Skip to main content

Primary supervisor

Ron Steinfeld

Co-supervisors

  • Amin Sakzad
  • Raymond K. Zhao (external, CSIRO's Data61)

Cryptographic applications require a careful implementation to avoid side-channel attacks that reveal secret information to an attacker (e.g. via run-time measurements). In particular, for floating point arithmetic it is known that the timing of some basic arithmetic operations and functions on some CPUs depends on the input values [1], and thus the timing may leak secret information when the input contains secret values. Constant-time implementation tries to mitigate such run-time timing leakage on typical devices.

Recently, some newer cryptographic applications such as the Latte quantum-safe hierarchical identity-based encryption (HIBE) [2] require higher precision real number arithmetic than the double precision i.e. "double"-type variable in C. However, existing constant-time implementation techniques for real number arithmetic usually focused on the lower precision (typically within the double precision) and/or targetted one specific precision for the target cryptographic application [3,4]. Therefore, it requires extensive work to make high precision real number arithmetic constant-time and adapt the constant-time arithmetic to other cryptographic applications with different precision requirements.

Student cohort

Single Semester
Double Semester

Aim/outline

Project Scope:
1. Study the existing constant-time implementation techniques for real number arithmetic and evaluate the adaptability of those techniques on higher precision.
2. Implement the constant-time high precision real number arithmetic in C, based on the precision requirements of the Latte HIBE.
3. Evaluate the constant-time and performance aspects of the implemented arithmetic.
4. Implement the constant-time real number arithmetic in C for arbitrary precision requirements i.e. the precision can be defined by the user without significantly modifying the underlying arithmetic implementation.

Ideally, the implementation should be packed in a C library, so the implementation can be used by different cryptographic applications.


This project can be provided in either single or double semesters. Depending on the duration of the project, the student is expected to finish at least 1--3 in the project scope.

URLs/references

[1] Marc Andrysco, Andres Nötzli, Fraser Brown, Ranjit Jhala, Deian Stefan: Towards Verified, Constant-time Floating Point Operations. CCS 2018. https://cseweb.ucsd.edu/~dstefan/pubs/andrysco:2018:towards.pdf
[2] Raymond K. Zhao, Sarah McCarthy, Ron Steinfeld, Amin Sakzad, Máire O'Neill: Quantum-safe HIBE: does it cost a Latte? https://eprint.iacr.org/2021/222
[3] Thomas Pornin: New Efficient, Constant-Time Implementations of Falcon. https://eprint.iacr.org/2019/893.pdf
[4] Séamus Brannigan, Máire O'Neill, Ayesha Khalid, Ciara Rafferty: A Secure Algorithm for Rounded Gaussian Sampling. CANS 2020. https://doi.org/10.1007/978-3-030-65411-5_29

Required knowledge

Depending on the nature of the specific project topic selected, the student should have one (or more) of:

    Knowledge/skills in C programming
    FIT1047 is required for undergraduate student

Knowledge in cryptography is not required.

If in doubt, please contact the primary supervisor for advice.