Tung Chou

Learn More
This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2 128 security level, this paper achieves a reciprocal de-cryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast(More)
We analyze how fast we can solve general systems of multivariate equations of various low degrees over F2; this constitutes a generic attack on a hard problem both important in itself and often arising as part of algebraic cryptanalysis. We do not propose new generic techniques, but instead we revisit the standard exhaustive-search approach. We show that it(More)
This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost(More)
We analyze how fast we can solve general systems of multivariate equations of various low degrees over F2; this is a well known hard problem which is important both in itself and as part of many types of algebraic cryptanalysis. Compared to the standard exhaustive search technique, our improved approach is more efficient both asymptotically and practically.(More)
QUAD is a provably secure stream cipher, whose security is based on the hardness assumption of solving multivariate quadratic polynomial systems over a finite field, which is known to be NP-complete. However, such provable security comes at a price, and QUAD is slower than most other stream ciphers that do not have security proofs. In this paper, we discuss(More)
This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy(More)
Solving a system of multivariate quadratic equations (MQ) is an NP-complete problem whose complexity estimates are relevant to many cryptographic scenarios. In some cases it is required in the best known attack; sometimes it is a generic attack (such as for the multi-variate PKCs), and sometimes it determines a provable level of security (such as for the(More)
This paper shows how to securely authenticate messages using just 29 bit operations per authenticated bit, plus a constant overhead per message. The authenticator is a standard type of " universal " hash function providing information-theoretic security; what is new is computing this type of hash function at very high speed. At a lower level, this paper(More)