Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10"— Presentation transcript:

1 Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10 k-sako@ab.jp.nec.com

2 NEC Confidential © NEC Corporation 2008(20080401) Page 2 Group Signatures ▐Generating a single authentication data which provides two levels of verification Authorized Group Group SIg. Zero Knowledge Proof Encrypted ID Authority Server ID ? Group OK! ID O K! Level 2 Level 1 Digital Sig. ID O K! Verify Group attribute Cannot Identify User Only the authority with a secret key can identify the user Group Public Key Anyone can verify and identify the user Ordinary PKI authentication data (signature) authentication data (signature)

3 NEC Confidential © NEC Corporation 2008(20080401) Page 3 Group Signatures ▐Generating a single authentication data which provides two levels of verification Authorized Group Group SIg. Zero Knowledge Proof Encrypted ID Authority Server ID ? Group OK! ID O K! Level 2 Level 1 Verify Group attribute Cannot Identify User Only the authority with a secret key can identify the user Group Public Key authentication data (signature) Authority is not unique for the group. Can be assingned by signer per authentication

4 NEC Confidential © NEC Corporation 2008(20080401) Page 4 Application of Group Signatures : Internet shopping web store User Credit Card Company Current scheme Proposed scheme Card No BILL web store User Credit Card Company BILL auth. data Card No No Card no. Breach threat Ensures Payment Level 2 Level 1

5 NEC Confidential © NEC Corporation 2008(20080401) Page 5 Application of Group Signatures : Outsourcing scenario Entrance Gate User Company Current scheme Proposed scheme Group, ID Entrance Gate User Company auth. data Group,ID ID No Card no. Breach threat Ensures Group Level 2 Level 1 Work Record

6 NEC Confidential © NEC Corporation 2008(20080401) Page 6 Some applications: Car to Car communication Car Current Proposed Vehicle ID Car Police Vehicle maker authN data Vehicle ID Authenticates message messages are broadcasted with Vehicle ID Traffic Jam! Makes it easy to trace cars Traffic Jam! Level 2 Level 1

7 NEC Confidential © NEC Corporation 2008(20080401) Page 7 Application example : Passports Hotels Supermarket s User Current Proposed Passport No User Japanese Embassy identification authN data Passport No No ID Leakage Ensures nationality Level 2 Level 1 Problem Hotels Supermarket s

8 NEC Confidential © NEC Corporation 2008(20080401) Page 8 What Group Signature brings… ▐Enhances user’s privacy by hiding user’s identity information until when it is needed ID-tag with a cover ▐Servers do not have to receive unnecessary information Need not to spend cost to prevent information breach ▐Enhances user’s privacy even when user is not a signer Issuer of certificates uses group signature to sign certificates Ex. Drivers License: Users can hide in which country he obtained the license. ▐Issue: computation is so heavy to be used in portable devices to ensure location privacy of users Portable devices: mobile phones, smart cards, other low-power embedded CPU Need for development of LSI for group signature computation

9 NEC Confidential © NEC Corporation 2008(20080401) Page 9 Implementation of LSI for group signature

10 NEC Confidential © NEC Corporation 2008(20080401) Page 10 Issues regarding implementation ▐High computational complexity. Algorithm based on RSA and DDH on Elliptic curves Isshiki,Mori,Sako,Teranishi,Yonezawa ‘Using Group Signature for Identity Management and its Implementation’ Workshop on Digital Identity Management (DIM2006) http://www2.pflab.ecl.ntt.co.jp/dim2006/slide9.pdf 10 times or more computation steps compared to conventional digital signature algorithms over RSA or ECC. Combination of different kinds of mathematical computations. Large integer computation Modular exponentiation and modular multiplication Scalar multiplication and point addition on elliptic curve Pseudo random number generation Hash computation Implementing 10 K lines of C codes in a single LSI is … unusual! ▐GOAL: good performance on low-power embedded CPUs.

11 NEC Confidential © NEC Corporation 2008(20080401) Page 11 The world’s first (to our knowledge) LSI for group signatures ▐Features Fast signature generation/verification speed. 0.1 seconds at 150MHz clock Same speed with S/W on 3GHz clock PC Low power consumption. Less than 0.6W at 150MHz clock 1/100 or less power compared to PC (60W or more) Usable not only as an independent LSI chip but as an IP core (2mm 2 ) ▐Development story 3 years efforts of exploring design strategy and H/W architecture. Achieved best trade-off balance of performance, circuit size and power consumption. RSA core ECC core INT core Parallel computation sequence HASH/PRNG core Computation controller temp. memory I/O interface

12 NEC Confidential © NEC Corporation 2008(20080401) Page 12 LSI for group signatures (2/2) ▐What helped us …NEC original HW synthesizer With the help of behavioral synthesizer, 10K lines of C code resulted in 800 K gates of group signature computation accelerator ▐Merits of H/W solution Low mass-production cost. Suitable for battery driven compact devices. High tamper resistance for critical security applications. ▐The same architecture can be used to accelerate other cryptographic protocols NEC’s original H/W synthesizer

13 NEC Confidential © NEC Corporation 2008(20080401) Page 13 Security and Privacy concerns Mr. Tanaka Tanaka passed Shibuya station at 13:19 Tanaka walked by Shibuya Station at 14:35 Tanaka bought glasses at Shibuya for 10,000yen Tanaka arrived office at 14:53 Like being supervised everywhere

14 NEC Confidential © NEC Corporation 2008(20080401) Page 14 Better world with anonymous digital signatures Mr. Tanaka Good Passholder passed Shibuya station at 13:19 Kawasaki Citizen walked by Shibuya Station at 14:35 Credit Card holder bought glasses at hibuya for 10,000yen Employee arrived office at 14:53 Enhanced Privacy with Minimum Disclosure

15 NEC Confidential © NEC Corporation 2008(20080401) Page 15 This work was partly supported by Ministry of Internal Affairs and Communications.

16

Download ppt "Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (http://pomcor.com/)

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Cryptography Basic (cont)

Cryptography Basic (cont)
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google