Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy, and Applied Cryptography Engineering

SPACE 2017: Security, Privacy, and Applied Cryptography Engineering pp 170–189Cite as

A Secure and Efficient Implementation of the Quotient Digital Signature Algorithm (qDSA)

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10662))

Abstract

Digital signatures provide a means to publicly authenticate messages sent over an insecure channel. Recently, the Quotient Digital Signature Algorithm (qDSA) was introduced aiming key-compatibility with the Diffie-Hellman X25519 function. Due to the novelty of qDSA, there remains a need for an optimized implementation that allows identifying the real impact of this new algorithm. In this work, we focus on the secure and efficient implementation of qDSA. By leveraging the use of precomputation on the right-to-left Joye’s algorithm, we reduced the running time of signature generation by 30–35%, and the running time of the verification procedure by 19%. In addition, for increased security, we show a verification method that validates qDSA signatures unequivocally. All of these improvements were included into an optimized software library targeting 32–bit ARM and 64–bit Intel architectures. The improved performance achieved in these platforms, it positions qDSA as a competitive alternative for deploying digital signatures efficiently and securely.

The authors acknowledge support during the development of this research from Intel and FAPESP under project “Secure Execution of Cryptographic Algorithms” (grant 14/50704-7), and from LG Electronics Inc. under project “Efficient and Secure Cryptography for IoT”. The fourth author was partially supported by a research productivity grant from CNPq.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    To avoid inversions, these terms can also be calculated using projective coordinates.

References

  1. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  2. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012). https://doi.org/10.1007/s13389-012-0027-1

    Article  MATH  Google Scholar 

  3. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8

    Chapter  Google Scholar 

  4. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, USENIX Association, pp. 1–13, August 2003. https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical

  5. Chou, T.: Sandy2x: new curve25519 speed records. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 145–160. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_8

    Chapter  Google Scholar 

  6. Costello, C., Smith, B.: Montgomery curves and their arithmetic. J. Cryptogr. Eng. (Special Issue on Montgomery Arithmetic) 1–14 (2017). http://dx.doi.org/10.1007/s13389-017-0157-6

  7. Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in Android applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 73–84. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516693

  8. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 50–61. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382205

  9. Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 143–159. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_10

    Chapter  Google Scholar 

  10. Faz-Hernández, A., Longa, P., Sánchez, A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves (extended version). J. Cryptogr. Eng. 5(1), 31–52 (2015). https://doi.org/10.1007/s13389-014-0085-7

    Article  MATH  Google Scholar 

  11. Feng, M., Zhu, B.B., Zhao, C., Li, S.: Signed MSB-set comb method for elliptic curve point multiplication. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 13–24. Springer, Heidelberg (2006). https://doi.org/10.1007/11689522_2

    Chapter  Google Scholar 

  12. Fujii, H., Aranha, D.F.: Curve25519 for the cortex-M4 and beyond. In: Progress in Cryptology - LATINCRYPT 2017: 5th International Conference on Cryptology and Information Security in Latin America 2017, Proceedings. LNCS, Springer International Publishing, September 2017, to appear

    Google Scholar 

  13. Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic. J. Cryptogr. Eng. 1(2), 161 (2011). https://doi.org/10.1007/s13389-011-0012-0

    Article  Google Scholar 

  14. Hamburg, M.: Fast and compact elliptic-curve cryptography. Cryptology ePrint Archive, Report 2012/309, May 2012. http://eprint.iacr.org/2012/309

  15. Hedabou, M., Pinel, P., Bénéteau, L.: A comb method to render ECC resistant against Side Channel Attacks. Cryptology ePrint Archive, Report 2004/342, December 2004. http://eprint.iacr.org/2004/342

  16. Jager, T., Schwenk, J., Somorovsky, J.: Practical invalid curve attacks on TLS-ECDH. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 407–425. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_21

    Chapter  Google Scholar 

  17. Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001). https://doi.org/10.1007/s102070100002

    Article  Google Scholar 

  18. Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032, January 2017. https://dx.doi.org/10.17487/rfc8032

  19. Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_10

    Chapter  Google Scholar 

  20. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Google Scholar 

  21. Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_11

    Google Scholar 

  22. Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). https://doi.org/10.2307/2007888

    Article  MathSciNet  MATH  Google Scholar 

  23. Moon, A.: Implementations of a fast Elliptic-curve Digital Signature Algorithm, March 2012. https://github.com/floodyberry/ed25519-donna

