high-performance ring-lwe cryptography scheme for biometric...

10
IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018 https://doi.org/10.5573/IEIESPC.2018.7.2.097 97 IEIE Transactions on Smart Processing and Computing High-performance Ring-LWE Cryptography Scheme for Biometric Data Security Tuy Nguyen Tan and Hanho Lee* Department of Information and Communication Engineering, Inha University, 100 Inha-ro, Nam-gu, Incheon, 22212, Korea * Corresponding Author: Hanho Lee, [email protected] Received January 31, 2018; Revised March 15, 2018; Accepted March 27, 2018; Published April 30, 2018 * Regular Paper Abstract: The rapid growth of using biometric devices for authentication and the fast development of the quantum computer means stronger and more reliable security services are needed for biometric data protection. This paper presents a novel ring-learning with errors (ring-LWE) cryptography scheme and a post-quantum cryptosystem for biometric data security. By using parallel multiplication and parallel addition in ring-LWE cryptography operations, the total encryption and decryption time can be significantly reduced. As a result, the proposed high- performance ring-LWE cryptography scheme outperforms existing cryptosystems in terms of processing time for text message encryption and decryption. Moreover, compared to the scheme implemented on a central processing unit (CPU), the proposed scheme on a graphics processing unit (GPU) can reduce encryption and decryption times for biometric images by up to 20 times and four times, respectively. A performance analysis of entropy and the similarity of the encrypted image generated by the proposed scheme also demonstrate improvement in the confidentiality of the cipher image, compared to previous works. Keywords: Biometric, Cryptography, Post-quantum, Ring-LWE, Security 1. Introduction Biometric authentication is attracting great interest nowadays for preserving privacy and security in vision- based systems. This is a method of recognizing a person using physiological or behavioral features (a fingerprint, the iris, or the face). Since the biometric information of each person is unique, biometric authentication is more appropriate and secure than traditional methods. Many researchers have been working on finding an optimal authentication scheme [1-6]. In order to authenticate someone using biometric characteristics, users initially have to register that information with a biometric authentication system. The users’ data are then stored on the devices or in server memory for future authentication. However, with the Internet of Things (IoT), there are concomitant risks in this way of storing biometric information. It can be stolen by those who might use this important information for evil purposes. Therefore, integrating a highly secure application into biometric authentication systems in order to protect this important data during the authentication and transmission process has become a requirement. Cryptosystems in which only authorized users with the right key are able to access the hidden information become a potential solution that can be installed into biometric authentication systems to provide a higher security level in order to keep biometric data from strangers. There are two types of cryptosystem: symmetric cryptography and asymmetric cryptography (public key cryptography) [7-9]. The former uses the same key for encryption and decryption operations, whereas the latter uses two separate keys (a public key and a private key) for encryption and decryption. Among the various asymmetric cryptography schemes, Rivest-Shamir-Adleman (RSA) [10] and elliptic curve cryptography (ECC) [11, 12] are the most popular. The encryption and decryption operations in ECC are based on an elliptic curve and computation over Galois field GF(p) or GF(2 m ), where p and m are prime numbers. In the key generation operation, the receiver selects a random number for the private key, k S , a base point, P S , and calculates ECC point multiplication Q S = k S P S [13-15]. The public key goes to the sender, who encrypts the input before sending it to the receiver. At the receiving side, the original data can be recovered using the receiver’s secret key and ECC point multiplication operations.

Upload: trannguyet

Post on 21-Jul-2019

214 views

Category:

Documents


0 download

TRANSCRIPT

IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018 https://doi.org/10.5573/IEIESPC.2018.7.2.097 97

IEIE Transactions on Smart Processing and Computing

High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

Tuy Nguyen Tan and Hanho Lee*

Department of Information and Communication Engineering, Inha University, 100 Inha-ro, Nam-gu, Incheon, 22212, Korea * Corresponding Author: Hanho Lee, [email protected]

Received January 31, 2018; Revised March 15, 2018; Accepted March 27, 2018; Published April 30, 2018

