Cryptography for microdevices Data protection against the threats of tomorrow

Cryptography is subdivided in the two categories symmetric and asymmetric techniques; the latter are considerably more complex because of their underlying mathematical structures. In symmetric techniques, sender and receiver use the same key to encrypt a message and to subsequently decrypt it. In asymmetric techniques, on the other hand, sender and receiver use different keys that are linked via a mathematic relationship.

Asymmetric encoding techniques are required for many applications with advanced security requirements, for example those for digital signatures.

Asymmetric cryptography uses code pairs made up of two components. One component of the code is public, the other is secret. Both codes are closely linked in mathematical terms; but due to a difficult mathematical problem, it is impossible to reconstruct the private code by using the public component. A message that Alice sends to Bob can be encrypted with Bob’s public code. In order to decode it, Bob’s private code is required, which, however, is known only to him. © Agentur der RUB, Zalewski

The asymmetric techniques that are in use today would no longer be secure if quantum computers existed. Under the umbrella of the EU project Post-Quantum Cryptography, researchers are therefore searching for new cryptographic solutions and implementations. Four categories of mathematic techniques are suited for the purpose: code-based cryptography, lattice-based cryptography as well as cryptography on the basis of systems of multivariate-quadratic equations or cryptographic hash functions.

To this end, the team headed by Prof Dr Tim Güneysu, in close collaboration with the Chair for Embedded Security, has initially identified and analysed promising techniques for implementing them into microdevices, such as hardware chips and Smartcards.

Tim Güneysu ist Experte für kryptografische Verfahren für elektronische Kleinstgeräte. © Roberto Schirdewahn

“As yet, we have mostly excluded hash-based cryptography from our studies, because implementation techniques have been thoroughly analysed to date,” says Güneysu. Cryptography via multivariate-quadratic equation systems are not a main aspect of the research, either. The reason is: “The security status of some of the proposed systems has not yet been fully understood. Therefore, we consider it difficult to raise acceptance for several of these systems in practical applications,” explains Güneysu.

Some of the multivariate-quadratic techniques had been introduced as quickly as they were subsequently broken. Accordingly, it is a risk to invest a lot of effort into optimising methods of this category for microdevices.

Techniques with high potential

The IT security expert considers lattice-based and code-based cryptography promising. Not only do those techniques offer the potential to protect from quantum computer attacks, the team has also demonstrated that they can be efficiently implemented in microdevices.

The challenge: to an extent, the new techniques demand for complicated algorithmic computations and large keys, which increase system costs significantly – a major problem if the technology is supposed to be deployed in small and cost-efficient computational systems.

Es ist eine Herausforderung, sichere Verschlüsselungsverfahren, die vor Quantencomputerangriffen schützen würden, in Kleinstgeräte wie elektronische Schlüssel zu implementieren. Aufgrund des Platzangebots und des hohen Kostendrucks sind nur leistungsschwache Prozessoren und kleine Speicher verfügbar, um die aufwendigen Berechnungen der Kryptografie zu realisieren. © Roberto Schirdewahn

In order to tackle this problem, the researchers deploy alternative representations of those cryptographic techniques, which introduce, for example, structures in the codes aiming at reducing the overall key size. They also optimise algorithmic computations by tailoring them to the target platform. Depending on which technique they used, the researchers were able to consolidate complex steps with other computations or even omitted some of them without reducing the security margin offered by the cryptographic technique.

This is how the team from Bochum has demonstrated that a first step is taken so that today’s microdevices with constrained processor technology can securely communicate, anticipating the upcoming threats in the era of quantum computers.