speeding up exponentiation using an untrusted computational resource (part 1) author: m. van dijk,...
TRANSCRIPT
Speeding up Exponentiation using an Untrusted Computational Resource
(Part 1)Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas
Source: Designs, Codes and Cryptography (IF:0.825), 39, 253-273,2006. (7 citations)
Presenter: Yu-Chi Chen
Outline
• Introduction and model
• The protocols
• Conclusions
2
Introduction
spiderman
Compute gx
rely
HTC Desire HD
rely
Server
Untrusted Computational Resource
3
Introduction
Compute gx
HTC Desire HD rely
Server
Untrusted Computational Resource
Correctness-checkingand get gx
4
Model
• Tim: – a trusted device
– wants to solve a problem P.
– relies on a more powerful device to solve.
• Ursula:– a powerful device
– possibly untrusted.
5
Model
• Requirements and properties:– Efficiency: Relying on Ursula is better than Tim’s
computing directly.
– Completeness: Tim can obtain the correct solution from Ursula’s help.
– Soundness: Tim must be with sufficiently high probability to get the correct solution and detect that Ursula is being dishonest.
6
Model
• A method is desirable to hide problem P or parts of P for Ursula.
• Assumption:– Tim can perform Off-line tasks, when Ursula is
doing something.
– The off-line tasks only perform less or simple computations.
– Communication bandwidth is good.
7
Model
• We only consider the computation cost (not the communication cost).
• This kind of methods is not applied in smartcards, because of no off-line task.
8
Outline
• Introduction and model
• The protocols
• Conclusions
9
Fixed Base-Variable Exponent Exponentiation (FBVE)
• Assume the cyclic group G and the factorization of the order of the cyclic group n are known.
• Set the security parameter s (s ≤ n) and the derived parameters ws and qs (n=wsqs, ws ≤ s, qs
> s).
• Notice ws increases as s increases.
10
FBVE
• (In the paper) assume Ursula may know the inputs g and a and parameters
• Maybe it is just a case which does not affect the proposed protocol, since Ursula only know the base g in the protocol.
11
sss wnqneaw /,,/
FBVE protocol
12
n
s
s
ZZr
sm
wbae
wab
ag
}1,...,0{
/)(
mod
),(input :Tim
rem
e
gy
gx
:Ursula
g, e, em+r
x, y
bwa
rm
gxg
ygxs
:output
?
This protocol is done.
13
n
s
s
ZZr
sm
wbae
wab
ag
}1,...,0{
/)(
mod
),(input :Tim
rem
e
gy
gx
:Ursula
g, e, em+r
x, y
bwa
rm
gxg
ygxs
:output
?3
log2
s
2
log sw
Pre-compute
2 log n
2
log sw
Performance analysis
• Tim’s online cost:
14
2log2
log3 sw
s
Outline
• Introduction and model
• The protocols
• Conclusions
15