* Regular Paper

Abstract: The rapid growth of using biometric devices for authentication and the fast development of the quantum computer means stronger and more reliable security services are needed for biometric data protection. This paper presents a novel ring-learning with errors (ring-LWE) cryptography scheme and a post-quantum cryptosystem for biometric data security. By using parallel multiplication and parallel addition in ring-LWE cryptography operations, the total encryption and decryption time can be significantly reduced. As a result, the proposed high-performance ring-LWE cryptography scheme outperforms existing cryptosystems in terms of processing time for text message encryption and decryption. Moreover, compared to the scheme implemented on a central processing unit (CPU), the proposed scheme on a graphics processing unit (GPU) can reduce encryption and decryption times for biometric images by up to 20 times and four times, respectively. A performance analysis of entropy and the similarity of the encrypted image generated by the proposed scheme also demonstrate improvement in the confidentiality of the cipher image, compared to previous works.

Keywords: Biometric, Cryptography, Post-quantum, Ring-LWE, Security 1. Introduction

Biometric authentication is attracting great interest nowadays for preserving privacy and security in vision-based systems. This is a method of recognizing a person using physiological or behavioral features (a fingerprint, the iris, or the face). Since the biometric information of each person is unique, biometric authentication is more appropriate and secure than traditional methods. Many researchers have been working on finding an optimal authentication scheme [1-6]. In order to authenticate someone using biometric characteristics, users initially have to register that information with a biometric authentication system. The users’ data are then stored on the devices or in server memory for future authentication. However, with the Internet of Things (IoT), there are concomitant risks in this way of storing biometric information. It can be stolen by those who might use this important information for evil purposes. Therefore, integrating a highly secure application into biometric authentication systems in order to protect this important data during the authentication and transmission process has become a requirement. Cryptosystems in which only

authorized users with the right key are able to access the hidden information become a potential solution that can be installed into biometric authentication systems to provide a higher security level in order to keep biometric data from strangers. There are two types of cryptosystem: symmetric cryptography and asymmetric cryptography (public key cryptography) [7-9]. The former uses the same key for encryption and decryption operations, whereas the latter uses two separate keys (a public key and a private key) for encryption and decryption. Among the various asymmetric cryptography schemes, Rivest-Shamir-Adleman (RSA) [10] and elliptic curve cryptography (ECC) [11, 12] are the most popular. The encryption and decryption operations in ECC are based on an elliptic curve and computation over Galois field GF(p) or GF(2m), where p and m are prime numbers. In the key generation operation, the receiver selects a random number for the private key, kS, a base point, PS, and calculates ECC point multiplication QS = kS•PS [13-15]. The public key goes to the sender, who encrypts the input before sending it to the receiver. At the receiving side, the original data can be recovered using the receiver’s secret key and ECC point multiplication operations.

Tan et al.: High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

98

Although ECC offers security levels similar to traditional systems, such as RSA, with a significantly smaller key length [13], it can be solved in polynomial time by a quantum computer [16]. With the rapid improvements in cryptanalysis and the unpredictable development of the quantum computer [17], post-quantum secure and future practical alternatives are needed. Ring-LWE cryptography based on worst-case hardness of well-known lattice problems [18-22] is considered a great candidate for replacing these classic cryptosystems, because there is no known quantum computer that can solve the lattice problem efficiently [16].

In this work, a high-performance ring-LWE cryptography scheme to perform biometric image encryption and decryption operations is introduced. To the best of our knowledge, this is the first work designing a ring-LWE cryptography scheme for biometrics data security. By using parallel multiplication and addition in key generation, plus encryption and decryption operations on a graphics processing unit (GPU), the computation time of the proposed scheme for these operations is remarkably improved. Consequently, the total processing time of the proposed ring-LWE cryptography scheme is significantly reduced, compared to other works.

The rest of this paper is organized as follows. Section 2 provides the background to ring-LWE cryptosystems, and some related works. In Section 3, the proposed ring-LWE cryptography scheme for biometric data security is presented. Performance analysis and comparison are presented in Section 4. Finally, conclusions are given in Section 5.

