WO2022026903A1 - Execution rate control for cryptographic functions - Google Patents

Execution rate control for cryptographic functions Download PDF

Info

Publication number
WO2022026903A1
WO2022026903A1 PCT/US2021/044024 US2021044024W WO2022026903A1 WO 2022026903 A1 WO2022026903 A1 WO 2022026903A1 US 2021044024 W US2021044024 W US 2021044024W WO 2022026903 A1 WO2022026903 A1 WO 2022026903A1
Authority
WO
WIPO (PCT)
Prior art keywords
hash function
input message
hash
value
storing
Prior art date
Application number
PCT/US2021/044024
Other languages
French (fr)
Inventor
Go Yamamoto
Original Assignee
Ntt Research Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ntt Research Inc. filed Critical Ntt Research Inc.
Publication of WO2022026903A1 publication Critical patent/WO2022026903A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • H04K1/06Secret communication by transmitting the information or elements thereof at unnatural speeds or in jumbled order or backwards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

Systems, methods, network devices, and machine-readable media are disclosed for controlling the speed at which certain cryptographic functions are performed, wherein the speed can be variably set based on a desired processing speed or computational effort required to complete the function, such as a secure hash function. Embodiments of the invention can be configured to use a delay function to derive the key to decrypt. By adjusting the decryption time to be slower, we can improve the security of the encryption container against the brute force attack.

