A Fast and Secure Implementation of Sflash
نویسندگان
چکیده
Sflash is a multivariate signature scheme, and a candidate for standardisation, currently evaluated by the European call for primitives Nessie. The present paper is about the design of a highly optimized implementation of Sflash on a low-cost 8-bit smart card (without coprocessor). On top of this, we will also present a method to protect the implementation protection against power attacks such as Differential Power Analysis. Our fastest implementation of Sflash takes 59 ms on a 8051 based CPU at 10MHz. Though the security of Sflash is not as well understood as for example for RSA, Sflash is apparently the fastest signature scheme known. It is suitable to implement PKI on low-cost smart card, token or palm devices. It allows also to propose secure low-cost payment/banking
منابع مشابه
SFLASH, a fast asymmetric signature scheme
Note: SFLASH is one of the three asymmetric signature schemes recommended by the Nessie European consortium for low-cost smart cards [21, 16]. The latest implementation report shows that SFLASH is the fastest signature scheme known, see [1] for details. This document is a specification of SFLASH-v3 produced for fear of SFLASH-v2 being broken (see [3]). HOWEVER after detailed analysis by Chen, C...
متن کاملCryptanalysis of SFLASH
Sflash is a fast multivariate signature scheme. Though the first version Sflash was flawed, a second version, Sflash was selected by the Nessie Consortium and was recommended for implementation of low-end smart cards. Very recently, due to the security concern, the designer of Sflash recommended that Sflash should not be used, instead a new version Sflash is proposed, which essentially only inc...
متن کاملSFLASHv3, a fast asymmetric signature scheme
Note: SFLASH is one of the three asymmetric signature schemes recommended by the Nessie European consortium for low-cost smart cards [19, 14]. The latest implementation report shows that SFLASH is the fastest signature scheme known, see [1]. Recent results on solving random systems of quadratic equations over fields of the form GF (2) (see [2]) suggest that the parameters of SFLASH should be in...
متن کاملPractical Key-Recovery for All Possible Parameters of SFLASH
In this paper we present a new practical key-recovery attack on the SFLASH signature scheme. SFLASH is a derivative of the older C∗ encryption and signature scheme that was broken in 1995 by Patarin. In SFLASH, the public key is truncated, and this simple countermeasure prevents Patarin’s attack. The scheme is well-known for having been considered secure and selected in 2004 by the NESSIE proje...
متن کاملOn the Importance of Protecting in SFLASH against Side Channel Attacks
SFLASH was chosen as one of the final selection of the NESSIE project in 2003. It is one of the most efficient digital signature scheme and is suitable for implementation on memory-constrained devices such as smartcards. Side channel attacks (SCA) are a serious threat to memoryconstrained devices. If the implementation on them is careless, we are able to break the secret key. In this paper, we ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003