2. Ring-LWE Cryptography

2.1 Ring-LWE Encryption and Decryption Algorithms

In ring-LWE problems, for some irreducible polynomial f(x) of degree n [16], polynomials a(x) and s(x) are selected uniformly from a ring, Rq = Zq[x]/f(x). Error polynomials ei(x) of degree n are sampled from error distribution χ, which is usually a discrete Gaussian distribution, χσ, with standard deviation σ. The ring-LWE distribution over Rq×Rq consists of tuples (a, t), where t = a•s + e. It is very difficult to find s from a given polynomial number of sample pairs (a, t) from As,χ. This problem is known as the search ring problem. A ring-LWE encryption and decryption scheme can be described as follows. ·Key generation: Generate the private key, r2, and the

public key, (a, p). Two error polynomials, r1 and r2, are sampled from a discrete Gaussian sampler. The value of p can be calculated using the following computation over ring Rq = Zq[x]/f(x):

1 2p r a r← − ⋅ (1)

·Encryption: Encrypt input message m into ciphertext,

(c1, c2). The input message m is encoded to

polynomial me in Rq. The encode function simply maps binary message m to the ring polynomial. The ith coefficient of m is mapped to q if and only if the ith bit of m is 1; otherwise, it is mapped to 0. Error polynomials e1, e2, and e3 are generated from χσ using a discrete Gaussian sampler. The computations of ciphertext (c1, c2) are described as follows:

1 2 1 2 1 3( , ) ( , )ec c a e e p e e m← ⋅ + ⋅ + + (2)

·Decryption: Decrypt the ciphertext to get the original

message m. To decrypt the ciphertext, the following computation needs to be performed:

1 2 2' qm c r c R← ⋅ + ∈ (3)

The original message, m, is recovered from m′ by using a decoder. We use the same decoder presented by Sujoy et al. [23] in order to decode the m′ information.

The proposed ring-LWE scheme uses the parameter

sets (n, q, σ) presented elsewhere [19, 23, 24].

2.2 Discrete Gaussian Sampler Ring-LWE cryptography requires sampling from a

Gaussian distribution. Among the various methods for sampling from a discrete Gaussian distribution, rejection sampling and inversion sampling [24] are the best-known algorithms. In practice, rejection sampling for a discrete Gaussian distribution is slow due to the high rejection rate for the sampled values, which are far from the center of the distribution [24]. The inversion method first generates a random probability and then selects a sample value such that the cumulative distribution up to that sample point is just larger than the randomly generated probability. Since the random probability should be of high precision, this method also requires a large number of random bits. The Knuth-Yao algorithm [24, 25] uses a random walk model for sampling from any non-uniform distribution. This algorithm proves that the number of random bits required by the sampling algorithm is close to the entropy of the distribution and, thus, is near-optimal. In this work, we use the same Knuth-Yao algorithm to sample from a discrete Gaussian distribution. The small standard deviation in the ring-LWE encryption scheme means that the memory requirement is small and can easily be satisfied on resource-limited devices.

2.3 Polynomial Multiplication Polynomial multiplication is the basic and most

computationally intensive operation in ring-LWE cryptography [15]. Given ai and bi in Rq, i = 1, 2,…, n-1, polynomials a(x) and b(x) over ring Rq can be expressed as follows:

2 1

0 1 2 1

10 1 2 2 1

( ) ...( ) ...

nn

nn

a x a a x a x a xb x b b x b x b x

−−

−−

= + + + +

= + + + + (4)

IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018

99

Suppose polynomial f(x) of degree n is the irreducible polynomial. The following computations are performed to compute the polynomial multiplication of a(x) and b(x):

1 1

0 0

( ) ( ) ( ) mod ( )n n

i ji j

i j

c x a x b x a b x f x− −

+

= =

= ⋅ = ∑∑ (5)

Some existing approaches to performing polynomial

multiplication have been introduced [16, 23, 26]. In these papers, the authors presented a hardware implementation for a polynomial multiplication architecture using fast Fourier transform (FFT) to compute the multiplication of two polynomials, a(x) and b(x), over ring Rq. The simulation results show the advantages of the architecture in terms of processing time and hardware complexity. Since this multiplication is quite complex and not suited to software implementation, we chose to implement the normal polynomial multiplication for our proposed scheme.

3. Proposed Ring-LWE Cryptography Schemes for Biometric Data Security

3.1 Parallel Polynomial Multiplier The proposed parallel polynomial multiplier computes

the multiplication of two polynomials, a(x) and b(x), over ring Rq on a GPU. We introduce this multiplier with the goals of reducing multiplication time, applying it efficiently in a biometrics data-security scheme. The proposed parallel multiplier scheme is presented in Fig. 1. Initially, two input polynomials in CPU memory are copied into GPU memory to execute parallel multiplication.

Since we use biometric images with a depth of eight bits, we allocate GPU memory for input polynomials a(x) and b(x) with eight blocks and n/8 threads per block. Our available GPU can support up to 512 threads per block, with selected values of n, and thus, the multiplication of polynomials a(x) and b(x) can be simultaneously executed.

After using this memory allocation strategy, the parallel multiplication described in Algorithm 1 is executed on the GPU to return the sub-product polynomial c1(x) with a degree of (2n - 1). This sub-product polynomial is then sent back to CPU memory where the modulus with irreducible polynomial f(x) and prime number q is calculated to get the multiplication result.

3.2 Proposed Key Generation Scheme In the key generation operation, private key r2 and

public key (a, p) are generated. These keys are then used in the ring-LWE encryption and decryption operations. Fig. 2 presents a detailed design of the proposed key generation scheme. Three random polynomials r1(x), r2(x), and a(x), generated from a discrete Gaussian sampler, participate in the key generation operation. While r2(x) is a private key, r1(x) and a(x) play the role of two input polynomials of a parallel multiplier in which the multiplication r2(x)•a(x) is computed. Public key (a, p) is then generated by combining polynomial a(x) and the result from a parallel adder: p(x) = r1(x) - r2(x)•a(x). Memory allocation for the parallel adder is similar to a parallel multiplier. This adder is less complex than a multiplier, since we only need to

Input polynomialsa(x), b(x) Polynomial a(x)

Polynomial b(x)

CPU GPU

b0 b1 b2 b3 b4 b5 b6 b7

b8 b9 b10 b11 b12 b13 b14 b15

bn‐1

a0 a1 a2 a3 a4 a5 a6 a7

an‐1an‐2an‐3an‐8 an‐7 an‐6 an‐5 an‐4

a8 a9 a10 a11 a12 a13 a14 a15

GPU memory allocationMultiplication on GPU

c0 c1 c2 c3 c4 c5 c6 c7c8 c9 c10 c11 c12 c13 c14 c15

c2n‐1c2n‐2c2n‐3c2n‐4c2n‐5c2n‐6c2n‐7c2n‐8

Sub‐product polynomial

mod f(x)

mod q 

Multiplication result c(x)

Fig. 1. Proposed parallel multiplication scheme over ring Rq on a GPU.

Fig. 2. Proposed key generation scheme using parallel multipliers.

Tan et al.: High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

100

add the corresponding array elements of two polynomials. The resulting polynomial from the parallel adder has the same degree as the original.

3.3 Proposed Ring-LWE Cryptography Scheme for Text Message Security

The overall operation of the ring-LWE cryptography scheme for text message security on a GPU platform is presented in Fig. 3. First, the plaintext is encoded in CPU memory before being copied to GPU memory for further operations. On the GPU, the encryption operation uses public key error polynomials to generate the encrypted message. This encrypted message can be decrypted with the private key. The decrypted message is then copied back to CPU memory, where decoding is executed to recover the original message. Fig. 4 shows the overall operation of the proposed ring-LWE cryptography scheme for text message m. At the beginning of the encryption process, input message m is encoded to get the encoded polynomial over ring Rq.