Description

Execution Rate Control for Cryptographic Functions
[001] CROSS-REFERENCE TO RELATED APPLICATIONS
[002] This application claims the benefit of U.S. Provisional Application No. 63/059,945, filed July 31, 2020, and U.S. Provisional Application No. 63/059,935, filed July 31, 2020, the entire contents both of which are incorporated herein by reference.
[003] FIELD OF THE INVENTION
[004] The present disclosure relates to systems, methods, network devices, and machine- readable media for controlling the rate at which certain cryptographic functions are capable of being executed to completion.
[005] BACKGROUND OF THE INVENTION
[006] Hash functions play an essential role in the blockchain technologies. Prior art hash functions in use in the mainstream of the blockchain technologies such as Bitcoin, Etherium, and others are typically hash functions such as SHA-256 and SHA-3. Those functions are designed so that they are computable efficiently, and as a result, it is possible to design high-speed hardware that dedicatedly computes those hash functions at the overwhelming speed compared with when implemented by software.
[007] Bitcoin technologies based on these hardware-friendly hash functions result in the centralization of miners. It is hard for small mining businesses to be profitable because a certain amount of investment in dedicated hardware becomes the key success factor of the mining business. Thus, there is a need for a new class of hash function that is execution-rate controlled, and more particularly, has certain hardship to accelerate using dedicated hardware.
[008] In other applications, one of the most popular use cases for encryption containers for digital documents is sending the container as an e-mail attachment. In that case, the decryption key may be sent from the sender to the receiver using another channel than the e-mail. For example, the channel for the key is typically mobile text or by voice communication. It is therefore desired to keep the transmitted key as short as possible, for example, a 4 - 8 digit number. However, the decryption key with such small entropy is subject to the brute force attack.
[009] The introduction of a simple delay function would correspondingly delay encryption, as well as decryption. Here, there is also a need for a new class of hash functions that is resistant to the brute force attack, but is still efficient for encryption.
[010] Thus, there is a need for methods of encryption, and in particular hash functions, that are capable of being delayed in certain circumstances, by a certain amounts, but not materially delayed in others.
[Oil] BRIEF DESCRIPTION OF THE DRAWINGS
[012] The accompanying drawings, which are included to provide further understanding and are incorporated in and constitute a part of this specification, illustrate disclosed embodiments, and together with the description, serve to explain the principles of the disclosed embodiments. In the drawings:
[013] Fig. 1 illustrates an example method for controlling the rate of a cryptographic function.
[014] Fig. 2 illustrates example components for implementing systems and methods for rate-controlled cryptographic functions.
[015] Fig. 3 illustrates further example components for implementing systems and methods for rate-controlled cryptographic functions.
[016] DETAILED DESCRIPTION
[017] Described herein are a new class of hash functions and applications thereof. In general, the inventive class of hash functions can be constructed as:
[018] G{x) :::: h(x) mod N
[019] With reference to Fig. 1, and as described in more detail below, the hash function can receive a rate control factor from an outside source.
[020] One example embodiment includes a computerized method for providing a hash value for an input message, where the hash value provides for a time-delay function limiting a speed at which the hash value can be calculated on the input message. The method can be configured to execute the steps: calculating a product of two primes, p and q, and storing a result as product N ; receiving an identification of a hash function h to execute on a computer processor; receiving an input message x as input to the hash function h; receiving a rate control factor f; on the computer processor, executing the hash function h on input message x and storing a result as an intermediate hash value h(x); multiplying the interim hash value h(x) by itself a number of times, wherein the number of times is specified based on the input message x and rate control factor t storing the result as a completed interim value; and calculating a delayed hash value as completed interim value mod product N and storing the calculation in a computer storage media.
[021] In some further embodiments, the hash function h is a cryptographic hash function. In some further embodiments, the value of x is not fixed in a hardware device. In some further embodiments, t is adjusted based on the computational environment and a valuation of the input message x. In some further embodiments, executing the hash function h accesses memory external to the computer processor to store a plurality of processing states. In some further embodiments, the hash function is performed as part of a bitcoin mining operation.
[022] Some embodiments of the invention further derive an encryption key by choosing a short key k at a sender; selecting t according to a desired decryption speed; and computing encryption key s by hi(G(E(k)) based on the chosen p and q.
[023] In some further embodiments, G is computed as t' = E(/c)1 mod f(N) so that G(x) = h(x)v mod N.
[024] Some embodiments of the invention further include receiving a message having been encrypted by short key k and product N ; computing encryption key s without knowledge of primes p and q ; and decrypting the input message based on computed encryption key s.
[025] Key Management
[026] Embodiments of the invention can be configured to use a delay function to derive the key to decrypt. By adjusting the decryption time to be slower, we can improve the security of the encryption container against the brute force attack.
[027] However, if a simple delay function is used, then the encryption also takes a long time. Thus, the inventive delay function employs a trapdoor, so that those who know the trapdoor can compute the delay function efficiently.
[028] The delay hash function can be constructed as:
[029]
Figure imgf000005_0001
mod V
[030] As a non-limiting example, h(x) can be an arbitrary hash function such as SHA-3. [031] G(x) is collision-resistant and resistant to the design of a dedicated hardware accelerator.
[032] From short key k, the system can derive encryption key by s = hiG(E(k)) where hi is a hash function, and E is a key derivation function such as MFG1, KDF1, KDF2, and KDF3 (defined in ISO 18033-2). By adjusting f, the computation of s takes time. The person who encrypts the message m can decide how long it will take to decrypt using, for example, a typical personal computer.
[033] To decrypt, when sender sends message m to receiver:
1. Sender chooses short key k and generates N = pq.
2. Adjusts t according to the computational environment and the valuation of the message data.
3. Compute s = hi(G(E(k)) using the knowledge of p and q. G is computed very efficiently because one computes t' = E (k)1 mod f(N), so G(x) = h(x)v mod N.
[034] The receiver will compute s without the knowledge of p and q, so it will take time as the sender intended. Thus, this encrypted message with the short key will have enhanced security against the brute force attacks.
[035] Applications to Blockchain
[036] In applications for blockchain, we may use G as the hash function of blockchain systems. In that case, we can implement a trusted third party who controls the blockchain systems using virtually unlimited computational power.
[037] Resistance to Hardware Acceleration
[038] It is well known that a function that assures delay in computation is constructed using the idea of the time-lock puzzle. The time-lock puzzle is to compute
[039] fd-n 2* '* mod N
[040] efficiently for N = pq, p and q are prime numbers with certain conditions.
[041] It is hard to compute ft(x) efficiently without knowing the factors of N because the only known algorithm is computing by/t(x) =fl ofl o ··· ofi(x).
[042] We can construct delay hash function by H(x) =ft(h(x)) where h(x) is an authentic, cryptographic, or otherwise secure hash function such as, but not limited to, SHA-256. This type of delay hash functions is equipped with a certain resistance to hardware acceleration because it is hard to parallelize the computation of/t(x). [043] The resistance to hardware acceleration for H(x) is limited because the internal states are limited to the size of c\h(x) | for some constant c.
[044] Some embodiments of the invention can employ another delay hash function that requires the internal states with the size of c|x| . Since x is usually with a certain large size, the new hash function is highly resistant to hardware acceleration because the dedicated hardware eventually needs access to external memory as well as the software implementations.
[045] Hardware Overview
[046] Figs. 2 and 3 depict example computer systems useful for implementing various embodiments described in the present disclosure. Various embodiments may be implemented, for example, using one or more computer systems, such as computer system 500 shown in Fig. 2. One or more computer system(s) 500 may be used, for example, to implement any of the embodiments discussed herein, as well as combinations and sub combinations thereof.
[047] Computer system 500 may include one or more processors (also called central processing units, processing devices, or CPUs), such as a processor 504. Processor 504 may be connected to a communication infrastructure 506 (e.g., such as a bus).
[048] Computer system 500 may also include user input/output device(s) 503, such as monitors, keyboards, pointing devices, etc., which may communicate with communication infrastructure 506 through user input/output interface(s) 502. One or more of processors 504 may be a graphics processing unit (GPU). In an embodiment, a GPU may be a processor that is a specialized electronic circuit designed to process mathematically intensive applications. The GPU may have a parallel structure that is efficient for parallel processing of large blocks of data, such as mathematically intensive data common to computer graphics applications, images, videos, etc.
[049] Computer system 500 may also include a main memory 508, such as random-access memory (RAM). Main memory 508 may include one or more levels of cache. Main memory 508 may have stored therein control logic (i.e., computer software, instructions, etc.) and/or data. Computer system 500 may also include one or more secondary storage devices or secondary memory 510. Secondary memory 510 may include, for example, a hard disk drive 512 and/or a removable storage device or removable storage drive 514. Removable storage drive 514 may interact with a removable storage unit 518. Removable storage unit 518 may include a computer-usable or readable storage device having stored thereon computer software (control logic) and/or data. Removable storage drive 514 may read from and/or write to removable storage unit 518.
[050] Secondary memory 510 may include other means, devices, components, instrumentalities, or other approaches for allowing computer programs and/or other instructions and/or data to be accessed by computer system 500. Such means, devices, components, instrumentalities, or other approaches may include, for example, a removable storage unit 522 and an interface 520. Examples of the removable storage unit 522 and the interface 520 may include a program cartridge and cartridge interface, a removable memory chip (such as an EPROM or PROM) and associated socket, a memory stick and USB port, a memory card and associated memory card slot, and/or any other removable storage unit and associated interface.
