Patent Application
20220303133
Post-Quantum Cryptography is of growing importance, as demonstrated by ongoing standardization efforts of NIST, see [ABD+21].
An introduction to lattice-based key sharing schemes is described in [RHCB20]. Kyber and NewHope are lattice-based key-encapsulation mechanisms (KEMs). The following description picks Kyber as an exemplary embodiment. However, the examples described herein may be applied for NewHope or any lattice-based scheme requiring comparison in conjunction with similar compression techniques.
An objective is to improve existing solutions and in particular to hinder or avoid successful attacks against a cryptographic system or entity.
This is solved according to the features of the independent claims. Further embodiments result from the depending claims.
The examples suggested herein may in particular be based on at least one of the following solutions. Combinations of the following features may be utilized to reach a desired result. The features of the method could be combined with any feature(s) of the device, apparatus or system or vice versa.
A method is provided for compiling a compression function of a lattice-based cryptographic mechanism,
wherein the compression function is based on a lossy compression function;
wherein an error is determined based on a loss introduced by an integer division;
wherein an output of the compression function is determined based on the error.
The error may be regarded as a compression error or a rounding error.
Hence, the compression function can be determined without having to compute an integer division.
The compression function can also be regarded as a derived compression function that is based on the lossy compression function.
Compiling the compression function may comprise any generation, construction, creation or utilization of a compression function.
The compiled compression function may be a portion of a compression mechanism utilized with the lattice-based cryptographic mechanism.
According to an embodiment the output of the compression function is compared with a ciphertext or with an information that is based on the ciphertext.
According to an embodiment the compression function is determined based on a rounding down conversion
with
d being the compression parameter,
q being a prime number,
x being an information that is subject to the compression,
┌·┘ being a rounding operation,
└·┘ being a rounding down operation to the next smallest integer, and
mod 2d meaning reducing the result to the range [0, 2d−1].
According to an embodiment the term
(x·2d+q/2)mod q
is the error.
According to an embodiment the input of the compression function is split into at least two shares.
According to an embodiment the comparison function is determined after an arithmetic-to-Boolean conversion
According to an embodiment the compression function is at least partly conducted on one of the following:
a security device,
a secured cloud,
a secured service,
an integrated circuit,
a hardware security module,
a trusted platform module,
a crypto unit,
a FPGA,
a processing unit,
a controller,
a smartcard.
Also, a security device is provided that is arranged to compile a compression function by executing the steps:
determining an error based on a loss introduced by an integer division pursuant to a lossy compression function;
determining an output of the compression function based on the error.
According to an embodiment the security device is one of the following or comprises at least one of the following:
a secured cloud,
a secured service,
an integrated circuit,
a hardware security module,
a trusted platform module,
a crypto unit,
a FPGA,
a processing unit,
a controller,
a smartcard.
Furthermore, a computer program product is suggested, which is directly loadable into a memory of a digital processing device, comprising software code portions for performing the steps of the method as described herein.
Embodiments are shown and illustrated with reference to the drawings. The drawings serve to illustrate the basic principle, so that only aspects necessary for understanding the basic principle are illustrated. The drawings are not to scale. In the drawings the same reference characters denote like features.
A protection against chosen ciphertext attacks is achieved by conducting a re-encryption and a comparison at the receiver.
In
The plaintext pt is then encrypted by an encryption unit 203 using the public key pk. The output of the encryption unit 203 is connected to a compression unit 204, which compiles a ciphertext ct* based on the plaintext pt.
Also, the plaintext pt is fed to a hash function 203, which compiles the hash value k based on the plaintext pt and the public key pk.
A comparing unit 205 compares the ciphertext ct* with the ciphertext ct from the sender. If both ciphertexts ct and ct* are identical, a multiplexer 207 is switched to connect to the output of the hash function 203, which allows conveying the hash value k as an output value. Otherwise, the multiplexer 207 is switched to another input, which conveys a value indicating an error as the output.
Hence, during decapsulation, Kyber re-encrypts a decrypted message. The outcome of this re-encryption is then compared to the received ciphertext. If they match, only then the hash value k is released. This re-encryption and the final comparison need to be protected against side-channel attacks.
Hence, the hash value k can be generated at the sender shown in
It is noted that compression and decompression may be specified as internal components of the encryption unit 101 and of the decryption unit 203, respectively. Here, to highlight this functionality, compression and decompression are put into dedicated units (compression unit 102 and decompression unit 201).
Hereinafter, an approach will be described that enables an efficient solution to in particular protect the operations conducted by the compression unit 204.
A large part of the re-encryption can be protected using arithmetic masking over Zq, i.e., a sensitive value v is split into values v′, v″ such that
v=(v′+v″)mod q, (1)
then the values v′, v″ are processed independently. The values v′, v″ are also referred to as shares of v. For Kyber, the modulus q=3329 may be used in parameter sets.
