Papers by Geovandro Pereira
Post-Quantum Cryptography
Post-Quantum Cryptography
Supersingular isogeny-based cryptography is one of the more recent families of post-quantum propo... more Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this paper we address the main processing bottlenecks involved in key compression and decompression, and suggest substantial improvements for each of them. Some of our techniques may have an independent interest for other, more conventional areas of elliptic curve cryptography as well.
Journal of Cryptographic Engineering
The optimization of the main key compression bottlenecks of the supersingular isogeny key encapsu... more The optimization of the main key compression bottlenecks of the supersingular isogeny key encapsulation mechanism (SIKE) has been a target of research in the last few years. Significant improvements were introduced in the recent works of Costello et al. [6] and Zanon et al. [18,19]. The combination of the techniques in [18,19] reduced the running time of binary torsion basis generation in decompression by a factor of 29 compared to previous work [6]. On the other hand, generating such a basis still takes almost a million cycles on an Intel Core i5-6267U Skylake. In this paper, we continue the work of [19] and introduce a technique that drops the complexity of binary torsion basis generation by a factor log p in the number of underlying field multiplications. In particular, our experimental results show that a basis can be generated in about 1, 300 cycles, attaining an improvement by a factor more than 600. Although this result eliminates one of the key compression bottlenecks, many other bottlenecks remain. In addition, we give further improvements for the ternary torsion generation with significant impact on the related decompression procedure. Moreover, a new trade-off between ciphertext sizes vs decapsulation speed and storage is introduced and achieves a 1.7 times faster decapsulation.
2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Lecture Notes in Computer Science
This work deals with the energy-efficient, high-speed and high-security implementation of ellipti... more This work deals with the energy-efficient, high-speed and high-security implementation of elliptic curve scalar multiplication and elliptic curve Diffie-Hellman (ECDH) key exchange on embedded devices using FourQ and incorporating strong countermeasures to thwart a wide variety of side-channel attacks. First, we set new speed records for constant-time curve-based scalar multiplication and DH key exchange at the 128-bit security level with implementations targeting 8, 16 and 32bit microcontrollers. For example, our software computes a static ECDH shared secret in ∼6.9 million cycles (or 0.86 s @8 MHz) on a low-power 8bit AVR microcontroller which, compared to the fastest Curve25519 and genus-2 Kummer implementations on the same platform, offers 2× and 1.4× speedups, respectively. Similarly, it computes the same operation in ∼496 thousand cycles on a 32-bit ARM Cortex-M4 microcontroller, achieving a factor-2.9 speedup when compared to the fastest Curve25519 implementation targeting the same platform. Second, we engineer a set of side-channel countermeasures taking advantage of FourQ's rich arithmetic and propose a secure implementation that offers protection against a wide range of sophisticated side-channel attacks. Finally, we perform a differential power analysis evaluation of our software running on an ARM Cortex-M4, and report that no leakage was detected with up to 10 million traces. These results demonstrate the potential of deploying FourQ on low-power applications such as protocols for IoT. Keywords: Elliptic curves • FourQ • ECDH • Embedded devices • IoT • Energy efficiency • Side-channel attacks • Strong countermeasures
IEEE Transactions on Dependable and Secure Computing
This work deals with the energy-efficient, high-speed and high-security implementation of ellipti... more This work deals with the energy-efficient, high-speed and high-security implementation of elliptic curve scalar multiplication and elliptic curve Diffie-Hellman (ECDH) key exchange on embedded devices using FourQ and incorporating strong countermeasures to thwart a wide variety of side-channel attacks. First, we set new speed records for constant-time curve-based scalar multiplication and DH key exchange at the 128-bit security level with implementations targeting 8, 16 and 32-bit microcontrollers. For example, our software computes a static ECDH shared secret in ∼6.9 million cycles (or 0.86 seconds @8MHz) on a low-power 8-bit AVR microcontroller which, compared to the fastest Curve25519 and genus-2 Kummer implementations on the same platform, offers 2x and 1.4x speedups, respectively. Similarly, it computes the same operation in ∼496 thousand cycles on a 32-bit ARM Cortex-M4 microcontroller, achieving a factor-2.9 speedup when compared to the fastest Curve25519 implementation targeting the same platform. Second, we engineer a set of side-channel countermeasures taking advantage of FourQ's rich arithmetic and propose a secure implementation that offers protection against a wide range of sophisticated side-channel attacks. Finally, we perform a differential power analysis evaluation of our software running on an ARM Cortex-M4, and report that no leakage was detected with up to 10 million traces. These results demonstrate the potential of deploying FourQ on low-power applications such as protocols for IoT.
Security and Communication Networks
The Software Defined Networking (SDN) paradigm can provide flexible routing and potentially suppo... more The Software Defined Networking (SDN) paradigm can provide flexible routing and potentially support the different communication patterns that exist in Wireless Sensor Networks (WSN). However applying this paradigm to resource-constrained networks is not straightforward, especially if security services are a requirement. Existing SDN-based approaches for WSN evolved over time, addressing resource-constrained requirements. However, they do not integrate security services into their design and implementation. This work’s main contribution is a secure-by-design SDN-based framework for Wireless Sensors Networks. Secure node admission and end-to-end key distribution to support secure communication are considered key services, which the framework must provide. We describe its specification, design, implementation, and experiments considering device and protocol constraints. The results indicate that our approach has achieved such goals with acceptable overheads up to medium sized networks.
IEEE Transactions on Computers
Supersingular isogeny-based cryptography is one of the more recent families of post-quantum propo... more Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this paper we address the main processing bottlenecks involved in key compression and decompression, and suggest substantial improvements for each of them. Some of our techniques may have an independent interest for other, more conventional areas of elliptic curve cryptography as well.
Personal and Ubiquitous Computing
In this paper we describe how to construct an efficient certificateless signcryption scheme. Cont... more In this paper we describe how to construct an efficient certificateless signcryption scheme. Contrary to the usual paradigm of converting identitybased encryption and signature schemes into a combined certificateless protocol, we adopt the approach of extending a conventional signcryption method with a certificateless key validation mechanism, resorting to the underlying identity-based techniques, and as a consequence to pairings, exclusively to validate the associated public keys. The result is as efficient as the underlying signcryption method as long as the amortized cost of this validation is low, as is the case of our concrete proposal.
Lecture Notes in Computer Science, 2015
Journal of Systems and Software, 2015
We give a description of a hash-based signature scheme with shorter signature footprint and bette... more We give a description of a hash-based signature scheme with shorter signature footprint and better processing times.We argue that our signature scheme is suitable for the Internet of Things.We describe an efficient implementation of the scheme for a very constrained 8-bit AVR ATmega128l microcontroller.We provide detailed benchmarks of time, memory and energy for the constrained microcontroller. We describe an efficient hash-based signature scheme that yields shorter signatures than the state of the art. Signing and verification are faster as well, and the overall scheme is suitable for constrained platforms typical of the Internet of Things. We describe an efficient implementation of our improved scheme and show memory, time, and energy consumption benchmarks over a real device, i.e. the ATmega128l 8-bit AVR microcontroller embedded in MICAz, a typical sensor node used in wireless sensor networks.
Open Problems in Mathematics and Computational Science, 2014
ABSTRACT In 1994, Peter Shor published a quantum algorithm capable of factoring large integers an... more ABSTRACT In 1994, Peter Shor published a quantum algorithm capable of factoring large integers and computing discrete logarithms in Abelian groups in polynomial time. Since these computational problems provide the security basis of conventional asymmetric cryptosystems (e.g., RSA, ECC), information encrypted under such schemes today may well become insecure in a future scenario where quantum computers are a technological reality. Fortunately, certain classical cryptosystems based on entirely different intractability assumptions appear to resist Shor’s attack, as well as others similarly based on quantum computing. The security of these schemes, which are dubbed post-quantum cryptosystems, stems from hard problems on lattices, error-correcting codes, multivariate quadratic systems, and hash functions. Here we introduce the essential notions related to each of these schemes and explore the state of the art on practical aspects of their adoption and deployment, like key sizes and cryptogram/signature bandwidth overhead.
In this note we describe some general-purpose, high-efficiency elliptic curves tailored for secur... more In this note we describe some general-purpose, high-efficiency elliptic curves tailored for security levels beyond 2 128. For completeness, we also include legacy-level curves at standard security levels. The choice of curves was made to facilitate state-of-the-art implementation techniques.
This paper presents the undergraduate work being developed by students of Computer Engineering at... more This paper presents the undergraduate work being developed by students of Computer Engineering at the Escola Politécnica of the University of Sao Paulo. The work consists of the implementation of a solution that guarantees security and integrity in the transmission of SMS messages, coupling conventional, certificateless and identity-based cryptography to achieve public key validation. Throughout the paper, we will present aspects of our solution, an innovative cryptographic scheme, metrics, results of performance tests, and considerations about the work in progress. Resumo. Este artigo visa a apresentar o projeto de formatura que vem sendo desenvolvido por alunos formandos em Engenharia de Computação pela Escola Politécnica da Universidade de São Paulo. O trabalho consiste na implementação de uma solução que garanta segurança e integridade no envio de mensagens SMS, utilizando criptografia convencional sem certificados e criptografia baseada em identidades para validação da chave pública. Ao longo do artigo, apresentaremos aspectos da nossa solução, um esquema criptográfico inovador, métricas, resultados de testes de desempenho, além de considerações sobre o andamento do trabalho.
In this paper we describe how to construct an efficient certificateless signcryption scheme. Cont... more In this paper we describe how to construct an efficient certificateless signcryption scheme. Contrary to the usual paradigm of converting identitybased encryption and signature schemes into a combined certificateless protocol, we adopt the approach of extending a conventional signcryption method with a certificateless key validation mechanism, resorting to the underlying identity-based techniques, and as a consequence to pairings, exclusively to validate the associated public keys. The result is as efficient as the underlying signcryption method as long as the amortized cost of this validation is low, as is the case of our concrete proposal.
ABSTRACT Despite the continuous growth in the number of smartphones around the globe, Short Messa... more ABSTRACT Despite the continuous growth in the number of smartphones around the globe, Short Message Service (SMS) still remains as one of the most popular, cheap and accessible ways of exchanging text messages using mobile phones. Nevertheless, the lack of security in SMS prevents its wide usage in sensitive contexts such as banking and health-related applications. Aiming to tackle this issue, this paper presents SMSCrypto, a framework for securing SMS-based communications in mobile phones. SMSCrypto encloses a tailored selection of lightweight cryptographic algorithms and protocols, providing encryption, authentication and signature services. The proposed framework is implemented both in Java (target at JVM-enabled platforms) and in C (for constrained SIM Card processors) languages, thus being suitable for a wide range of scenarios. In addition, the signature model adopted does not require an on-line infrastructure and the inherent overhead found in the Public Key Infrastructure (PKI) model, facilitating the development of secure SMS-based applications. We evaluate the proposed framework on a real phone and on SIM Card-comparable microcontroller.
Page 1. Implementation of Data Survival in Unattended Wireless Sensor Networks Using Cryptography... more Page 1. Implementation of Data Survival in Unattended Wireless Sensor Networks Using Cryptography Mateus AS Santos ∗ , Cıntia Borges Margi ∗ , Marcos A. Simplıcio Jr ∗ , Geovandro CCF Pereira ∗ and Bruno Trevizan de Oliveira ∗ ...
Journal of Systems and Software, 2011
For the last decade, elliptic curve cryptography has gained increasing interest in industry and i... more For the last decade, elliptic curve cryptography has gained increasing interest in industry and in the academic community. This is especially due to the high level of security it provides with relatively small keys and to its ability to create very efficient and multifunctional cryptographic schemes by means of bilinear pairings. Pairings require pairingfriendly elliptic curves and among the possible choices, Barreto-Naehrig (BN) curves arguably constitute one of the most versatile families. In this paper, we further expand the potential of the BN curve family. We describe BN curves that are not only computationally very simple to generate, but also specially suitable for efficient implementation on a very broad range of scenarios. We also present implementation results of the optimal ate pairing using such a curve defined over a 254-bit prime field.
Uploads
Papers by Geovandro Pereira