[051] Computer system 500 may further include communications interface 524 (e.g., network interface). Communications interface 524 may enable computer system 500 to communicate and interact with any combination of external devices, external networks, external entities, etc. (individually and collectively referenced as remote device(s), network(s), entity(ies) 528). For example, communications interface 524 may allow computer system 500 to communicate with external or remote device(s), network(s), entity(ies) 528 over communications path 526, which may be wired and/or wireless (or a combination thereof), and which may include any combination of LANs, WANs, the Internet, etc. Control logic and/or data may be transmitted to and from computer system 500 via communications path 526.
[052] Computer system 500 may also be any of a personal digital assistant (PDA), desktop workstation, laptop or notebook computer, netbook, tablet, smartphone, smartwatch or other wearable devices, appliance, part of the I nternet-of -Things, and/or embedded system, to name a few non-limiting examples, or any combination thereof.
[053] Computer system 500 may be a client or server computing device, accessing or hosting any applications and/or data through any delivery paradigm, including but not limited to remote or distributed cloud computing solutions; local or on-premises software ("on-premise" cloud-based solutions); "as a service" models (e.g., content as a service (CaaS), digital content as a service (DCaaS), software as a service (SaaS), managed software as a service (MSaaS), platform as a service (PaaS), desktop as a service (DaaS), framework as a service (FaaS), backend as a service (BaaS), mobile backend as a service (MBaaS), infrastructure as a service (laaS), etc.); and/or a hybrid model including any combination of the foregoing examples or other services or delivery paradigms.
[054] Fig. 3 illustrates an example machine of a computer system 900 within which a set of instructions, for causing the machine to perform any one or more of the operations discussed herein, may be executed. In alternative implementations, the machine may be connected (e.g., networked) to other machines in a LAN, an intranet, an extranet, and/or the Internet. The machine may operate in the capacity of a server or a client machine in a client-server network environment, as a peer machine in a peer-to-peer (or distributed) network environment, or as a server or a client machine in a cloud computing infrastructure or environment.
[055] The machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, a switch or bridge, a specialized application or network security appliance or device, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
[056] The example computer system 900 includes a processing device 902, a main memory 904 (e.g., read-only memory (ROM), flash memory, dynamic random-access memory (DRAM) such as synchronous DRAM (SDRAM), etc.), a static memory 906 (e.g., flash memory, static random-access memory (SRAM), etc.), and a data storage device 918, which communicate with each other via a bus 930.
[057] Processing device 902 represents one or more processing devices such as a microprocessor, a central processing unit, or the like. More particularly, the processing device may be complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, or processor implementing other instruction sets, or processors implementing a combination of instruction sets. Processing device 902 may also be one or more special-purpose processing devices such as an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like. The processing device 902 is configured to execute instructions 926 for performing the operations and steps discussed herein.
[058] The computer system 900 may further include a network interface device 908 to communicate over the network 920. The computer system 900 also may include a video display unit 910, an alphanumeric input device 912 (e.g., a keyboard), a cursor control device 914 (e.g., a mouse), a graphics processing unit 922, a signal generation device 916 (e.g., a speaker), graphics processing unit 922, video processing unit 928, and audio processing unit 932.
[059] The data storage device 918 may include a machine-readable medium 924 (also known as a computer-readable storage medium) on which is stored one or more sets of instructions 926 (e.g., software instructions) embodying any one or more of the operations described herein. The instructions 926 may also reside, completely or at least partially, within the main memory 904 and/or within the processing device 902 during execution thereof by the computer system 900, where the main memory 904 and the processing device 902 also constitute machine-readable storage media.
[060] In an example, the instructions 926 include instructions to implement operations and functionality corresponding to the disclosed subject matter. While the machine-readable storage medium 924 is shown in an example implementation to be a single medium, the term "machine-readable storage medium" should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions 926. The term "machine-readable storage medium" shall also be taken to include any medium that is capable of storing or encoding a set of instructions 926 for execution by the machine and that cause the machine to perform any one or more of the operations of the present disclosure. The term "machine- readable storage medium" shall accordingly be taken to include, but is not be limited to, solid-state memories, optical media, and magnetic media.
[061] Some portions of the detailed description have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the ways used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self- consistent sequence of operations leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