Depending on the value of the ith bit of the input message, the corresponding ith value of the encoded polynomial can be 0 or q/2. In addition, a discrete Gaussian sampler generates three error polynomials, e1(x), e2(x), and e3(x) in Rq that take part in the encryption and decryption processes. The next operation of the encryption process is calculating two polynomial multiplications, a(x)•e1(x) and p(x)•e1(x), using multiplier 1 and multiplier 2, respectively. Ciphertext c1(x) is generated from parallel adder 1, where the inputs are the result from multiplier 1, and error polynomial e2(x). Ciphertext c2(x) is calculated by parallel adder 2 using the output from multiplier 2, error polynomial e3(x), and encoded message me. Finally, encrypted message (c1, c2) is generated. When the original message is needed, ciphertext (c1, c2) can be decrypted using a few calculations. Parallel multiplier 3 computes the multiplication c1(x)•r2(x) of ciphertext c1(x) and the private key r2(x). The result from multiplier 3 becomes an input of parallel adder 3, where the addition c1(x)•r2(x) + c2(x) is calculated to return the decrypted message. Finally, decrypted message m′ is decoded to recover original message m.

3.4 Proposed Ring-LWE Cryptography Scheme for Biometric Data Security

The proposed scheme for biometric data encryption is shown in Fig. 5. Biometric images, such as a fingerprint, an iris, etc., with a size of col×row pixels are pre-processed to get the value of each pixel. Since the size of the image is col×row, the pre-processed matrix consists of col×row pixels. If the normal encryption method is used, the total number of required encryption operations for this image is col×row, which is extremely large, and the required time to complete encrypting one biometric image is certainly huge. In order to improve the encryption operation, we propose an efficient method that uses an encryption table to reduce

Fig. 3. Block diagram of the proposed ring-LWE cryptography scheme for text message security.

Fig. 4. Proposed ring-LWE cryptography scheme for text message security on a GPU.

IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018

101

processing time. Since we use black-and-white images with a depth of eight bits, we only need to build an encoding table consisting of 28 = 256 values, from 0 to 255, and their corresponding encoded values. The corresponding encoded value of input image pixels can be found quickly from a mapping operation using this table. In this way, the encoding time can be reduced by up to (col×row)/256 times. A pre-processed binary matrix plays the role of input matrix for the proposed encryption system. Each value of this matrix is compared to the standard value of the black-and-white image to build the mapping table. For example, the pixel values 0 and 1 correspond to the locations (i0, j0) and (i1, j1) of the input matrix, respectively. Afterwards, the mapping table is built, in which each input matrix location is mapped to the corresponding value of the standard pixels. The function of the encoder is converting image pixel values in a binary matrix to the polynomial matrix over a ring. Depending on the value of each bit in the image pixel values, it can be converted to (q - 1)/2 or 0. In this encryption scheme, each image pixel value is typically considered as a text message, m. We use the same public key to encrypt all image pixel values, so that the original image can be recovered easily. The ciphertext (c1, c2) of each pixel is calculated using two parallel multipliers and two parallel adders, as shown in Fig. 5. To reduce encryption time, we build an encryption table to encrypt all possible values for eight-bit images.

The encrypted value of an input biometric image pixel can be found more quickly by mapping to this encryption table. As a result, an encrypted matrix containing all encrypted values of an input image is created, and an encrypted image is generated. Biometric data are stored in encrypted form to keep them safe from strangers. When an authentication operation using original biometrics data is needed, this data can be easily recovered by the proposed decryption scheme presented in Fig. 6. The decryption architecture consists of polynomial multiplication, polynomial addition, and a decoder. The decryption process for an encrypted biometric image using private key r2(x) is typically executed pixel by pixel. Ciphertext (c1, c2) of each pixel and a private key are used to calculate the decrypted message, m′. A unique private key, r2(x), is used through this decryption operation. In this way, a decrypted matrix is generated. These values are then decoded to return the binary values of the initial image pixels. To perform this decryption operation effectively, a similar mapping table described in the encryption step is also used. Each location in the encrypted matrix is mapped to a corresponding value to avoid repeating calculations. Thus, the number of decryption operations can be reduced by (col×row)/256. Consequently, total decryption time will be considerably decreased. Finally, the original image is successfully recovered.

Fig. 5. Proposed high-performance ring-LWE encryption scheme for biometric data security on a GPU.

Tan et al.: High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

102

4. Performance Analysis and Comparison

The performance of our proposed ring-LWE cryptography scheme is evaluated using Microsoft Visual Studio and the Compute Unified Device Architecture (CUDA) on a Dell machine (Intel Xeon X5680 3.33GHz CPU, 32GB RAM, and an NVIDIA GeForce GTX TITAN Black graphics card) running the Windows 7 64-bit operating system. The ring-LWE encryption and decryption operations for text messages and biometric images are executed on both CPU and GPU platforms to compare performance.

4.1 Processing Time for Text Messages We implement the proposed scheme for text message

security on both CPU and GPU platforms to obtain a value for the processing time. We use the same text “INHA 2018” for the proposed ring-LWE scheme, with n = 256 and n = 512. The presented values for running time are the average values over 1000 iterations. This value for the processing time is then compared to the results obtained from ECC cryptosystems over GF(2163) on a CPU. The processing times of these schemes are described in Table 1. As we can see, the encryption and decryption times using the proposed ring-LWE cryptography scheme on a GPU are much shorter than on the CPU. For the same text message, the ring-LWE cryptography scheme at n = 256 uses only about 75% of the encryption time and 86% of the decryption time with ECC over GF(2163). In addition, the

total encryption and decryption times using the proposed ring-LWE cryptography scheme at n = 256 on the GPU are 6.7 times and 8.8 times faster, respectively, than ECC over GF(2163) on a CPU.

4.2 Performance of Ring-LWE Cryptography Scheme for Biometric Data Security

In order to show the advantages of the proposed high-performance ring-LWE cryptography for biometric data security, implementation is executed on a CPU, a GPU, and using other cryptosystems for biometric image security. After that, some important parameters are analyzed to ensure it is difficult for strangers to recover the original image from the encrypted image. To ensure confidentiality, the encrypted image should be highly uncorrelated to the original. We did the similarity analysis and histogram analysis used by Ali et al. [27] to evaluate our performance. · Running time comparison: The encryption and

decryption times are shown in Table 2 for biometric images at 300×300 pixels using different algorithms and schemes. In our implementation, we use black-and-white images at an eight-bit depth where the image pixel values vary from 0 to 255. Therefore, we implement ECC over GF(28) and the ring-LWE scheme at n = 8 to process encryption and decryption for eight-bit images. As can be seen, for a complete operation in biometric image security, the total running time of the proposed ring-LWE scheme on a

Fig. 6. Proposed high-performance ring-LWE decryption scheme for biometric data security on a GPU.

Table 1. Comparison of normalized processing times for text message encryption and decryption.

Algorithm Parameter Platform Encryption time (ms) Decryption time (ms) ECC [15] GF(2163) CPU 1,070 194

Proposed ring-LWE n = 256 CPU 803 168 Proposed ring-LWE n = 256 GPU 108 36 Proposed ring-LWE n = 512 CPU 2,344 612 Proposed ring-LWE n = 512 GPU 380 120

IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018

103

GPU is about 12 times shorter than on a CPU. In particular, the processing times for ring-LWE encryption and decryption for a biometric image on a GPU are about 14 times and four times shorter, respectively, than on a CPU. Moreover, our proposed ring-LWE scheme for a biometric image on a CPU outperforms the CPU-based ECC scheme by about 19% in terms of total processing time. Encryption and decryption times are extremely short, compared to the normalized values of Algorithm I and Algorithm II by Ali et al. [27], and those of Luiz et al. [28]. Fig. 7 shows the encryption and decryption times for different sizes of biometric images. Total processing time for the parallel multiplication-based ring-LWE cryptography scheme on a GPU is much faster than the ring-LWE cryptography and ECC schemes implemented on a CPU.

