造的。     

批量代理量子盲签名方案

在经典密码学中的代理签名和盲签名基础之上,提出了批量代理量子盲签名方案.利用三进制两粒子量子纠缠系统的方法来进行密钥分配和文件量子态序列的编码.所有待签名的文件在通信过程中都被文件所有者的私钥加密.与经典盲签名方案不同之处在于,引入了试签名及对试签名的认证,以及双重身份(仲裁和代理)者的高效批量代理盲签名.安全性分析和效率讨论表明,通过仲裁者提供安全的批量代理盲签名的方法来完成对大量文件的高效盲签名是可行的.     

一种新的基于离散对数多重签名方案及其分布式计算

该文提出了一种新的基于离散对数多重签名方案 ,该方案改进了基于 Meta- El Gamal方案的多重签名方案和基于 Schnorr方案的多重签名方案中的密钥生成部分 ,成功地避免了原方案中存在的多个签名者如果在生成自己的密钥时相互合作就能达到日后否认消息签名的攻击 .文中最后给出了新方案的一种分布式计算设计 .     

一种基于双线性对的新型门限盲签名方案

双线性对和椭圆曲线在密码学研究中成为热点,同时盲签名和门限签名方案在实际应用中起着保护消息发送方隐私权和密钥分享的重要作用。论文提出一种利用椭圆曲线上的点基于双线性对的新型盲签名方案,并在此方案的基础上提出一种门限盲签名方案     

防止密钥暴露的代理签名方案

代理签名允许一个代理签名者代理原始签名人生成代理签名,但是很多代理签名方案面对代理密钥暴露攻击是脆弱的,因此提出一种使用普通签名方案构造的代理签名方案。主要改进了代理签名钥的生成,代理签名者用他的长期私钥对代理人的身份和证书进行签名;之后用代理签名人新生成的私钥和由代理签名人用长期私钥生成的签名来生成代理签名钥,这一代理签名方案可以有效防止代理密钥暴露攻击。     

FPGA implementation of a run-time configurable NTT-based polynomial multiplication hardware

Multiplication of polynomials of large degrees is the predominant operation in lattice-based cryptosystems in terms of execution time. This motivates the study of its fast and efficient implementations in hardware. Also, applications such as those using homomorphic encryption need to operate with polynomials of different parameter sets. This calls for design of configurable hardware architectures that can support multiplication of polynomials of various degrees and coefficient sizes.In this work, we present the design and an FPGA implementation of a run-time configurable and highly parallelized NTT-based polynomial multiplication architecture, which proves to be effective as an accelerator for lattice-based cryptosystems. The proposed polynomial multiplier can also be used to perform Number Theoretic Transform (NTT) and Inverse NTT (INTT) operations. It supports 6 different parameter sets, which are used in lattice-based homomorphic encryption and/or post-quantum cryptosystems. We also present a hardware/software co-design framework, which provides high-speed communication between the CPU and the FPGA connected by PCIe standard interface provided by the RIFFA driver [1]. For proof of concept, the proposed polynomial multiplier is deployed in this framework to accelerate the decryption operation of Brakerski/Fan-Vercauteren (BFV) homomorphic encryption scheme implemented in Simple Encrypted Arithmetic Library (SEAL), by the Cryptography Research Group at Microsoft Research [2]. In the proposed framework, polynomial multiplication operation in the decryption of the BFV scheme is offloaded to the accelerator in the FPGA via PCIe bus while the rest of operations in the decryption are executed in software running on an off-the-shelf desktop computer. The hardware part of the proposed framework targets Xilinx Virtex-7 FPGA device and the proposed framework achieves the speedup of almost 7 ×  in latency for the offloaded operations compared to their pure software implementations, excluding I/O overhead.     

SHA2 and SHA-3 accelerator design in a 7 nm technology within the European Processor Initiative

This paper proposes the architecture of the hash accelerator, developed in the framework of the European Processor Initiative. The proposed circuit supports all the SHA2 and SHA-3 operative modes and is to be one of the hardware cryptographic accelerators within the crypto-tile of the European Processor Initiative. The accelerator has been verified on a Stratix IV FPGA and then synthesised on the Artisan 7 nanometres TSMC silicon technology, obtaining throughputs higher than 50 Gbps for the SHA2 and 230 Gbps for the SHA-3, with complexity ranging from 15 to about 30 kGE and estimated power dissipation of about 13 (SHA2) to 26 (SHA-3) mW (supply voltage 0.75 V). The proposed design demonstrates absolute performances beyond the state-of-the-art and efficiency aligned with it. One of the main contributions is that this is the first SHA-2 SHA-3 accelerator synthesised on such advanced technology.     

Modified Elliptic Curve Cryptography Multi-Signature Scheme to Enhance Security in Cryptocurrency

Internet of Things (IoT) is an emerging technology that moves the world in the direction of smart things. But, IoT security is the complex problem due to its centralized architecture, and limited capacity. So, blockchain technology has great attention due to its features of decentralized architecture, transparency, immutable records and cryptography hash functions when combining with IoT. Cryptography hash algorithms are very important in blockchain technology for secure transmission. It converts the variable size inputs to a fixed size hash output which is unchangeable. Existing cryptography hash algorithms with digital signature have issues of single node accessibility and accessed up to 128 bytes of key size only. As well as, if the attacker tries to hack the key, it cancels the transaction. This paper presents the Modified Elliptic Curve Cryptography Multi Signature Scheme (MECC-MSS) for multiple node accessibility by finding nearest path for secure transaction. In this work, the input key size can be extended up to 512 bytes to enhance the security. The performance of the proposed algorithm is analyzed with other cryptography hash algorithms like Secure Hashing Algorithms (SHAs) such as SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 and Message Digest5 by one-way analysis of variance test in terms of accuracy and time complexity. Results show that the MECC-MSS achieves 90.85% of accuracy and time complexity of 1.4 nano seconds with significance less than 0.05. From the statistical analysis, it is observed that the proposed algorithm is significantly better than other cryptography hash algorithms and also having less time complexity.     

