Biblio

One of the most essential ways of communication is the wireless network. As a result, ensuring the security of information transmitted across wireless networks is a critical concern. For wireless networks, classical cryptography provides conditional security with several loopholes, but quantum cryptography claims to be unconditionally safe. People began to consider beyond classical cryptosystems for protecting future electronic communication when quantum computers became functional. With all of these flaws in classical cryptosystems in mind, people began to consider beyond it for protecting future electronic communication. Quantum cryptography addresses practically all flaws in traditional cryptography.

Multi-processors System-on-Chip (MPSoC) are a key enabling technology for different applications characterized by hyper-connectivity and multi-tenant requirements, where resources are shared and communication is ubiquitous. In such an environment, security plays a major role. To cope with these security needs, MPSoCs usually integrate cryptographic functionalities deployed as software and/or hardware solutions. Quantum computing represents a threat for the current cryptography. To overcome such a threat, Post-quantum cryptography (PQC) can be used, thus ensuring the long term security of different applications. Since 2017, NIST is running a PQC standardization process. While the focus has been the security analysis of the different PQC candidates and the software implementation, the MPSoC PQC implementation has been neglected. To this end, this work presents two contributions. First, the exploration of the multicore capabilities for developing optimized PQC implementations. As a use case, NTRU lattice-based PQC, finalist for the NIST standardization process, is discussed. Second, NTRU was deployed on an AURIX microcontroller of Infineon Technologies AG with the Real-Time Operating System PXROS-HR from HighTec EDV-Systeme GmbH. Results show that NTRU can be efficiently implemented and optimized on a multicore architecture, improving the performance up to 43% when compared to single core solutions.

We present a group signature scheme, based on the hardness of lattice problems, whose outputs are more than an order of magnitude smaller than the currently most efficient schemes in the literature. Since lattice-based schemes are also usually non-trivial to efficiently implement, we additionally provide the first experimental implementation of lattice-based group signatures demonstrating that our construction is indeed practical – all operations take less than half a second on a standard laptop. A key component of our construction is a new zero-knowledge proof system for proving that a committed value belongs to a particular set of small size. The sets for which our proofs are applicable are exactly those that contain elements that remain stable under Galois automorphisms of the underlying cyclotomic number field of our lattice-based protocol. We believe that these proofs will find applications in other settings as well. The motivation of the new zero-knowledge proof in our construction is to allow the efficient use of the selectively-secure signature scheme (i.e. a signature scheme in which the adversary declares the forgery message before seeing the public key) of Agrawal et al. (Eurocrypt 2010) in constructions of lattice-based group signatures and other privacy protocols. For selectively-secure schemes to be meaningfully converted to standard signature schemes, it is crucial that the size of the message space is not too large. Using our zero-knowledge proofs, we can strategically pick small sets for which we can provide efficient zero-knowledge proofs of membership.

Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short and efficiently verifiable proofs. They elegantly resolve the juxtaposition of individual privacy and public trust, by providing an efficient way of demonstrating knowledge of secret information without actually revealing it. To this day, zk-SNARKs are being used for delegating computation, electronic cryptocurrencies, and anonymous credentials. However, all current SNARKs implementations rely on pre-quantum assumptions and, for this reason, are not expected to withstand cryptanalitic efforts over the next few decades. In this work, we introduce the first designated-verifier zk-SNARK based on lattice assumptions, which are believed to be post-quantum secure. We provide a generalization in the spirit of Gennaro et al. (Eurocrypt'13) to the SNARK of Danezis et al. (Asiacrypt'14) that is based on Square Span Programs (SSPs) and relies on weaker computational assumptions. We focus on designated-verifier proofs and propose a protocol in which a proof consists of just 5 LWE encodings. We provide a concrete choice of parameters as well as extensive benchmarks on a C implementation, showing that our construction is practically instantiable.

Public-key cryptography (PKC), widely used to protect communication in the Internet of Things (IoT), is the basis for establishing secured communication channels between multiple parties. The foreseeable breakthrough of quantum computers represents a risk for many PKC ecosystems. Almost all approaches in use today rely on the hardness of factoring large integers or computing (elliptic-curve) discrete logarithms. It is known that cryptography based on these problems can be broken in polynomial time by Shors algorithm, once a large enough quantum computer is built. In order to prepare for such an event, the integration of quantum-resistant cryptography on devices operating in the IoT is mandatory to achieve long-term security. Due to their limited resources, tight performance requirements and long-term life-cycles, this is especially challenging for Multi-Processor System-on-Chips (MPSoCs) operating in this context. At the same time, it must be provided that well-known implementation attacks, such as those targeting a cipher's execution time or its use of the processor cache, are inhibited, as they've successfully been used to attack cryptosystems in the pre-quantum era. Hence, this work presents an analysis of the security-critical polynomial multiplication routine within the NTRU algorithm and its susceptibility to timing and cache attacks. We also propose two different countermeasures to harden systems with or without caches against said attacks, and include the evaluation of the respective overheads. We demonstrate that security against timing and cache attacks can be achieved with reasonable overheads depending on the chosen parameters of NTRU.