Advertisement

Using the Cloud to Determine Key Strengths

  • Thorsten Kleinjung
  • Arjen K. Lenstra
  • Dan Page
  • Nigel P. Smart
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)

Abstract

We develop a new methodology to assess cryptographic key strength using cloud computing, by calculating the true economic cost of (symmetric- or private-) key retrieval for the most common cryptographic primitives. Although the present paper gives both the current (2012) and last year’s (2011) costs, more importantly it provides the tools and infrastructure to derive new data points at any time in the future, while allowing for improvements such as of new algorithmic approaches. Over time the resulting data points will provide valuable insight in the selection of cryptographic key sizes.

Keywords

Hash Function Reserved Price Block Cipher Elliptic Curve Discrete Logarithm Problem Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
  3. 3.
    Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/
  4. 4.
    Bahr, F., Boehm, M., Franke, J., Kleinjung, T.: Subject: RSA200. Announcement, May 9 (2005)Google Scholar
  5. 5.
    Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C., Cheng, C.-M., van Damme, G., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130. Cryptology ePrint Archive, Report 2009/541 (2009), http://eprint.iacr.org/2009/541
  6. 6.
    Biham, E.: A Fast New DES Implementation in Software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    The BOINC project, http://boinc.berkeley.edu/
  9. 9.
    Caron, T.R., Silverman, R.D.: Parallel implementation of the quadratic sieve. J. Supercomputing 1, 273–290 (1988)CrossRefGoogle Scholar
  10. 10.
    Cavallar, S., Dodson, B., Lenstra, A.K., Lioen, W., Montgomery, P.L., Murphy, B., te Riele, H., Aardal, K., Gilchrist, J., Guillerm, G., Leyland, P., Marchand, J., Morain, F., Muffett, A., Putnam, C., Putnam, C., Zimmermann, P.: Factorization of a 512-Bit RSA Modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Certicom Inc. The Certicom ECC Challenge, http://www.certicom.com/index.php/the-certicom-ecc-challenge
  12. 12.
    Coppersmith, D.: Modifications to the number field sieve. J. of Cryptology 6, 169–180 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Hayashi, T., Shimoyama, T., Shinohara, N., Takagi. T.: Breaking pairing-based cryptosystems using η T pairing over GF(397). Cryptology ePrint Archive, Report 2012/345 (2012), http://eprint.iacr.org/2012/345
  14. 14.
    Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Gilmore, J. (ed.): Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. Electronic Frontier Foundation. O’Reilly & Associates (1998)Google Scholar
  16. 16.
    Güneysu, T., Kasper, T., Novotný, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. IEEE Transactions on Computers 57, 1498–1513 (2008)CrossRefGoogle Scholar
  17. 17.
    Gueron, S.: Intel’s New AES Instructions for Enhanced Performance and Security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51–66. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)Google Scholar
  19. 19.
    Kleinjung, I., Bos, J.W., Lenstra, A.K., Osvik, D.A., Aoki, K., Contini, S., Franke, J., Thomé, E., Jermini, P., Thiémard, M., Leyland, P., Montgomery, P.L., Timofeev, A., Stockinger, H.: A heterogeneous computing environment to solve the 768-bit RSA challenge. Cluster Computing 15, 53–68 (2012)CrossRefGoogle Scholar
  20. 20.
    Lenstra, A.K.: Unbelievable Security; Matching AES Security Using Public Key Systems. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 67–86. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Lenstra, A.K.: Key Lengths. In: The Handbook of Information Security, ch. 114. Wiley (2005)Google Scholar
  22. 22.
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Math., vol. 1554. Springer (1993)Google Scholar
  23. 23.
    Lenstra, A.K., Manasse, M.S.: Factoring by Electronic Mail. In: Quisquater, J.J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 355–371. Springer, Heidelberg (1990)Google Scholar
  24. 24.
    Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes. J. of Cryptology 14, 255–293 (2001)MathSciNetzbMATHGoogle Scholar
  25. 25.
    Matsui, M., Nakajima, J.: On the Power of Bitslice Implementation on Intel Core2 Processor. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 121–134. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    NIST. Secure Hash Signature Standard (SHS) – FIPS PUB 180-2, http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
  27. 27.
    NIST. Digital Signature Standard (DSS) – FIPS PUB 186-2, http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
  28. 28.
  29. 29.
    van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. of Cryptology 12, 1–28 (1999)zbMATHCrossRefGoogle Scholar
  30. 30.
    Osvik, D.A., Shamir, A., Tromer, E.: Efficient Cache Attacks on AES, and Countermeasures. J. of Cryptology 23, 37–71 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  31. 31.
    Pollard, J.: Monte Carlo methods for index computation mod p. Math. Comp. 32, 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  32. 32.
    Quisquater, J.-J., Standaert, F.: Exhaustive key search of the DES: Updates and refinements. In: SHARCS 2005 (2005)Google Scholar
  33. 33.
    Quisquater, J.-J., Standaert, F.: Time-memory tradeoffs. In: Encyclopedia of Cryptography and Security, pp. 614–616. Springer (2005)Google Scholar
  34. 34.
    Rouvroy, G., Standaert, F.-X., Quisquarter, J.-J., Legat, J.-D.: Design strategies and modified descriptions to optimize cipher FPGA implementations: Fact and compact results for DES and Triple-DES. In: ACM/SIGDA - Symposium on FPGAs, pp. 247–247 (2003)Google Scholar
  35. 35.
    The RSA challenge numbers, formerly on http://www.rsa.com/rsalabs/node.asp?id=2093, now on for instance http://en.wikipedia.org/wiki/RSA_numbers
  36. 36.
    SECG. Standards for Efficient Cryptography Group. SEC2: Recommended Elliptic Curve Domain Parameters version 1.0, http://www.secg.org
  37. 37.
  38. 38.
    Shamir, A.: Factoring large numbers with the TWINKLE device (2000) (manuscript)Google Scholar
  39. 39.
    Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  40. 40.
    Smart, N.P. (ed.): ECRYPT II: Yearly report on algorithms and keysizes (2009-2010), http://www.ecrypt.eu.org/documents/D.SPA.13.pdf
  41. 41.
    Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  42. 42.
    Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  43. 43.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199 (2004), http://eprint.iacr.org/2004/199
  44. 44.
    Wang, X., Yao, A., Yao, F.: New Collision Search for SHA-1. Crypto 2005 Rump session (2005), http://www.iacr.org/conferences/crypto2005/r/2.pdf
  45. 45.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  46. 46.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Thorsten Kleinjung
    • 1
  • Arjen K. Lenstra
    • 1
  • Dan Page
    • 2
  • Nigel P. Smart
    • 2
  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.Dept. Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations