wipr -- a public key implementation on two grains of sand
DESCRIPTION
WIPR -- a Public Key Implementation on Two Grains of Sand. Yossi Oren 1 , Martin Feldhofer 2 1 Weizmann Institute of Science 2 Graz University of Technology. 1024-bit public key Full encryption 5705 gates, including RAM and ROM 600ms/10µA at 100KHz Works great with the EPC C1G2 standard. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/1.jpg)
WIPR -- A PUBLIC KEY IMPLEMENTATION ON TWO
GRAINS OF SANDYossi Oren1, Martin Feldhofer2
1Weizmann Institute of Science2Graz University of Technology
![Page 2: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/2.jpg)
Not watered down 1024-bit public key Full encryption 5705 gates, including RAM and ROM 600ms/10µA at 100KHz Works great with the EPC C1G2 standard
WIPR C1G2WIPR C1G2
WIPR C1G2 WIPR C1G2
![Page 3: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/3.jpg)
Talk Outline What inventory applications gain from PK The WIPR PK scheme in theory Implementation results Integration with EPC
![Page 4: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/4.jpg)
Inventory + PK encryption = awesome
Addictol 50mg#6382020
200 € Bill#426144
U.S. Passport#1800400400
![Page 5: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/5.jpg)
Inventory + PK encryption = awesome
WIPR version 1
WIPR version 1
WIPR version 1
Secrecy (and anti-counterfeiting) Metadata privacy Full backward and forward privacy Implicit reader authentication Works even if tag is completely
compromised!
![Page 6: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/6.jpg)
WIPR in Theory Rabin’s scheme [R79, GM82]:
Private Key: primes p,q. Public Key: n=p¢q Encryption: C=P2(mod n)
Low-resource version [N92, S94]: Encryption: C=P2+r¢n, random r Statistically indistinguishable from Rabin’s
scheme when r is appropriately chosen Super-low-resource version (this work):
Specially-formed n stored within 200 GEs Long random strings created on-the-fly using
Feistel structure
![Page 7: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/7.jpg)
The WIPR Protocol
Plaintext is expanded to n bits, then squared using a standard multiply-accumulator
InterrogatorKnows: SK
Creates random rr
TagKnows: PK, ID
Generates random rt
rr
EPK(rr, rt, ID)
![Page 8: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/8.jpg)
Imlementation Details
FSM
Con
trol
ler
AM
BA
Int
erfa
ce
25-bitAccumulator
25-bitAdder
8x8-bitMultiplier
Mux Mux
FeistelRt1a
FeistelRt1b
FeistelRt2
128x8-bitConst
16x8-bitRr
Data_in
data_out
ID(i) CRC(i)
WIPRDatapath
Encryption: C=(ID,rr,rt1)2+rt2¢n
![Page 9: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/9.jpg)
Implementation Results
WIPR
WIPR-1024
AES-128 [FDW04]
ECC-192 [FW07]
NTRU-57 [GKS04]
GPS-160 [McLR07]
Implementation Cost (GEs)
![Page 10: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/10.jpg)
Integration with EPC C1G2 WIPR ciphertext ¼ 2048 bits in 600ms C1G2 data rate ¼ 50 kbps How do we maximize the interrogation
rate?
![Page 11: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/11.jpg)
Interrogator Tag
Query
RN16
ACK(RN16)
{WIPR Version 1}
Challenge(RN16)
Handle
ACKRep(Handle)
{Ciphertext bytes}
ACKRep(Handle)
{Ciphertext bytes}
Integration with EPC C1G2
Crucial for the security
of the scheme
![Page 12: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/12.jpg)
Thank you! For more information:
http://iss.oy.ne.ro/WIPR
![Page 13: WIPR -- a Public Key Implementation on Two Grains of Sand](https://reader036.vdocuments.us/reader036/viewer/2022062501/568165a4550346895dd88507/html5/thumbnails/13.jpg)
WIPR and other PK Schemes When comparing the gate cost of WIPR to
another scheme, don’t forget to check: Does the gate cost include RAM and ROM? Does it use a full-strength cipher or a “mobile
version”? Does it do encryption? Does it support
secrecy and privacy? Is it a full scheme, or only a cryptographic
construct?