Performance Analysis of TLS for Quantum Robust Cryptography on a Constrained Device

Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor's algorithm and which create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device.

[1]  Ingrid Verbauwhede,et al.  Saber on ARM CCA-secure module lattice-based key encapsulation on ARM , 2018, IACR Cryptol. ePrint Arch..

[2]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[3]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[4]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[5]  Patrick C. Fischer Turing machine , 2003 .

[6]  Bo-Yin Yang,et al.  Design Principles for HFEv- Based Multivariate Signature Schemes , 2015, ASIACRYPT.

[7]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[8]  Gideon Yuval,et al.  How to Swindle Rabin , 1979, Cryptologia.

[9]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[11]  Ariel Shamir,et al.  Cryptanalysis of the oil and vinegar signature scheme , 1998 .

[12]  Christopher Wolf,et al.  Multivariate quadratic polynomials in public key cryptography , 2005, IACR Cryptol. ePrint Arch..

[13]  Jintai Ding,et al.  Current State of Multivariate Cryptography , 2017, IEEE Security & Privacy.

[14]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[15]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[16]  Paulo S. L. M. Barreto,et al.  BIKE: Bit Flipping Key Encapsulation , 2017 .

[17]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[18]  Arjun Chopra,et al.  GLYPH: A New Insantiation of the GLP Digital Signature Scheme , 2017, IACR Cryptol. ePrint Arch..

[19]  Nicolas Sendrier,et al.  Code-Based Cryptography: State of the Art and Perspectives , 2017, IEEE Security & Privacy.

[20]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[21]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[22]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[23]  Oded Goldreich,et al.  Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme , 1986, CRYPTO.

[24]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[25]  Rickard Johansson,et al.  Post-quantum Secure Communication on a Low Performance IoT Platform , 2016 .

[26]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[27]  Hwajeong Seo,et al.  Optimized SIKE Round 2 on 64-bit ARM , 2019, IACR Cryptol. ePrint Arch..

[28]  Philippe Gaborit,et al.  Shorter keys for code-based cryptography , 2005 .

[29]  Jani Suomalainen,et al.  Evaluating the Efficiency of Physical and Cryptographic Security Solutions for Quantum Immune IoT , 2018, Cryptogr..

[30]  Peter Schwabe,et al.  From 5-Pass MQ -Based Identification to MQ -Based Signatures , 2016, ASIACRYPT.

[31]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[32]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[33]  Louis Goubin,et al.  QUARTZ, 128-Bit Long Digital Signatures , 2001, CT-RSA.

[34]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[35]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[36]  Oded Goldreich,et al.  A Short Tutorial of Zero-Knowledge , 2013, Secure Multi-Party Computation.

[37]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[38]  Audun Jøsang,et al.  The Impact of Quantum Computing on Present Cryptography , 2018, ArXiv.

[39]  A. Turing Intelligent Machinery, A Heretical Theory* , 1996 .

[40]  Peter Schwabe,et al.  pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4 , 2019, IACR Cryptol. ePrint Arch..

[41]  Christian Paquin,et al.  Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH , 2019, IACR Cryptol. ePrint Arch..

[42]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[43]  Douglas Stebila,et al.  Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project , 2016, SAC.

[44]  Kwangjo Kim,et al.  Performance evaluation of liboqs in Open Quantum Safe project (Part I) , 2018 .

[45]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[46]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[47]  David Bernhard,et al.  Zero-knowledge proofs in theory and practice , 2014 .

[48]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[49]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2014, J. Math. Cryptol..

[50]  Chen-Mou Cheng,et al.  Could SFLASH be Repaired? , 2008, ICALP.

[51]  Gilles Brassard,et al.  Quantum cryptanalysis of hash and claw-free functions , 1997, SIGA.

[52]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[53]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[54]  Bo-Yin Yang,et al.  Multivariate Public Key Cryptography , 2009 .

[55]  Petr Dzurenda,et al.  On Feasibility of Post-Quantum Cryptography on Small Devices , 2018 .

[56]  Florian Mendel,et al.  Haraka v2 - Efficient Short-Input Hashing for Post-Quantum Applications , 2017, IACR Trans. Symmetric Cryptol..

[57]  David J. Lilja,et al.  Measuring computer performance : A practitioner's guide , 2000 .

[58]  Joseph H. Silverman,et al.  NSS: An NTRU Lattice-Based Signature Scheme , 2001, EUROCRYPT.

[59]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[60]  William J Buchanan,et al.  Will quantum computers be the end of public key encryption? , 2017 .

[61]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[62]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[63]  Juha Korpi,et al.  Early-phase performance exploration of embedded systems with ABSOLUT framework , 2013, J. Syst. Archit..

[64]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[65]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[66]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[67]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[68]  Chris Peikert,et al.  SWIFFT: A Modest Proposal for FFT Hashing , 2008, FSE.

[69]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[70]  Bo-Yin Yang,et al.  Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS , 2005, ACISP.

[71]  Denis Butin,et al.  Hash-Based Signatures: State of Play , 2017, IEEE Security & Privacy.

[72]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[73]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[74]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[75]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[76]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[77]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[78]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, EUROCRYPT.

[79]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[80]  Andy Guo Lattices in Cryptography , 2019 .

[81]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[82]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .

[83]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[84]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[85]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[86]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[87]  Stefan Heyse,et al.  Efficient Implementations of MQPKS on Constrained Devices , 2012, CHES.

[88]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[89]  Peter Schwabe,et al.  ARMed SPHINCS - Computing a 41KB signature in 16KB of RAM , 2015, IACR Cryptol. ePrint Arch..

[90]  Jintai Ding,et al.  Simple Matrix Scheme for Encryption , 2013, PQCrypto.

[91]  Anton Stolbunov,et al.  Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves , 2010, Adv. Math. Commun..