·Similarity analysis and comparison: To measure the degree of similarity between the input image and the encrypted image, a normalized correlation metric is used. This metric will be very close to zero if the input image and encrypted image are completely different. Table 3 shows a comparison of correlation factors between the proposed scheme and the algorithms of Ali et al. [27] and Luiz et al. [28]. It is clear that the proposed scheme obtains as much as a 30.8% smaller correlation factor than the Ali et al. algorithms. Remarkably, our obtained correlation factor is about one-fifth of the algorithm from Luiz et al. This proves there is a complete difference between the encrypted image generated by our proposed scheme and the input image.

·Histogram analysis: Image histogram analysis aids in visualizing the correlation between the plaintext and ciphertext images by giving the probability of

appearance for each grey level [27]. The original image and the encrypted image are highly uncorrelated if the histogram is largely different. As can be seen in Fig. 8, the histogram of the encrypted fingerprint and the iris are different from the originals. Furthermore, since the distribution of the appearance probabilities of the grey levels is equitable, it is extremely difficult to predict information from the encrypted image.

·Entropy analysis and comparison: We used entropy to measure the uncertainty present in the encrypted image. The degree of randomness and confidentiality in the encrypted image is high when its entropy is high. Given that the maximum theatrical entropy values for a grey-scale image is eight bits per pixel [27], the entropy values of encrypted images obtained from the proposed scheme and from the others are presented in Table 3. The values for an encrypted image using the proposed scheme are close to eight bits per pixel, demonstrating the effectiveness of the proposed algorithms in hiding the details of the original biometric images. Compared to the algorithm of Luiz et al. [28], the proposed scheme achieves

Table 2. Comparison of normalized processing times for biometric image encryption and decryption.

Algorithm Parameter Platform Encryption time (ms) Decryption time (ms) Luiz et al. [28] - CPU 601× 103 620× 103

Algorithm I [27] - CPU 557× 103 591× 103 Algorithm II [27] - CPU 332× 103 379× 103

ECC [15] GF(28) CPU 963 174 Proposed ring-LWE n = 8 CPU 858 62 Proposed ring-LWE n = 8 GPU 61 16

Fig. 7. Processing times of ECC on a CPU, and ring-LWE on CPU and GPU platforms for biometric images.

Tan et al.: High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

104

better values for entropy. Since the biometric images used in our scheme are different from the ones used by Ali et al. [27], we use the “improvement in entropy” as a parameter to evaluate the proposed scheme. The improvement in entropy between the encrypted image and the original image from the proposed scheme is 37.64%, which is higher than the values obtained with Algorithm I (34.34%) and Algorithm II (36.14%) by Ali et al. [27].

5. Conclusions

A novel ring-LWE cryptography scheme for biometric image security is proposed in this paper. The simulation results from text message encryption and decryption show improvement via the parallel multiplication-based ring-LWE cryptography scheme, compared to one implemented on a CPU and compared to other cryptosystems in terms of processing time. Furthermore, the simulation results on biometric data show the advantages of the proposed scheme in both encryption and decryption operations. Analyzing entropy and similarity between the encrypted image and the original image prove the dominant confidentiality of the proposed scheme, compared to the others. Hence, the proposed ring-LWE cryptography scheme can be used in systems that require a high security level, such as biometric authentication and IoT security.

Acknowledgement

This work was supported by the MSIT (Ministry of Science, ICT), Korea, under the ITRC support program (IITP-2018-2014-0-00729) supervised by the IITP and, in part, by the Basic Science Research Program (2016R1A2B4015421) through the NRF funded by the MSIT.

References

[1] A. K. Das, “Analysis and improvement on an

efficient biometric-based remote user authentication scheme using smart cards,” IET Information Security, vol. 5, no. 3, pp. 145-151, 2011. Article (CrossRef Link)

[2] J. S. Leu and W. B. Hsieh, “Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards,” IET Information Security, vol. 8, no. 2, pp. 104-113, 2014. Article (CrossRef Link)

[3] C. I. Fan and Y. H. Lin, “Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics,” IEEE Trans. Information and Forensics Security, vol. 4, no. 4, pp. 933-945, 2009. Article (CrossRef Link)