[062] It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the above discussion, it is appreciated that throughout the description, discussions utilizing terms such as "identifying" or "determining" or "executing" or "performing" or "collecting" or "creating" or "sending" or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage devices.
[063] The present disclosure also relates to an apparatus for performing the operations herein. This apparatus may be specially constructed for the intended purposes, or it may comprise a computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer-readable storage medium, such as but not limited to, any type of disk including floppy disks, optical disks, CD- ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, each coupled to a computer system bus.
[064] The operations and illustrations presented herein are not inherently related to any particular computer or other apparatus. Various types of systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the operations. The structure for a variety of these systems will appear as set forth in the description herein. In addition, the present disclosure is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the disclosure as described herein.
[065] The present disclosure may be provided as a computer program product, or software, that may include a machine-readable medium having stored thereon instructions, which may be used to program a computer system (or other electronic devices) to perform a process according to the present disclosure. A machine-readable medium includes any mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a machine-readable (e.g., computer-readable) medium includes a machine (e.g., a computer) readable storage medium such as read-only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory devices, etc.
[066] In some embodiments, a tangible, non-transitory apparatus or article of manufacture comprising a tangible, non-transitory computer useable or readable medium having control logic (software) stored thereon may also be referred to herein as a computer program product or program storage device. This includes, but is not limited to, computer system 500, main memory 508, secondary memory 510, and removable storage units 518 and 522, as well as tangible articles of manufacture embodying any combination of the foregoing. Such control logic, when executed by one or more data processing devices (such as computer system 500), may cause such data processing devices to operate as described herein.
[067] Based on the teachings contained in this disclosure, it will be apparent to persons skilled in the relevant art(s) how to make and use embodiments of this disclosure using data processing devices, computer systems, and/or computer architectures other than that shown in Figs. 2 and 3. In particular, embodiments can operate with software, hardware, and/or operating system implementations other than those described herein.
[068] It is to be appreciated that the Detailed Description section, and not any other section, is intended to be used to interpret the claims. Other sections can set forth one or more but not all exemplary embodiments as contemplated by the inventor(s), and thus, are not intended to limit this disclosure or the appended claims in any way.
[069] While this disclosure describes exemplary embodiments for exemplary fields and applications, it should be understood that the disclosure is not limited thereto. Other embodiments and modifications thereto are possible and are within the scope and spirit of this disclosure. For example, and without limiting the generality of this paragraph, embodiments are not limited to the software, hardware, firmware, and/or entities illustrated in the figures described herein. Further, embodiments (whether or not explicitly described herein) have significant utility to fields and applications beyond the examples described herein.
[070] Embodiments have been described herein with the aid of functional building blocks illustrating the implementation of specified functions and relationships thereof. The boundaries of these functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternate boundaries can be defined as long as the specified functions and relationships (or equivalents thereof) are appropriately performed. Also, alternative embodiments can perform functional blocks, steps, operations, methods, etc. using orderings different than those described herein.
[071] References herein to "one embodiment," "an embodiment," "an example embodiment," or similar phrases, indicate that the embodiment described can include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it would be within the knowledge of persons skilled in the relevant art(s) to incorporate such feature, structure, or characteristic into other embodiments whether or not explicitly mentioned or described herein. Additionally, some embodiments can be described using the expression "coupled" and "connected" along with their derivatives. These terms are not necessarily intended as synonyms for each other. For example, some embodiments can be described using the terms "connected" and/or "coupled" to indicate that two or more elements are in direct physical or electrical contact with each other. The term "coupled," however, can also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
[072] The breadth and scope of this disclosure should not be limited by any of the above- described exemplary embodiments but should be defined only in accordance with the following claims and their equivalents. In the foregoing specification, implementations of the disclosure have been described with reference to specific example implementations thereof. It will be evident that various modifications may be made thereto without departing from the broader spirit and scope of implementations of the disclosure as set forth in the following claims. The specification and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense.