In the last step of the re-encryption, intermediate values c* (arithmetically shared) are compressed and then packed into bytes. The outcome (in
A protected computation of packing might be avoided by instead unpacking the received ciphertext c and then comparing the unpacked version, since
Unpack(Pack(x))=x. (2)
However, this does not work in combination with a lossy compression:
Decompress(Compress(x))≠x (3)
Computing the compression in a masked manner is difficult and will likely need several costly masking conversions (between masking arithmetically mod q, arithmetically mod 2d, and boolean). Thus, such an approach may easily get inefficient.
In the Kyber specification [ABD+21], compression and decompression are determined as follows:
Compressq(x,d)=┌(2d/q)·x┘mod 2d (4)
Decompressq(x,d)=┌(q/2d)·x┘ (5)
with
d being the compression parameter,
┌·┘ being a rounding operation (rounding to the nearest integer), and
mod 2d means reducing the result to the range [0, 2d−1].
For performance reasons, floating-point arithmetic is usually avoided. Hence, the above may beneficially be computed using integer operations. However, most processors do not directly support rounding to the nearest integer after an integer division, but instead round to the next lower integer (also referred to as rounding down):
c=└a/b┘,
For the above reason, a rounding to the nearest (upper or lower) integer can be done by first adding a value of 0.5 and then rounding down, i.e.
┌x┘=└x+0.5┘.
Since floating-point arithmetic is avoided and rounding occurs after a division, the following may be used:
┌a/b┘=└a/b+½┘=└(a+b/2)/b┘. (6)
The last variant can be computed using only integer operations. Applying this on the definition of the compression according to Equation (4) results in:
Compressq(x,d)=└(x·2d+q/2)/q┘mod 2d. (7)
Compression also requires a reduction modulo 2d, which may be achieved by selecting only the d lowest bits of any number and setting all upper bits to 0. This can be achieved using a bitwise AND operation with a bit mask. Multiplications with 2d can be done applying a bitwise shift left by d bits.
The Kyber C reference implementation thus realizes compression and decompression as follows:
compressed=((x<<d)+Q/2)/Q&((1<<d)−1)
decompressed=((x*Q)+(1<<(d−1))>>d
Compression involves an integer division by the constant q. Division instructions can be expensive in terms of runtime, especially on low-cost devices. Also, the runtime can depend on the values of the input operands; such runtime dependencies are preferably avoided in a secured implementation. Hence, compilers may replace a division by constant with a multiplication of the reciprocal. An example shows the following assembler listing for the compression core (using d=4):
For clarification reasons, a corresponding disassembly is shown hereinafter. It involves additions, a multiplication with the reciprocal of q, and several bit-wise operations (shifts, extraction):
x=x<<4; x=x+0x680;//q/2=0x680
int64_t t=x*0x3afb7681ul;//mult. with a
t=t>>32;//only use upper 32 bits of the product
x=x−t;
x=x>>1;
x=x+t;
x=x>>11;
x=x & 0xf;
For achieving side-channel protection, the compression is to be computed in a masked manner, i.e., operations are conducted on a shared representation of the involved variables and the shares are processed independently. Doing this directly is difficult because of the multitude of different operations.
There exist two variants of masking/sharing, namely Boolean and arithmetic masking. The more beneficial variant may depend on the computed operation. In the following description of the masking variants, parentheses are used to highlight that computations on the two shares are done independently. Also, the shares are beneficially not combined (unmasked) as long as the shared value is security relevant. The combination of the shares in the following examples is to merely demonstrate the equality of shared and non-shared operations.
The shares x and x are combined using a boolean XOR operation “⊕”:
x=x′⊕x″ (8)
This representation allows easy bit shifting, as
x<<d=(x′<<d)⊕(x″<<d), (9)
and easy extraction of bits and thus reductions mod 2d, as
x mod 2d=(x′ mod 2d)⊕(x″ mod 2d) (10)
It also allows easy XOR-combining of two shared values, as
x⊕y=(x′⊕y′)⊕(x″⊕y″). (11)
The shares x and x are combined using an addition
x=(x′+x″)mod n. (12)
In the following examples, the equations are conducted mod n. Arithmetic masking allows easy addition of masked values, i.e.,
x⊕y=(x′+y′)+(x″+y″) (13)
and multiplication with a constant, i.e.,
x·c=(x′·c)+(x′·c). (14)
A protected Kyber implementation might use two different moduli: n=q or n=2d.
There are algorithms that allow conversion between these representations. Such algorithms are known as Boolean-to-arithmetic (B2A) and arithmetic-to-Boolean (A2B) conversions (see, e.g., [Gou01, CGTV15]) and may assume that n=2d, e.g., 232. Switching between different moduli for arithmetic sharing purposes also requires conversions.
