International Association for Cryptologic Research

International Association
for Cryptologic Research


Sarang Aravamuthan


Separable Hash Functions
Sarang Aravamuthan
We introduce a class of hash functions with the property that messages with the same hash are well separated in terms of their Hamming distance. We provide an example of such a function that uses cyclic codes and an elliptic curve group over a finite field. \smallskip A related problem is ensuring that the {\it consecutive distance} between messages with the same hash is as large as possible. We derive bounds on the c.d. separability factor of such hash functions.
A Parallelization of ECDSA Resistant to Simple Power Analysis Attacks
Sarang Aravamuthan Viswanatha Rao Thumparthy
The Elliptic Curve Digital Signature Algorithm admits a natural parallelization wherein the point multiplication step can be split in two parts and executed in parallel. Further parallelism is achieved by executing a portion of the multiprecision arithmetic operations in parallel with point multiplication. This results in a saving in timing as well as gate count when the two paths are implemented in hardware and software. This article attempts to exploit this parallelism in a typical system context in which a microprocessor is always present though a hardware accelerator is being designed for performance. We discuss some implementation aspects of this design with reference to power analysis attacks. We show how the Montgomery point multiplication and the binary extended gcd algorithms can be adapted to prevent simple power analysis attacks. We implemented our design using a hardware/software parallel architecture. We present the results when the software component is coded on an 8051 architecture and an ARM7TDMI processor.
The Average Transmission Overhead of Broadcast Encryption
Sarang Aravamuthan Sachin Lodha
We consider broadcast encryption schemes wherein a center needs to broadcast a secret message to a privileged set of receivers. We prescribe a probability distribution $P$ on the privileged set. In this setting, the transmission overhead can be viewed as a random variable over $P$ and we define its expected value as the average transmission overhead (or ato). Given $P$, the Shannon's entropy function $H(.)$ provides a lower bound on the average number of bits required to identify every privileged set. This provides a natural lower bound for the ato in terms of $H(P)$. For session key distribution, we consider the subset cover framework and bound the ato in terms of the size of the cover. We further specialize our bound to accommodate storage constraints at receivers. We consider two families of distributions for $P$ that occur naturally in broadcast networks. -- Each receiver independently joins the privileged set with probability $p$. -- The privileged set is selected uniformly from a collection of subsets of receivers. We evaluate the ato of some practical schemes such as the subset difference method, the LSD scheme and the Partition-and-Power scheme under these distributions. Our investigations lead us to conclude that each scheme is inherently tailored to perform optimally for specific distributions.