Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk,...
-
Upload
milton-blair -
Category
Documents
-
view
217 -
download
1
Transcript of Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk,...
![Page 1: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/1.jpg)
Speeding up Exponentiation using an Untrusted Computational Resource
(Part 1)Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas
Source: Designs, Codes and Cryptography (IF:0.825), 39, 253-273,2006. (7 citations)
Presenter: Yu-Chi Chen
![Page 2: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/2.jpg)
Outline
• Introduction and model
• The protocols
• Conclusions
2
![Page 3: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/3.jpg)
Introduction
spiderman
Compute gx
rely
HTC Desire HD
rely
Server
Untrusted Computational Resource
3
![Page 4: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/4.jpg)
Introduction
Compute gx
HTC Desire HD rely
Server
Untrusted Computational Resource
Correctness-checkingand get gx
4
![Page 5: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/5.jpg)
Model
• Tim: – a trusted device
– wants to solve a problem P.
– relies on a more powerful device to solve.
• Ursula:– a powerful device
– possibly untrusted.
5
![Page 6: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/6.jpg)
Model
• Requirements and properties:– Efficiency: Relying on Ursula is better than Tim’s
computing directly.
– Completeness: Tim can obtain the correct solution from Ursula’s help.
– Soundness: Tim must be with sufficiently high probability to get the correct solution and detect that Ursula is being dishonest.
6
![Page 7: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/7.jpg)
Model
• A method is desirable to hide problem P or parts of P for Ursula.
• Assumption:– Tim can perform Off-line tasks, when Ursula is
doing something.
– The off-line tasks only perform less or simple computations.
– Communication bandwidth is good.
7
![Page 8: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/8.jpg)
Model
• We only consider the computation cost (not the communication cost).
• This kind of methods is not applied in smartcards, because of no off-line task.
8
![Page 9: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/9.jpg)
Outline
• Introduction and model
• The protocols
• Conclusions
9
![Page 10: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/10.jpg)
Fixed Base-Variable Exponent Exponentiation (FBVE)
• Assume the cyclic group G and the factorization of the order of the cyclic group n are known.
• Set the security parameter s (s ≤ n) and the derived parameters ws and qs (n=wsqs, ws ≤ s, qs
> s).
• Notice ws increases as s increases.
10
![Page 11: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/11.jpg)
FBVE
• (In the paper) assume Ursula may know the inputs g and a and parameters
• Maybe it is just a case which does not affect the proposed protocol, since Ursula only know the base g in the protocol.
11
sss wnqneaw /,,/
![Page 12: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/12.jpg)
FBVE protocol
12
n
s
s
ZZr
sm
wbae
wab
ag
}1,...,0{
/)(
mod
),(input :Tim
rem
e
gy
gx
:Ursula
g, e, em+r
x, y
bwa
rm
gxg
ygxs
:output
?
This protocol is done.
![Page 13: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/13.jpg)
13
n
s
s
ZZr
sm
wbae
wab
ag
}1,...,0{
/)(
mod
),(input :Tim
rem
e
gy
gx
:Ursula
g, e, em+r
x, y
bwa
rm
gxg
ygxs
:output
?3
log2
s
2
log sw
Pre-compute
2 log n
2
log sw
![Page 14: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/14.jpg)
Performance analysis
• Tim’s online cost:
14
2log2
log3 sw
s
![Page 15: Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:](https://reader036.fdocuments.us/reader036/viewer/2022062407/56649e6a5503460f94b6885b/html5/thumbnails/15.jpg)
Outline
• Introduction and model
• The protocols
• Conclusions
15