  24. NIST: Digital Signature Standard (DSS). Technical report FIPS 186–1, National Institute for Standards and Technology, December 1998

    Google Scholar 

  25. NIST: Digital Signature Standard (DSS). Technical report FIPS 186–2, National Institute of Standards and Technology, January 2000. http://csrc.nist.gov/publications/fips/archive/fips186-2/fips186-2.pdf

  26. NIST: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical report FIPS-202, National Institute of Standards and Technology, August 2015. http://dx.doi.org/10.6028/NIST.FIPS.202

  27. Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y-coordinate on a montgomery-form elliptic curve. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 126–141. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_12

    Chapter  Google Scholar 

  28. Oliveira, T., Aranha, D.F., López, J., Rodríguez-Henríquez, F.: Fast point multiplication algorithms for binary elliptic curves with and without precomputation. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 324–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_20

    Chapter  Google Scholar 

  29. Oliveira, T., López, J., Hışıl, H., Faz-Hernández, A., Rodríguez-Henríquez, F.: How to (pre-)compute a ladder. In: Selected Areas in Cryptography - SAC 2017: 24th International Conference, Ottawa, Ontario, Canada, 16–18 August 2017, Revised Selected Papers, Springer International Publishing, August 2017, to appear

    Google Scholar 

  30. Perrin, T.: The XEdDSA and VXEdDSA Signature Schemes. Technical report, Open Whisper Systems, October 2016. https://whispersystems.org/docs/specifications/xeddsa/xeddsa.pdf

  31. The Sage Developers: SageMath, the Sage Mathematics Software System (Version 7.6) (2017). http://www.sagemath.org

  32. Renes, J., Smith, B.: qDSA: small and secure digital signatures with curve-based Diffie-Hellman key pairs. In: Advances in Cryptology - ASIACRYPT 2017: 23nd International Conference on the Theory and Application of Cryptology and Information Security, Hong Kong, China, 3–7 December 2017, December 2017, to appear

    Google Scholar 

  33. Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. https://dx.doi.org/10.17487/rfc5246

  34. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342

    Article  MathSciNet  MATH  Google Scholar 

  35. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MATH  Google Scholar 

  36. Seo, H., Kim, H.: Consecutive operand-caching method for multiprecision multiplication, revisited. J. Inf. Commun. Convergence Eng. 13(1), 27–35 (2015). https://doi.org/10.6109/jicce.2015.13.1.027

    Article  MathSciNet  Google Scholar 

  37. Spagni, R.: Disclosure of a Major Bug in CryptoNote Based Currencies, May 2017. Announment on https://getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html

  38. Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction. J. Cryptogr. Eng. 1(3), 187 (2011). https://doi.org/10.1007/s13389-011-0017-8

    Article  MATH  Google Scholar 

  39. The OpenSSL Project: OpenSSL: The Open Source toolkit for SSL/TLS, April 2003. www.openssl.org

  40. Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010). https://doi.org/10.1007/s00145-009-9049-y

    Article  MathSciNet  MATH  Google Scholar 

  41. Turner, S., Langley, A., Hamburg, M.: Elliptic Curves for Security. RFC 7748, January 2016. https://dx.doi.org/10.17487/rfc7748

  42. Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000). https://doi.org/10.1109/12.869328

    Article  MATH  Google Scholar 

Download references

Acknowledgments

The authors want to thank the anonymous reviewers of SPACE 2017 conference for the comments given to this research project.

Author information

Authors and Affiliations

  1. Institute of Computing, University of Campinas, 1251 Albert Einstein, Cidade Universitária, Campinas, São Paulo, Brazil

    Armando Faz-Hernández, Hayato Fujii, Diego F. Aranha & Julio López

Authors
  1. Armando Faz-Hernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hayato Fujii
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Diego F. Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julio López
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Armando Faz-Hernández .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology, Tirupati, Andhra Pradesh, India

    Sk Subidh Ali

  2. Institut Mines-Télécom, Paris, France

    Jean-Luc Danger

  3. University of Lübeck, Lübeck, Germany

    Thomas Eisenbarth

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Faz-Hernández, A., Fujii, H., Aranha, D.F., López, J. (2017). A Secure and Efficient Implementation of the Quotient Digital Signature Algorithm (qDSA). In: Ali, S., Danger, JL., Eisenbarth, T. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2017. Lecture Notes in Computer Science(), vol 10662. Springer, Cham. https://doi.org/10.1007/978-3-319-71501-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71501-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71500-1

  • Online ISBN: 978-3-319-71501-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation