Name: Peter Schwabe
Topic: High-Speed Cryptography and Cryptanalysis
Modern digital communication relies heavily on cryptographic protection to ensure data integrity and privacy. In order to deploy state-of-the art cryptographic primitives and protocols in real-world scenarios, one needs to highly optimize software for both speed and security. This requires careful choices of high-level cryptographic parameters, low-level optimization of software on the assembly level for a given microarchitecture and considerations of the subtle interactions between high-level and low-level optimizations. This thesis considers three examples of cryptographic primitives and describes software implementations of these primitives that set new speed records.
The Advanced Encryption Standard (AES) is one of the most widely used symmetric cryptographic primitives. The traditional implementation approach for AES is based on table lookups. While software based on this approach still achieves best performance for a variety of 32-bit and 64-bit architectures, it is usually vulnerable to cache-timing attacks. Another implementation approach for AES is the bitslic- ing technique. Not only is software based on this approach inherently protected against cache-timing attacks, on some microarchitectures it even achieves better performance.
Elliptic-curve cryptography is the current state of the art of asymmetric cryptography. For elliptic-curve Diffie-Hellman key exchange, Bernstein proposed the Curve25519 function. Several speed-record-setting implementations of this function have been developed for a variety of architectures. Optimizing Curve25519 software for the Synergistic Processor Units of the Cell Broadband Engine is a particularly interesting challenge because the small integer multipliers of this architecture do not seem to make it the best-suited platform for public-key cryptography.
Another use of elliptic curves in cryptography is in the construction of cryptographic pairings. In order to make pairings fas[...]