The above exemplary uses two shares x and x, but values may accordingly be split into more than two shares.
Encryption involves computations on values which are reduced mod q (with q being a prime number). Hence, in a protected implementation, the output of the encryption, which may serve as an input of the compression, is likely shared arithmetically mod q. The first three lines of the disassembly above are the easiest to compute when masked arithmetically mod 264. The subsequent shift may be processed using Boolean masking. This is followed by several shifts and additions/subtractions, which again need different representations. Hence, multiple expensive masking conversions are needed for computing a single call of the compression function.
Examples described herein allow performing protected comparison in an efficient manner, which reduces the cost down to a single masking conversion, thus improving the performance.
c·q mod 2d
and its output is conveyed to the comparing unit 205.
The encryption unit 203 encrypts the plaintext pt into an intermediate ciphertext c*, which is forwarded to a compression unit 304. The output of the compression unit 304 is supplied to the comparing unit. The compression unit 304 will be described in more detail below.
The compression function involves an integer division by q. Instead of directly computing this division on the masked data, an error (also referred to as roundoff error of compression error) introduced by the division is computed and then this error is subtracted from the dividend. In other words, this allows obtaining
└(x·2d+q/2)/q┘·q
without actually having to compute the division. The output can then be compared to the output of the function c·q.
Hence, a different way of evaluating
Compress(c*)c (15)
is suggested, with denoting an equality test.
Inserting the definition of compression using the rounding conversion (Equation (7)) results in:
Compressq(c*)=└(c*·2d+q/2)/q┘mod 2dc mod 2d (16)
The modulo operator is defined to return the remainder after an integer division with the modulus q. Per this definition, each number x can be written as the sum of a multiple X of the modulus q and the remainder x mod q, i.e.
x=X·q+(x mod q), (17)
with X=└x/q┘. When setting x=c*·2d+q/2, the following applies:
X=└(c*+·2d+q/2)/q┘. (18)
This closely matches the definitions of compression given in Equation (7) and Equation (16).
After multiplying both sides of Equation (16) with q, the left side reads X·q, which can be replaced with
x−(x mod q),
since
X·q=x−(x mod q)
per Equation (17).
Hence, Equation (16) becomes
(c*·2d+q/2−((c*·2d+q/2)mod q))mod 2dc·q mod 2d. (19)
The left-hand side of Equation (19) is what is calculated in the compression unit 304. The comparison unit 205 then compares it with c·q mod 2d.
The term
(c*·2d+q/2)mod q (20)
can be interpreted as a roundoff error, i.e., a difference
x−└x/q┘·q.
By subtracting this compression error from the dividend x, one essentially computes └x/q┘·q without the need for a division.
The first term c*·2d≡0 mod 2d can thus be omitted. The ciphertext c is public, thus as many operations as possible may be performed on the right side of the equation. The addition of q/2 can be moved and the entire relation negated, which results in:
((c*2d+q/2)mod q)mod 2d(q/2−c·q)mod 2d. (21)
The comparison described in Equation (21) needs to be computed in a protected manner. The right-hand side of the equation does not contain any sensitive data (the ciphertext c is public) and can be computed without adding countermeasures. The left-hand side involves the secret c* and thus needs to be computed in a masked manner.
As noted above, the re-encryption returns c* masked arithmetically mod q:
c*=c
1
*+c
2* mod q (22)
The multiplication with 2d and the addition of q/2 can be computed on each share independently:
c*·2d+q/2=(c1*·2d+q/2)+(c2*·2d (23)
The two arithmetic shares are then converted to Boolean shares using an arithmetic-to-Boolean (A2B) conversion
(t′,t″)=A2B(c1*·2d+q/2,c2*·2d). (24)
By definition of the A2B conversion, it holds that
(c*·2d+q/2)mod q=t′⊕t′. (25)
The reduction modulo 2d can be done on the Boolean representation, leading to:
((c*·2d+q/2)mod q)mod 2d=(t′ mod 2d)⊕(t″ mod 2d). (26)
Hence, Equation (21) becomes
(t′ mod 2d)⊕(t″ mod 2d)(q/2−c·q)mod 2d. (27)
Since testing ab is equivalent to a⊕b
0, with the second option being easier to implement using masked arithmetic, the final comparison of the left-hand side with the right-hand side can be conducted using a masked XOR and a masked AND/OR gate:
((t′⊕(q/2−c·q))⊕t″)mod 2d0. (28)
In this example, the CPU 501 has access to at least one crypto module 504 over a shared bus 505 to which each crypto module 504 is coupled. Each crypto module 504 may in particular comprise one or more crypto cores to perform certain cryptographic operations. Exemplary crypto cores are:
an AES core 509,
a SHA core 510,
an ECC core 511, and
a lattice-based crypto core 508.