Claims

1. A computerized method for providing a hash value for an input message, where the hash value provides for a time-delay function limiting a speed at which the hash value can be calculated on the input message, the method comprising: calculating a product of two primes, p and q, and storing a result as product N ; receiving an identification of a hash function h to execute on a computer processor; receiving an input message x as input to the hash function h; receiving a rate control factor f; on the computer processor, executing the hash function h on input message x and storing a result as an intermediate hash value h(x); multiplying the interim hash value h(x) by itself a number of times, wherein the number of times is specified based on the input message x and rate control factor t storing the result as a completed interim value; and calculating a delayed hash value as completed interim value mod product N and storing the calculation in a computer storage media.
2. The method of claim 1, wherein the hash function h is a cryptographic hash function.
3. The method of claim 2, wherein the value of x is not fixed in a hardware device.
4. The method of claim 1, wherein t is adjusted based on the computational environment and a valuation of the input message x.
5. The method of claim 1, wherein executing the hash function h accesses memory external to the computer processor to store a plurality of processing states.
6. The method of claim 1, wherein the hash function is performed as part of a bitcoin mining operation.
7. The method of claim 1, further comprising: deriving an encryption key by: choosing a short key k at a sender; selecting t according to a desired decryption speed; and computing encryption key s by hi(G(E(k)) based on the chosen p and q.
8. The method of claim 7, wherein G is computed as t' = E(kf mod f(N) so that G(x) = h(x)v mod N.
9. The method of claim 7, further comprising: receiving a message having been encrypted by the short key k and the product N ; computing encryption key s without knowledge of the primes p and q and decrypting the input message based on the computed encryption key s.
10. A computerized system for providing a hash value for an input message, where the hash value provides for a time-delay function limiting a speed at which the hash value can be calculated on the input message, the system comprising a computer processor configured for: calculating a product of two primes, p and q, and storing a result as product N ; receiving an identification of a hash function h to execute on the computer processor; receiving an input message x as input to the hash function h; receiving a rate control factor f; executing the hash function h on input message x and storing a result as an intermediate hash value h(x); multiplying the interim hash value h(x) by itself a number of times, wherein the number of times is specified based on the input message x and rate control factor t storing the result as a completed interim value; and calculating a delayed hash value as completed interim value mod product N and storing the calculation in a computerized storage media.
11. The system of claim 10, wherein the hash function h is a cryptographic hash function.
12. The system of claim 11, wherein the value of x is not fixed in a hardware device.
13. The system of claim 10, wherein t is adjusted based on the computational environment and a valuation of the input message x.
14. The system of claim 10, wherein executing the hash function h accesses memory external to the computer processor to store a plurality of processing states.
15. The system of claim 10, wherein the hash function is performed as part of a bitcoin mining operation.
16. The system of claim 10, further comprising: deriving an encryption key by: choosing a short key k at a sender; selecting t according to a desired decryption speed; and computing encryption key s by hi(G(E(k)) based on the chosen p and q.
17. The system of claim 16, wherein G is computed as t' = E(k)1 mod f(N) so that G(x) = h(x)v mod N.
18. The system of claim 16, further comprising: receiving a message having been encrypted by the short key k and the product N ; computing encryption key s without knowledge of the primes p and q; and decrypting the input message based on the computed encryption key s.
PCT/US2021/044024 2020-07-31 2021-07-30 Execution rate control for cryptographic functions WO2022026903A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202063059945P 2020-07-31 2020-07-31
US202063059935P 2020-07-31 2020-07-31
US63/059,935 2020-07-31
US63/059,945 2020-07-31

Publications (1)

Publication Number Publication Date
WO2022026903A1 true WO2022026903A1 (en) 2022-02-03

Family

ID=80036156

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/044024 WO2022026903A1 (en) 2020-07-31 2021-07-30 Execution rate control for cryptographic functions

Country Status (1)

