For testing my codes, I need a PKCS#11 soft token which support symmetric functions like AES, DES, ...
Which PKCS#11 soft token support at least one symmetric function?
I found OpenCryptokey:
http://www.ibm.com/developerworks/linux/library/s-pkcs/
This Soft Token has symmetric functions.
Related
I am implementing RSA digital signature algorithm and one of the operations needed is modular exponentiation of 2048 bit strings. and the hardware i am using provides me an accelerated 256 bit modular exponentiation operation. so, my question here is there an optimized way to compute the 2048 bit operation using multiple 256 bit operations.
thanks in advance !!
I second this comment that hardware restricted to computing Ab mod n for 256-bit parameters is useless for RSA with 2048-bit modulus N.
We can't use a RSA Multiprime strategy (where N is the product of more than 2 primes, and the compute-intensive operations are made modulo these smaller primes), because a product of eight or nine primes each fitting 256 bits would be vulnerable to the Elliptic Curve factoring method. Also that would only work for the private key operation (signature generation, or decryption).
We can't use the thing as a general multiplier, because there's a single input.
By setting n to 2256-1 and b=2 we could use the thing to compute squares of any 128-bit argument, but that represents only a small fraction of the arithmetic work in RSA, and is most certainly not worth the hassle.
How exactly do you perform one way encryption using embeddings from a deep neural network?
Fully homomorphic encryption (FHE) benefits society by ensuring full privacy. The Private Identity recognition algorithm uses FHE to enable encrypted match and search operations on an encrypted dataset without any requirement to store, transmit or use plaintext biometrics or biometric templates. The biometric data is irreversibly anonymized using a 1-way cryptographic hash algorithm and then discarded without the data ever leaving the local device.
My question is how exactly does this use embeddings to accomplish this? Where do embeddings come in?
An embedding is a set of floating point numbers taken from the N-1 layer of a softmax Deep Neural Network (DNN). Initially, the community used DNNs to get a resulting class (softmax), but an interesting property turned out to be the values at the layer before the softamx layer.
These values have interesting properties. They may function as a 1-way encryption. They also closely relate to the initial input. In a geometric distance (cosine, Euclidean) values are close to similar inputs. This means two pictures of my face will be closer (geometrically) than a picture of two different people This property allows operations on the resulting encryption.
One of the operations allowed is match. In the encrypted space, using the distance properties, we can match using only the embedding. Since we are only working in the encrypted space, we have an implementation of FHE and the embedding comes from the DNN.
Subsequently, we have found that a second DNN allows the classification, but only using embeddings. We now have privacy and performance.
Consider two parties, namely, P_0 and P_1. P_0 and P_1 have plaintexts p_a and p_b respectively.
P_0 encrypts p_a to get c_a = Enc(p_a) with its public key, and sends it to P_1.
P_1 performs multiply_plain(c_a, p_b, c), followed by sub_plain_inplace(c, p_R) (where p_R is a random plaintext polynomial to hide the product of a and b), and then sends c to P_0.
Can the noise in c reveal some information about p_b to P_0, despite the product being masked by p_R?
If yes, then how can I avoid this leakage? Is there a way to add random noise to c to drown the impact of p_b on noise in c?
Is there a function in SEAL to encrypt using noise from a larger interval? If there is, then maybe I can encrypt p_R with extra noise to drown the impact.
Yes, the noise can in theory reveal information about the inputs to the product, even after adding a fresh encryption to it. Homomorphic encryption schemes are typically not designed to provide input privacy in such MPC protocols. It's not clear to me how feasible this "attack" would be to execute in realistic application scenarios though (except in pathological cases).
To avoid this issue and to obtain semi-honest security for protocols you may want to build from the BFV scheme you can indeed do what you suggested: flood the noise by adding an encryption with artificially large noise. This was used for example here (section 5.2) to prove the security of the protocol. See also Lemma 1 in this paper.
A fancier bootstrapping-based approach is described in this paper by Ducas and Stehle. Since bootstrapping in both BGV and BFV is extremely restrictive (and not implemented in SEAL), I wouldn't consider this approach to be practical except perhaps in some very rare scenarios.
We are currently in the process of strengthening our password protection.
We have been doing a fair amount of reading on SHA-2, Bcrypt, PBKDF2, and Scrypt. That being said, we are not security experts or cryptographers, and a lot of the technical aspects of the subject matter goes over our heads.
At this point we are leaning toward implementing either PBKDF2 or Bcrypt.
However, we were curious as to whether or not there was a benefit to using a SHA-2 algorithm in concert with Bcrypt (it appears PBKDF2 already has to specify a hashing algorithm).
We had looked at the post:
https://security.stackexchange.com/questions/11552/would-it-make-sense-to-use-bcrypt-and-pbkdf2-together
But this is really more about using both Bcrypt and PBKDF2 together, and not a SHA-2.
Is there a benefit of leveraging a SHA-2 algorithm with Bcrypt? Or is it wasted effort/performance for no appreciable increase in actual security?
Thanks in advance for any insight anyone can provide.
pbr
This is regarding AES algorithm.
Suppose i have implemented a AES algorithm and encrypt data using my algorithm. Now suppose somebody else also has implemented the same AES algorithm (128 bit). Now if i encrypt a data using my algorithm is it possible for decrypting the data and getting back the original data using the second algorithm that the other person has developed. What is the underlying difference in the algorithms.
Is it something related to S-BOX
Thanks
AES is a specified algorithm. If you have two different implementations they both should be able to encrypt and decrypt without any difference. If there is a difference then at least one of them wouldn't be AES.
For such things you
Either assume all implementations of an encryption algorithm you want to be interoperable with are correct, including yours.
Or don't reinvent the wheel unless you actually want to learn something about wheels.