Precomputation Methods for Faster and Greener Post-Quantum Cryptography on Emerging Embedded Platforms

Precomputation techniques are useful to improve realtime performance of complex algorithms at the expense of extra memory, and extra preparatory computations. This practice is neglected especially in the embedded context where energy and memory space is limited. Instead, the embedded space favors the immediate reduction of energy and memory footprint. However, the embedded platforms of the future may be different from the traditional ones. Energy-harvesting sensor nodes may extract virtually limitless energy from their surrounding, while at the same time they are able to store more data at cheaper cost, thanks to Moore’s law. Yet, minimizing the run-time energy and latency will still be primary targets for today’s as well as future real-time embedded systems. Another important challenge for the future systems is to provide efficient public-key based solutions that can thwart quantum-cryptanalysis. In this article, we address these two concepts. We apply precomputation techniques on two post-quantum digital signature schemes: hash-based and lattice-based digital signatures. We first demonstrate that precomputation methods are extensible to post-quantum cryptography and are applicable on current energy-harvesting platforms. Then, we quantify its impact on energy, execution time, and the overall system yield. The results show that precomputation can improve the run-time latency and energy consumption up to a factor of 82.7× and 11.8×, respectively. Moreover, for a typical energy-harvesting profile, it can triple the total number of generated signatures. We reveal that precomputation enables very complex and even probabilistic algorithms to achieve acceptable real-time performance on resource-constrained platforms. Thus, it will expand the scope of post-quantum algorithms to a broader range of platforms and applications.

[1]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[4]  Danilo Gligoroski,et al.  A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems , 2014, Public Key Cryptography.

[5]  Thomas Eisenbarth,et al.  Faster Hash-Based Signatures with Bounded Leakage , 2013, Selected Areas in Cryptography.

[6]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[7]  Patrick Schaumont,et al.  Energy-Architecture Tuning for ECC-Based RFID Tags , 2013, RFIDSec.

[8]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[9]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[10]  Christof Paar,et al.  Fast Hash-Based Signatures on Constrained Devices , 2008, CARDIS.

[11]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[12]  Chris Peikert,et al.  SWIFFT: A Modest Proposal for FFT Hashing , 2008, FSE.

[13]  Christopher Wolf,et al.  Solving Underdetermined Systems of Multivariate Quadratic Equations Revisited , 2012, Public Key Cryptography.

[14]  Ramarathnam Venkatesan,et al.  Speeding up Discrete Log and Factoring Based Schemes via Precomputations , 1998, EUROCRYPT.

[15]  Christof Zalka,et al.  Shor's discrete logarithm quantum algorithm for elliptic curves , 2003, Quantum Inf. Comput..

[16]  Peter Schwabe,et al.  Software Speed Records for Lattice-Based Signatures , 2013, PQCrypto.

[17]  Rachid El Bansarkhani,et al.  LCPR: High Performance Compression Algorithm for Lattice-Based Signatures and Schnorr-like Constructions , 2014, IACR Cryptol. ePrint Arch..

[18]  Kevin Fu,et al.  Mementos: system support for long-running computation on RFID-scale devices , 2011, ASPLOS XVI.

[19]  Andreas Hülsing,et al.  Forward Secure Signatures on Smart Cards , 2012, Selected Areas in Cryptography.

[20]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[21]  Patrick Schaumont,et al.  Low-cost and area-efficient FPGA implementations of lattice-based cryptography , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[22]  Peter de Rooij,et al.  Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[23]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[24]  Rasool Jalili,et al.  Implementation and Comparison of Lattice-based Identification Protocols on Smart Cards and Microcontrollers , 2014, IACR Cryptol. ePrint Arch..

[25]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[26]  Donald F. Towsley,et al.  DEOS: Dynamic energy-oriented scheduling for sustainable wireless sensor networks , 2012, 2012 Proceedings IEEE INFOCOM.

[27]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[28]  Ernest F. Brickell,et al.  Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[29]  Nigel P. Smart,et al.  Hash Based Digital Signature Schemes , 2005, IMACC.

[30]  David Wetherall,et al.  Dewdrop: An Energy-Aware Runtime for Computational RFID , 2011, NSDI.

[31]  Eli Harari The Non-Volatile Memory Industry - A Personal Journey , 2011, 2011 3rd IEEE International Memory Workshop (IMW).

[32]  Stanislav Bulygin,et al.  Small Public Keys and Fast Verification for Multivariate Quadratic Public Key Systems , 2011, IACR Cryptol. ePrint Arch..

[33]  Chiara Petrioli,et al.  Low-cost Standard Signatures in Wireless Sensor Networks: A Case for Reviving Pre-computation Techniques? , 2013, NDSS.

[34]  Tim Güneysu,et al.  Enhanced Lattice-Based Signatures on Reconfigurable Hardware , 2014, CHES.

[35]  Patrick Schaumont,et al.  Energy Budget Analysis for Signature Protocols on a Self-powered Wireless Sensor Node , 2014, RFIDSec.

[36]  Gilles Brassard,et al.  Quantum Cryptanalysis of Hash and Claw-Free Functions , 1998, LATIN.

[37]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[38]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[39]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[40]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[41]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[42]  Chiara Petrioli,et al.  AGREE: exploiting energy harvesting to support data-centric access control in WSNs , 2013, Ad Hoc Networks.

[43]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[44]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[45]  Tim Güneysu,et al.  Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware , 2012, LATINCRYPT.

[46]  Tim Güneysu,et al.  Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices , 2014, PQCrypto.