Abstract
Digital signatures provide a means to publicly authenticate messages sent over an insecure channel. Recently, the Quotient Digital Signature Algorithm (qDSA) was introduced aiming key-compatibility with the Diffie-Hellman X25519 function. Due to the novelty of qDSA, there remains a need for an optimized implementation that allows identifying the real impact of this new algorithm. In this work, we focus on the secure and efficient implementation of qDSA. By leveraging the use of precomputation on the right-to-left Joye’s algorithm, we reduced the running time of signature generation by 30–35%, and the running time of the verification procedure by 19%. In addition, for increased security, we show a verification method that validates qDSA signatures unequivocally. All of these improvements were included into an optimized software library targeting 32–bit ARM and 64–bit Intel architectures. The improved performance achieved in these platforms, it positions qDSA as a competitive alternative for deploying digital signatures efficiently and securely.
The authors acknowledge support during the development of this research from Intel and FAPESP under project “Secure Execution of Cryptographic Algorithms” (grant 14/50704-7), and from LG Electronics Inc. under project “Efficient and Secure Cryptography for IoT”. The fourth author was partially supported by a research productivity grant from CNPq.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
To avoid inversions, these terms can also be calculated using projective coordinates.
References
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012). https://doi.org/10.1007/s13389-012-0027-1
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, USENIX Association, pp. 1–13, August 2003. https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical
Chou, T.: Sandy2x: new curve25519 speed records. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 145–160. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_8
Costello, C., Smith, B.: Montgomery curves and their arithmetic. J. Cryptogr. Eng. (Special Issue on Montgomery Arithmetic) 1–14 (2017). http://dx.doi.org/10.1007/s13389-017-0157-6
Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in Android applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 73–84. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516693
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 50–61. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382205
Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 143–159. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_10
Faz-Hernández, A., Longa, P., Sánchez, A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves (extended version). J. Cryptogr. Eng. 5(1), 31–52 (2015). https://doi.org/10.1007/s13389-014-0085-7
Feng, M., Zhu, B.B., Zhao, C., Li, S.: Signed MSB-set comb method for elliptic curve point multiplication. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 13–24. Springer, Heidelberg (2006). https://doi.org/10.1007/11689522_2
Fujii, H., Aranha, D.F.: Curve25519 for the cortex-M4 and beyond. In: Progress in Cryptology - LATINCRYPT 2017: 5th International Conference on Cryptology and Information Security in Latin America 2017, Proceedings. LNCS, Springer International Publishing, September 2017, to appear
Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic. J. Cryptogr. Eng. 1(2), 161 (2011). https://doi.org/10.1007/s13389-011-0012-0
Hamburg, M.: Fast and compact elliptic-curve cryptography. Cryptology ePrint Archive, Report 2012/309, May 2012. http://eprint.iacr.org/2012/309
Hedabou, M., Pinel, P., Bénéteau, L.: A comb method to render ECC resistant against Side Channel Attacks. Cryptology ePrint Archive, Report 2004/342, December 2004. http://eprint.iacr.org/2004/342
Jager, T., Schwenk, J., Somorovsky, J.: Practical invalid curve attacks on TLS-ECDH. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 407–425. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_21
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001). https://doi.org/10.1007/s102070100002
Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032, January 2017. https://dx.doi.org/10.17487/rfc8032
Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_10
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_11
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). https://doi.org/10.2307/2007888
Moon, A.: Implementations of a fast Elliptic-curve Digital Signature Algorithm, March 2012. https://github.com/floodyberry/ed25519-donna
NIST: Digital Signature Standard (DSS). Technical report FIPS 186–1, National Institute for Standards and Technology, December 1998
NIST: Digital Signature Standard (DSS). Technical report FIPS 186–2, National Institute of Standards and Technology, January 2000. http://csrc.nist.gov/publications/fips/archive/fips186-2/fips186-2.pdf
NIST: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical report FIPS-202, National Institute of Standards and Technology, August 2015. http://dx.doi.org/10.6028/NIST.FIPS.202
Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y-coordinate on a montgomery-form elliptic curve. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 126–141. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_12
Oliveira, T., Aranha, D.F., López, J., Rodríguez-Henríquez, F.: Fast point multiplication algorithms for binary elliptic curves with and without precomputation. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 324–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_20
Oliveira, T., López, J., Hışıl, H., Faz-Hernández, A., Rodríguez-Henríquez, F.: How to (pre-)compute a ladder. In: Selected Areas in Cryptography - SAC 2017: 24th International Conference, Ottawa, Ontario, Canada, 16–18 August 2017, Revised Selected Papers, Springer International Publishing, August 2017, to appear
Perrin, T.: The XEdDSA and VXEdDSA Signature Schemes. Technical report, Open Whisper Systems, October 2016. https://whispersystems.org/docs/specifications/xeddsa/xeddsa.pdf
The Sage Developers: SageMath, the Sage Mathematics Software System (Version 7.6) (2017). http://www.sagemath.org
Renes, J., Smith, B.: qDSA: small and secure digital signatures with curve-based Diffie-Hellman key pairs. In: Advances in Cryptology - ASIACRYPT 2017: 23nd International Conference on the Theory and Application of Cryptology and Information Security, Hong Kong, China, 3–7 December 2017, December 2017, to appear
Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. https://dx.doi.org/10.17487/rfc5246
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725
Seo, H., Kim, H.: Consecutive operand-caching method for multiprecision multiplication, revisited. J. Inf. Commun. Convergence Eng. 13(1), 27–35 (2015). https://doi.org/10.6109/jicce.2015.13.1.027
Spagni, R.: Disclosure of a Major Bug in CryptoNote Based Currencies, May 2017. Announment on https://getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html
Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Speeding scalar multiplication over binary elliptic curves using the new carry-less multiplication instruction. J. Cryptogr. Eng. 1(3), 187 (2011). https://doi.org/10.1007/s13389-011-0017-8
The OpenSSL Project: OpenSSL: The Open Source toolkit for SSL/TLS, April 2003. www.openssl.org
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010). https://doi.org/10.1007/s00145-009-9049-y
Turner, S., Langley, A., Hamburg, M.: Elliptic Curves for Security. RFC 7748, January 2016. https://dx.doi.org/10.17487/rfc7748
Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000). https://doi.org/10.1109/12.869328
Acknowledgments
The authors want to thank the anonymous reviewers of SPACE 2017 conference for the comments given to this research project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Faz-Hernández, A., Fujii, H., Aranha, D.F., López, J. (2017). A Secure and Efficient Implementation of the Quotient Digital Signature Algorithm (qDSA). In: Ali, S., Danger, JL., Eisenbarth, T. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2017. Lecture Notes in Computer Science(), vol 10662. Springer, Cham. https://doi.org/10.1007/978-3-319-71501-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-71501-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71500-1
Online ISBN: 978-3-319-71501-8
eBook Packages: Computer ScienceComputer Science (R0)