- Public-Key Cryptography: RSA, DSA, ECC Private-Key Cryptography: AES, DES, RC4, etc.. - portant cryptographic applications in the industry are studied and analyzed.. - Encoding the contents of the message in such a way that its contents cannot be unveiled by outsiders is called encryption. - Cryptography falls into two important categories: secret and public key cryptography. - The most popular block cipher algorithm used in practice is DEA {Data En- cryption Algorithm) defined in the standard DES [251]. - Incompleteness It is impossible to implement some of the security ser- vices mentioned before. - It is noticed that the AES secret key is generated by means of the hash value corresponding to the pass-phrase given by the user. - Another typical application of Hash functions is in the domain of pseudorandom sequences as shown in Fig. - Nevertheless, the main application of hash function is as a key building block for generating digital signatures as it is explained in the next Section.. - 2.4 Public Key C r y p t o g r a p h y. - Private-Key. - Public Key Cryptography. - Although Diffie and Hellman were the first in publishing the concepts of public key cryptography in the open literature, we know now that they were not the first inventors. - The public key is available to everyone at the sending end. - However a private or secret key is known only to the recipient of the message. - Public key cryptosystems can be used for generating digital signatures^. - This is due to efficiency reasons as public key cryptosystems tend to be computationally intensive. - it with the private key of the sender. - This becomes the signature part of the message.. - Public Key Crypto-scheme. - Public key cryptography Main Primitives. - 2.7 Public key cryptosystems' main primitives are:. - Elliptic curve discrete Logarithm problem: Let E. - Consider the /c-multiple of the point P, Q = kP defined as the elliptic curve point resulting of adding P , /c — 1 times with itself, where /c is a positive scalar in | l , n — 1]. - In the cryptography domain a large prime number has a bit-length of at least 512 bits.. - Undoubtedly, the most popular public-key algorithms are RSA (based on factoring large numbers), DSA and ElGamal (batsed on discrete log problem) and Elliptic Curve Cryptosystems. - It is based on elliptic curve addition operation.. - RSA algo- rithm is symmetric in the sense that both, the public key and the private key can be utilized for encrypting a message.. - Ensure: RSA public key (n, e) and private key d.. - RSA encryption/decryption and Signature/verification are based in the Euler theorem identity, which establishes that,. - The author A of the message m computes the hash value h = H(m), Then, A computes the signature s — h^. - Require: Sender's public key (n,e), Sender's private key d, message m.. - Require: Sender's public key (n, e), message m, digital signature s.. - The Digital Signature Algorithm (DSA) is based in the crypto-scheme pro- poned by ElGamal in 1984, which in turn is based on the discrete logarithm problem. - Many versions of the original ElGamal procedure has been proposed.. - The parameter g G [2,p — 1] specifies a generator of the multiphcative cyclic subgroup (g) of order q. - The problem of finding x given the domain parameters {p,q^g) and the public key y is known as the discrete logarithm problem.. - Ensure: Private key x and public key y.. - Then, the other component of the DSA signature can be computed as,. - the correctness of the DSA based on the following observation,. - Elliptic curves over real numbers are defined as the set of points (x, y) which satisfy the elliptic curve equation of the form:. - Require: Domain parameters {p,q,g), Sender's public key t/, message m and sig- nature (r, s).. - 1: if r, s are not in the interval [1. - elliptic curve as shown in Figure 4.1. - An elliptic curve group over real numbers consists of the points on the corresponding elliptic curve, together with a special point O called the point at infinity. - Elliptic curve groups are additive groups. - The negative of a point P = (x, y) is its reflection in the x-axis: the point — P is (x, —y). - Once again, t h e elliptic curve includes all. - T h e domain parameters needed for o b t a i n i n g a public key c r y p t o s y s t e m based on t h e elliptic curve discrete l o g a r i t h m problem over F^ are t h e following [133],. - T h e p r o b l e m of defining d given P a n d Q is known as t h e elliptic curve discrete logarithm problem.. - Randomly choose d in the range [1, n - 0 = d P. - Elliptic curve theory is covered in Chapter 4. - 1: Randomly Select k in the interval [ l , n — 1]. - Notice t h a t in line 8 of t h a t p r o c e d u r e , t h e elliptic curve point X = ui • P. - Require: Domain parameters: {q,a,b,P,n,h), signature {r,s), Sender's public key Q, message m.. - 1: if r, s are not in the interval [1, n — 1] then 2: Ret urn ("Reject"). - In the following, we will describe the basic Diffie-Hellman exchange protocol followed by its elliptic curve version.. - In the Diffie-Hellman protocol, g and p are the domain parameters and K is the private key for the session which can be used as a shared secret for secure communication between A and B via symmetric cryptography.. - Diffie-Hellman protocol is considered secure if G and g are chosen properly, i.e., the eavesdropper has an enormous difficulty to compute the element g"". - Elliptic Curve DifRe-Hellman Key Exchange Protocol. - Both A and B can now compute the point r\r2P by performing the eUiptic curve scalar multiplication of the received value of r2P, viP by his/her secret number r i , r2, respectively.. - 2.6 A Comparison of Public Key C r y p t o s y s t e m s. - Elliptic Curve Variant of the DifRe-Hellman Protocol. - High performance implementations of elliptic curve cryptography depend heavily on the efficiency in the computation of the finite field arithmetic op- erations needed for the elliptic curve operations. - Therefore, hardware/software implementations of the group operations are, for all the practical sizes of the group, computationally intensive.. - In the case of RSA, the largest RSA modulus factored is a 640-bit (193- digit) integer in November . - Some of the major factors that determine the security strength of a given symmetric block cipher algorithm include, the quality of the algorithm itself, the key size used and the block size handled by the algorithm^.. - The security strength of an n-bit key symmetric block cipher algorithm, which has no known security flaws, is measured in terms of the amount of work it takes to try all possible keys, an attack traditionally known as the brute-force attack.. - In the case of 2TDEA, provided that the attacker can manage to gather approximately 2. - On the other hand and due to performance, functionality or compatibiHty reasons, algorithms of different strengths and key sizes are frequently com- bined in the same application. - In general, the weakest algorithm and key size used for cryptographic protection determines the strength of the protection provided to the system. - Alternatively, 256-bit ECC can be used to substitute RSA as a public key cryptographic engine.. - Notice, however, that novel or improved attacks and/or technologies may be developed in the future, leaving some of the al- gorithms included in Table 2.1 partially or completely broken. - Under such a dynamic scenario, some of the most popular applications in the domain of information security include.. - Numerous useful activities for increasing the security of cryptographic algorithms have happened in the few last years. - The selection of the new Advance Encryption Standard (AES) 'Rijndael' and the inclusion of Elliptic curve cryptography (ECC) in international standards provide such examples.. - A short list of the candidate applications corresponding to category 1 are presented in Table 2.2. - High speed or highly efficient applications therefore reside in the range from 400Kbps onward.. - This is one of the reasons for their fast encryption speed. - Any change or modification in the design is a difficult or even impossible task.. - Hence, n iterations of the algorithm are carried out by feeding back pre- vious round results. - For a high speed network, instead of implementing one round, n rounds of the algorithm can be replicated and registers are provided between the rounds to control the flow of data. - At the same time, in several contexts, designers may use reconfigurable FPGA logic to implement in the same hardware both the public key al- gorithm for the generation and secure exchange of key and the private key algorithm traditionally used in the bulk encryption of the underlying traffic.. - This way, basic concepts of cryptography along with a description of the main building blocks necessary for constructing security applications was given. - Those two makers have over 70% of the FPGA market share.. - We begin in Section 3.1 by reviewing some historical milestones of FPGA development and then we review in Section 3.2 the two most currently used FPGA technologies, namely, Xilinx and Altera. - Then we compare in Sec- tion 3.3 the performance of FPGA realizations against the ones on ASICs and general-purpose processor platforms. - In Section 3.7 we give a brief overview of some of the security concerns and attacks on FPGA technology. - In the mid 1970s, Programmable Logic Devices (PLDs) were introduced by companies such as IBM, Monohthic Memories, Inc (MMI) and AMD. - However, registered PLDs including one flip-flop at each output of the circuit, were soon available. - That allowed the integration in the mid 1980s of several either GAL or PAL devices on the same chip, thus given birth to the CPLD (Complex PLD) devices. - Field Programmable Gate Array (FPGA) devices were introduced by Xil- inx in the mid 1980s. - Examples of the CSoC tech- nology are the Xihnx Virtex-II PRO, and the Virtex-4 and Virtex-5 FPGA families, which include one or more hard-core PowerPC processors embedded along with the FPGA's logic fabric . - Alternatively, soft processor cores that are implemented using part of the FPGA logic fabric are also available. - Some of the most notorious examples are:. - 3.1 shows the taxonomy of the programmable logic devices just dis- cussed. - In the next Section, more specific details of the FPGA device internal architecture are given.. - The specific design of the CLE blocks varies from manufacturer to manufacturer and even, from device to device. - It is customary to define the granularity of the reconfigurable logic as the size of the smallest functional unit that can be addressed by the programming tools.. - The level of granularity has a great impact in the device configuration time
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt