Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Free, publicly-accessible full text available December 1, 2025
-
Free, publicly-accessible full text available November 1, 2025
-
Recent attacks have shown that SIKE is not secure and should not be used in its current state. However, this work was completed before these attacks were discovered and might be beneficial to other cryptosystems such as SQISign. The primary downside of SIKE is its performance. However, this work achieves new SIKE speed records even using less resources than the state-of-the-art. Our approach entails designing and optimizing a new field multiplier, SIKE-optimized Keccak unit, and high-level controller. On a Xilinx Virtex-7 FPGA, this architecture performs the NIST Level 1 SIKE scheme key encapsulation and key decapsulation functions in 2.23 and 2.39 ms, respectively. The combined key encapsulation and decapsulation time is 4.62 ms, which outperforms the next best Virtex-7 implementation by nearly 2 ms. Our implementation achieves speed records for the NIST Level 1, 2, and 3 parameter sets. Only our NIST Level 5 parameter set was beat by an all-out performance implementation. Our implementations also efficiently utilize the FPGA resources, achieving new records in area-time product metrics for all parameter sets. Overall, this work continues to push the bar for accelerating SIKE computations to make a stronger case for SIKE standardization.more » « lessFree, publicly-accessible full text available March 31, 2025
-
Free, publicly-accessible full text available April 1, 2025
-
To provide safe communication across an unprotected medium such as the internet, network protocols are being established. These protocols employ public key techniques to perform key exchange and authentication. Transport Layer Security (TLS) is a widely used network protocol that enables secure communication between a server and a client. TLS is employed in billions of transactions per second. Contemporary protocols depend on traditional methods that utilize the computational complexity of factorization or (elliptic curve) logarithm mathematics problems. The ongoing advancement in the processing power of classical computers requires an ongoing increase in the security level of the underlying cryptographic algorithms. This study focuses on the analysis of Curve448 and Edwards curve Ed448, renowned for their superior security features that offer a 224-bit level of security as part of the TLSv1.3 protocol. The exponential advancement of quantum computers, however, presents a substantial threat to secure network communication that depends on classical crypto schemes, irrespective of their degree of security. Quantum computers have the capability to resolve these challenges within a feasible timeframe. In order to successfully transition to Post-Quantum secure network protocols, it is imperative to concurrently deploy both classical and post-quantum algorithms. This is done to fulfill the requirements of both enterprises and governments, while also instilling more assurance in the reliability of the post-quantum systems. This paper presents a detailed hybrid implementation architecture of the TLSv1.3 network protocol. We showcase the first deployment of Curve448 and Crystals-Kyber for the purpose of key exchanging, and Ed448 and Crystals-Dilithium for verifying the authenticity of entities and for X.509 Public Key Infrastructure (PKI). We rely upon the widely used OpenSSL library and the specific wolfSSL library for embedded devices to provide our results for server and client applications.more » « lessFree, publicly-accessible full text available March 5, 2025
-
Free, publicly-accessible full text available March 1, 2025
-
We present new results and speedups for the large-degree isogeny computations within the extended supersingular isogeny Diffie-Hellman (eSIDH) key agreement framework. As proposed by Cervantes-Vázquez, Ochoa-Jiménez, and Rodríguez-Henríquez, eSIDH is an extension to SIDH and fourth round NIST post-quantum cryptographic standardization candidate SIKE. By utilizing multiprime large-degree isogenies, eSIDH and eSIKE are faster than the standard SIDH/SIKE and amenable to parallelization techniques that can noticeably increase their speed with multiple cores. Here, we investigate the use of multiprime isogeny strategies to speed up eSIDH and eSIKE in serial implementations. These strategies have been investigated for other isogeny schemes such as CSIDH. We apply them to the eSIDH/eSIKE scenario to speed up the multiprime strategy by about 10%. When applied to eSIDH, we achieve a 7–8% speedup for Bob’s shared key agreement operation. When applied to eSIKE, we achieve a 3–4% speedup for key decapsulation. Historically, SIDH and SIKE have been considerably slower than its competitors in the NIST PQC standardization process. These results continue to highlight the various speedups achievable with the eSIKE framework to alleviate these speed concerns. Though eSIDH and eSIKE are susceptible to the recent devastating attacks on SIKE, our analysis applies to smooth degree isogeny computations in general, and isogeny-based signature schemes which use isogenies of smooth (not necessarily powersmooth) degree.more » « less
-
The compact key sizes and the low computational latency of the Elliptic Curve Cryptography (ECC) family of curves sparked high interest in their integration into network protocols. The recently suggested Curve448, assuring 224-bit security, is an ideal curve choice for integrating into cryptographic libraries according to a late study on backdoors on other ECC instances compromising their security, which results in the integration of Curve448 into the TLS1.3 protocol. Curve448 and its birationally equivalent untwisted Edwards curve Ed448, used for key exchange and authentication, respectively, present a perfect fit for low-end embedded cryptographic libraries due to their minimal memory requirements. In this work, we deploy optimized Montgomery Ladder point multiplication into the widely employed IoT-focused cryptographic library wolfSSL and present side-channel robust and efficient ECDH and EdDSA based on Curve448 and Ed448. We evaluate the performance of the newly integrated architectures against the NIST recommended CortexM4 STM32F407-DK ARM-based platform. We perform thorough side-channel evaluation of the proposed Montgomery Ladder implementation via powerful TVLA analysis revealing DPA data leakage. We integrate countermeasures to protect our design, evaluate their effectiveness and analyze the latency overhead. We achieve SCA robust Curve448 and Ed448 at the cost of around 1.2MCC(1.36× the execution time). Finally, we report the performance of our fully SCA protected Curve448 and Ed448 as part of TLS1.3 wolfSSL, reporting 1.04× performance compared to the original wolfSSL code.more » « less
-
As the cryptographic community turns its focus toward post-quantum cryptography, the demand for classical cryptographic schemes such as Elliptic Curve Cryptography (ECC) remains high. In this work, we present an optimized implementation of the Edwards Curve Digital Signature Algorithm (EdDSA) operations Keygen, Sign, and Verify using the Ed25519 parameter on the ARM Cortex-M4 using optimized assembly code. We discuss the optimization of field and group arithmetic to produce high-throughput cryptographic primitives. Then, we present the first SCA-resistant implementation of the Signed Comb method, and Test Vector Leakage Assessment (TVLA) measurements. Our fastest implementation performs Ed25519 Keygen in 200,000 cycles, Sign in 240,000 cycles, and Verify in 720,000 cycles on the ARM Cortex-M4.more » « less