紧凑的Aigis-sig数字签名方案软硬件协同实现方法

基于理想格构造的 Aigis-sig 数字签名方案具有实现效率高、签名长度短、抗量子攻击等优势。针对Aigis-sig方案,构造了一种改进的模乘计算元件,设计了一种基于快速数论变换（NTT）算法实现环上多项式运算的紧凑硬件架构;同时以此架构为基础,提出了Aigis-sig数字签名方案的FPGA软硬件协同实现方法。实验表明,在Xilinx Zynq-7000 SoC平台上,CPU频率和硬件频率分别设置为666.66 MHz和150 MHz时,该实现方案相较于纯软件实现,签名阶段和验签阶段分别取得约26%和17%的性能提升。     

Colored Petri Net model with automatic parallelization on real-time multicore architectures

This paper proposes a novel Colored Petri Net (CPN) based dynamic scheduling scheme, which aims at scheduling real-time tasks on multiprocessor system-on-chip (MPSoC) platforms. Our CPN based scheme addresses two key issues on task scheduling problems, dependence detecting and task dispatching. We model inter-task dependences using CPN, including true-dependences, output-dependences, anti-dependences and structural dependences. The dependences can be detected automatically during model execution. Additionally, the proposed model takes the checking of real-time constraints into consideration. We evaluated the scheduling scheme on the state-of-art FPGA based multiprocessor hardware system and modeled the system behavior using CPN tools. Simulations and state space analyses are conducted on the model. Experimental results demonstrate that our scheme can achieve 98.9% of the ideal speedup on a real FPGA based hardware prototype.     

Hardware/software co-design for particle swarm optimization algorithm

This paper presents a hardware/software (HW/SW) co-design approach using SOPC technique and pipeline design method to improve design flexibility and execution performance of particle swarm optimization (PSO) for embedded applications. Based on modular design architecture, a Particle Updating Accelerator module via hardware implementation for updating velocity and position of particles and a Fitness Evaluation module implemented either on a soft-cored processor or Field Programmable Gate Array (FPGA) for evaluating the objective functions are respectively designed to work closely together to carry out the evolution process at different design stages. Thanks to the design flexibility, the proposed approach can tackle various optimization problems of embedded applications without the need for hardware redesign. To further improve the execution performance of the PSO, a hardware random number generator (RNG) is also designed in this paper in addition to a particle re-initialization scheme to promote exploration search during the optimization process. Experimental results have demonstrated that the proposed HW/SW co-design approach for PSO algorithms has good efficiency for obtaining high-quality solutions for embedded applications.     

Compact Keccak Hardware Architecture for Data Integrity and Authentication on FPGAs

ABSTRACT

Cryptographic hash functions play a crucial role in networking and communication security, including their use for data integrity and message authentication. Keccak hash algorithm is one of the finalists in the next generation SHA-3 hash algorithm competition. It is based on the sponge construction whose hardware performance is worth investigation. We developed an efficient hardware architecture for the Keccak hash algorithm on Field-Programmable Gate Array (FPGA). Due to the serialization exploited in the proposed architecture, the area needed for its implementation is reduced significantly accompanied by higher efficiency rate. In addition, low latency is attained so that higher operating frequencies can be accessed. We use the coprocessor approach which exploits the use of RAM blocks that exist in most FPGA platforms. For this coprocessor, a new datapath structure allowing parallel execution of multiple instructions is designed. Implementation results prove that our Keccak coprocessor achieves high performance in a small area.     

高效的可证安全短代理签名方案

代理签名在大规模无线工控物联网中应用广泛,利用代理签名可以大大提高签名主服务器的效率。为适应带宽受限和计算能力弱的应用环境,提出了一个基于双线性映射的短代理签名方案。首先,在随机预言机模型下基于计算Diffie-Hellman（CDH）问题和k-碰撞攻击算法（k-CAA）问题证明了该方案的安全性。然后,与其他现有代理签名和短代理签名方案进行了性能上的优势分析,并给出了该方案实现的关键代码。实验结果表明,所提方案在代理签名生成时进行了1次标量乘运算和1次哈希运算,签名验证时进行了2次双线性对运算、1次标量乘运算和2次哈希运算,与其他同类代理签名方案相比计算性能上具有优势,适用于计算能力较弱和传输能力受限的应用场景。     

A novel cryptoprocessor architecture for chained Merkle signature scheme

One-time signature schemes rely on hash functions and are, therefore, assumed to be resistant to attacks by quantum computers. These approaches inherently raise a key management problem, as the key pair can be used only for one message. That means, for one-time signature schemes to work, the sender must deliver the verification key together with the message and the signature. Upon reception, the receiver has to verify the authenticity of the verification key before verifying the signature itself. Hash-tree based solutions tackle this problem by basing the authenticity of a large number of verification keys on the authenticity of a root key. This approach, however, causes computation, communication, and storage overhead. Due to hardware acceleration, this paper proposes, for the first time, a processor architecture which boosts the performance of a one-time signature scheme without degrading memory usage and communication properties. This architecture realizes the chained Merkle signature scheme on the basis of Winternitz one-time signature scheme. All operations, i.e., key generation, signing, and verification are implemented on an FPGA platform, which acts as a coprocessor. Timing measurements on the prototype show a performance boost of at least one order of magnitude compared to an identical software solution.     

Implementation of a secure TLS coprocessor on an FPGA

In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.