The CPU 501, the hardware random number generator 112, the NVM 503, the crypto module 504, the RAM 502 and the input/output interface 507 are connected to the bus 505. The input output interface 507 may have a connection to other devices, which may be similar to the processing device 500.
The crypto module 504 may or may not be equipped with hardware-based security features.
The bus 505 itself may be masked or plain. Instructions to process the steps described herein may in particular be stored in the NVM 503 and processed by the CPU 505. The data processed may be stored in the NVM 503 or in the RAM 502. Supporting functions may be provided by the crypto modules 504 (e.g., expansion of pseudo random data).
Steps of the method described herein may exclusively or at least partially be conducted on the crypto module 504, e.g. on the lattice-based crypto core 508.
The processing device 500 may be a chip card powered by direct electrical contact or through an electro-magnetic field. The processing device 500 may be a fixed circuit or based on reconfigurable hardware (e.g., Field Programmable Gate Array, FPGA). The processing device 500 may be coupled to a personal computer, microcontroller, FPGA or a smart phone.
The solution described herein may be used by a customer that intends to provide a secure implementation of lattice-based cryptography on a smart card or any secure element.
The HSM 601 comprises a controller 602, a hardware-random number generator (HRNG) 606 and at least one crypto module 603. The crypto module 603 exemplary comprises an AES core 604 and a lattice-based crypto (LBC) core 605.
According to one embodiment, the HSM 601 and the application processor 607 may be fabricated on the same physical chip with a tight coupling. The HSM 601 delivers cryptographic services and secured key storage while the application processor may perform computationally intensive tasks (e.g., image recognition, communication, motor control). The HSM 601 may be only accessible by a defined interface and considered independent of the rest of the system in a way that a security compromise of the application processor 607 has only limited impact on the security of the HSM 601. The HSM 601 may perform all tasks or a subset of tasks described with respect to the processing device 600 by using the controller 602, the LBC 605, supported by, exemplary, an AES 604 and the HRNG 606. It may execute the procedures described herein (at least partially) either controlled by an internal controller or as CMOS circuit. Moreover, also the application processor 607 may perform the procedures described herein (at least partially, e.g., in collaboration with the HSM 601).
The processing device 600 with this application processor 607 and HSM 601 may be used as a central communication gateway or (electric) motor control unit in cars or other vehicles.
In one or more examples, the functions described herein may be implemented at least partially in hardware, such as specific hardware components or a processor. More generally, the techniques may be implemented in hardware, processors, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium and executed by a hardware-based processing unit. Computer-readable media may include computer-readable storage media, which corresponds to a tangible medium such as data storage media, or communication media including any medium that facilitates transfer of a computer program from one place to another, e.g., according to a communication protocol. In this manner, computer-readable media generally may correspond to (1) tangible computer readable storage media which is non-transitory or (2) a communication medium such as a signal or carrier wave. Data storage media may be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementation of the techniques described in this disclosure. A computer program product may include a computer-readable medium.
By way of example, and not limitation, such computer-readable storage media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium, i.e., a computer-readable transmission medium. For example, if instructions are transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. It should be understood, however, that computer-readable storage media and data storage media do not include connections, carrier waves, signals, or other transient media, but are instead directed to non-transient, tangible storage media. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
Instructions may be executed by one or more processors, such as one or more central processing units (CPU), digital signal processors (DSPs), general purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry. Accordingly, the term “processor”, as used herein may refer to any of the foregoing structure or any other structure suitable for implementation of the techniques described herein. In addition, in some aspects, the functionality described herein may be provided within dedicated hardware and/or software modules configured for encoding and decoding, or incorporated in a combined codec. Also, the techniques could be fully implemented in one or more circuits or logic elements.
The techniques of this disclosure may be implemented in a wide variety of devices or apparatuses, including a wireless handset, an integrated circuit (IC) or a set of ICs (e.g., a chip set). Various components, modules, or units are described in this disclosure to emphasize functional aspects of devices configured to perform the disclosed techniques, but do not necessarily require realization by different hardware units. Rather, as described above, various units may be combined in a single hardware unit or provided by a collection of inter-operative hardware units, including one or more processors as described above, in conjunction with suitable software and/or firmware.
Although various exemplary embodiments of the invention have been disclosed, it will be apparent to those skilled in the art that various changes and modifications can be made which will achieve some of the advantages of the invention without departing from the spirit and scope of the invention. It will be obvious to those reasonably skilled in the art that other components performing the same functions may be suitably substituted. It should be mentioned that features explained with reference to a specific figure may be combined with features of other figures, even in those cases in which this has not explicitly been mentioned. Further, the methods of the invention may be achieved in either all software implementations, using the appropriate processor instructions, or in hybrid implementations that utilize a combination of hardware logic and software logic to achieve the same results. Such modifications to the inventive concept are intended to be covered by the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 102021106883.5 | Mar 2021 | DE | national |