Country Link
WO (1) WO2022026903A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7242766B1 (en) * 2001-11-21 2007-07-10 Silicon Image, Inc. Method and system for encrypting and decrypting data using an external agent
US20100250966A1 (en) * 2009-03-31 2010-09-30 Olson Christopher H Processor and method for implementing instruction support for hash algorithms
US20100304807A1 (en) * 2009-05-29 2010-12-02 Apple Inc. Hash function using a cue sports game process
US20110276790A1 (en) * 2010-05-07 2011-11-10 Olson Christopher H Instruction support for performing montgomery multiplication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7242766B1 (en) * 2001-11-21 2007-07-10 Silicon Image, Inc. Method and system for encrypting and decrypting data using an external agent
US20100250966A1 (en) * 2009-03-31 2010-09-30 Olson Christopher H Processor and method for implementing instruction support for hash algorithms
US20100304807A1 (en) * 2009-05-29 2010-12-02 Apple Inc. Hash function using a cue sports game process
US20110276790A1 (en) * 2010-05-07 2011-11-10 Olson Christopher H Instruction support for performing montgomery multiplication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHANG JED KAO-TUNG, LIU CHEN, LIU SHAOSHAN, GAUDIOT JEAN-LUC: "Workload characterization of cryptography algorithms for hardware acceleration (abstracts only)", ACM SIGMETRICS PERFORMANCE EVALUATION REVIEW, ACM, 14 March 2011 (2011-03-14), XP055904436, Retrieved from the Internet <URL:https://dl.acm.org/doi/pdf/10.1145/1958746.1958800?casa_token=LJH2HmuPCukAAAAA:q7v9DddDneTLAndyKsHl4Mzw3Ookl9lqLzXfzb6XwnjCgEVFv_I2JmMmiKmf8k3Z2aOb5AYI0vRo> DOI: 10.1145/2160803.2160844 *
ERNIE BRICKELL ; JAN CAMENISCH ; LIQUN CHEN: "Direct Anonymous Attestation", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20040821:115324, 20 August 2004 (2004-08-20), pages 1 - 28, XP061000928, DOI: 10.1145/1030083.1030103 *

Similar Documents

Publication Publication Date Title
WO2020253234A1 (en) Data homomorphic encryption and decryption method and apparatus for implementing privacy protection
US11706026B2 (en) Location aware cryptography
CN109474423B (en) Data encryption and decryption method, server and storage medium
US20200204530A1 (en) Self-encrypting key management system
Meneses et al. RSA encryption algorithm optimization to improve performance and security level of network messages
US20190109701A1 (en) Methods and systems for enhanced data-centric homomorphic encryption sorting using geometric algebra
US9780948B1 (en) Generating integers for cryptographic protocols
US8953786B2 (en) User input based data encryption
WO2021012841A1 (en) Verification method and device applied to blockchain
CN112800445A (en) Boolean query method for forward and backward security and verifiability of ciphertext data
Chourasia et al. Vectorized neural key exchange using tree parity machine
Thakkar et al. A survey for comparative analysis of various cryptographic algorithms used to secure data on cloud
CN110213050B (en) Key generation method, device and storage medium
Iqbal et al. Symmetric key cryptography: Technological developments in the field
CN114142996B (en) Searchable encryption method based on SM9 cryptographic algorithm
Verma Secure client-side deduplication scheme for cloud with dual trusted execution environment
Santos et al. Enhancing data security in cloud using random pattern fragmentation and a distributed nosql database
WO2022026903A1 (en) Execution rate control for cryptographic functions
US20230344628A1 (en) Secure massively parallel computation for dishonest majority
CN116170142A (en) Distributed collaborative decryption method, device and storage medium
WO2022076327A1 (en) Decentralized multi-authority attribute-based encryption
Handa et al. Keyword binning-based efficient search on encrypted cloud data
CN113810416A (en) Public key searchable encryption method based on SM2 public key encryption algorithm
Sharma et al. Cloud Storage Security using Firebase and Fernet Encryption
CN113098843A (en) High-speed random sampling encryption method for geological and geographical big data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21850890

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21850890

Country of ref document: EP

Kind code of ref document: A1