Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

Plan de culture --- Plan de culture

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

This thesis focuses on issues arising when implementing cryptography, specifically performance, side-channels and integration. All these issues must be addressed to turn a cryptographic algorithm into a practical system which can provide security properties such as confidentiality or authenticity.Considering the potential threat by quantum computers we deal with performance optimizations for supersingular isogeny Diffie-Hellman (SIDH).We compare different approaches for modular multiplication and show that Montgomery multiplication is theoretically the fastest and that product scanning is the fastest implementation. We also propose 2^391 19^88 – 1 and other primes suitable for SIDH which give an additional 12% speed-up. Further, we extend this comparison to Twisted Edwards curves with optimized addition chains and show that the increased flexibility in creating addition chains cannot compensate for the slower operations. Afterwards, practical performance improvements by using special multiplication instructions on ARM platforms are shown. Using these and an extended set of suitable primes gives a speed-up of 50%.We then consider a complete cryptographic system. We provide a security analysis of end-to-end encrypted email. It is shown how the complex behaviors of the components, when integrated into a single system, compromise or weaken security. Vulnerabilities are presented for 23 out of 35 tested S/MIME clients and 10 out of 28 tested OpenPGP clients. Finally, a side-channel attack on the Frodo scheme is presented. The attack can be performed with a single trace due to the reuse of secret values at multiple times during the algorithm. The attack extracts the key with probability 50%and 99% for parameter sets NIST1 and NIST2 respectively, also showing that it is more effective for supposedly more secure parameters. We also propose a mitigation with only minor impact on performance.