Day 1: The first day will start with an introductory lecture about programming embedded microcontrollers and optimizing software on the assembly level. This lecture will also highlight how optimizing cryptographic software needs to pay special attention to not leak secret information through timing and introduce the so-called "constant-time" programming paradigm. We will then move to the first of two exercises, namely optimizing the stream cipher ChaCha20 on an ARM Cortex-M4. In this exercise we start from an unoptimized C reference implementation and re-implement the core of ChaCha20 in assembly to obtain better performance.
Day 2: We will first continue working on up the first exercise and then move to a lecture on big-integer arithmetic, a core sub-routine of current asymmetric cryptography like RSA or elliptic-curve cryptography. As a small example of a cryptographic algorithm that requires big-integer arithmetic, we will consider the Poly1305 authenticator in the second exercise. Again, we will start from an unoptimized C reference implementation; but for this exercise, optimization does not require the use of assembly.
Day 3: Through most of day three, we will continue working on the second exercise and then combine the results of both exercises to obtain an implementation of ChaCha20-Poly1305 as described in RFC 7539 and widely deployed in TLS.
After this training you will be able to
Peter Schwabe is research group leader at MPI-SP and professor at Radboud University. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research area is cryptographic engineering; in particular the security and performance of cryptographic software. He published more than 50 articles in journals and at international conferences presenting, for example, fast software for a variety of cryptographic primitives including AES, hash functions, elliptic-curve cryptography, and cryptographic pairings. He has also published articles on fast cryptanalysis, in particular attacks on the discrete-logarithm problem. In recent years he has focused in particular on post-quantum cryptography. He co-authored the "NewHope" and "NTRU-HRSS" lattice-based key-encapsulation schemes which were used in post-quantum TLS experiments by Google and is co-submitter of seven proposals to the NIST post-quantum crypto project, all of which made it to the second round and five of which made it to the third round.