[4] V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Trans. Information and Forensics Security, vol. 10, no. 9, pp. 1953-1966, 2015. Article (CrossRef Link)

[5] C. T. Chen and C. C. Lee, “A two-factor authentication scheme with anonymity for multi-server environments,” Security and Communication Network, vol. 8, no. 8, pp. 1608-1625, 2015. Article (CrossRef Link)

[6] D. Zhao, H. Peng, L. Li, and Y. Yang, “A secure and effective anonymous authentication scheme for roaming service in global mobility networks,” Wireless Personal Communication, vol. 78, no. 1, pp. 247-269, 2014. Article (CrossRef Link)

[7] A. Michel, B. Fabrice, and P. David, “Public-key encryption indistinguishable under plaintext-checkable attacks,” IET Information Security, vol. 10, no. 6, pp. 288-303, 2016. Article (CrossRef Link)

[8] H. Felix, J. Tibor, H. Sven, and K. Eike, “Selective opening security of practical public-key encryption schemes,” IET Information Security, vol. 10, no. 6, pp. 304-318, 2016. Article (CrossRef Link)

[9] E. Fujisaki and T. Okamoto, “Secure integration of

Table 3. Comparison of normalized correlation factor and entropy for the original and the encrypted images.

Algorithm Correlation factor

Entropy of original image(bits/pixel)

Entropy of encrypted image (bits/pixel)

Improvement in entropy (bits/pixel)

Luiz et al. [28] 0.0242 - 7.4764 - Algorithm I [27] 0.0081 5.8739 7.8909 2.0170 Algorithm II [27] 0.0081 5.8739 7.9969 2.1230

Proposed ring-LWE 0.0056 5.7285 7.8847 2.1562

Fig. 8. Histograms of input images and encryptedimages.

IEIE Transactions on Smart Processing and Computing, vol. 7, no. 2, April 2018

105

asymmetric and symmetric encryption schemes,” Journal of Cryptology, vol. 26, no. 1, pp. 80-101, 2013. Article (CrossRef Link)

[10] H. Xinming and W. Wei, “A novel and efficient design for an RSA cryptosystem with a very large key size,” IEEE Trans. Circuits and Systems II, vol. 62, no. 10, pp. 972-976, 2015. Article (CrossRef Link)

[11] K. Neal, M. Alfred, and V. Scott, “The state of elliptic curve cryptography,” Designs, Codes and Cryptography, vol. 19, no. 2-3, pp. 173-193, 2000. Article (CrossRef Link)

[12] H. Darrel, M. Alfred, and V. Scott, Guide to elliptic curve cryptography, Springer Professional Computing 2004. Article (CrossRef Link)

[13] D. S. Gustavo, D. Jean-Pierre, and L. I. José, “Efficient elliptic curve point multiplication using digit-serial binary field operations,” IEEE Trans. Industrial Electronics, vol. 60, no. 1, pp. 217-225, 2014. Article (CrossRef Link)

[14] T. N. Tuy and L. Hanho, “High-speed low-complexity elliptic curve cryptographic processor,” International SoC Design Conference, Gyeongju, Korea, pp. 265-266, Nov. 2015. Article (CrossRef Link)

[15] T. N. Tuy and L. Hanho, “Efficient algorithm and architecture for elliptic curve cryptographic processor,” Journal of Semiconductor Technology and Science, vol. 16, no. 1, pp. 118-125, 2016. Article (CrossRef Link)

[16] D. C. Dong, M. Nele, V. Frederik, S. R. Sujoy, C. C. C. Ray, P. Derek, and V. Ingrid, “High-speed polynomial multiplication architecture for ring-LWE and SHE cryptosystems,” IEEE Trans. Circuits Systems I, vol. 62, no. 1, pp. 157-166, 2015. Article (CrossRef Link)

[17] R. Steven and G. Barton, “NSA seeks to build quantum computer that could crack most types of encryption,” http://wapo.st/19DycJT, accessed on 30 January 2018. Article (CrossRef Link)

[18] W. B. Joppe, C. Craig, N. Michael, and S. Douglas, “Post-quantum key exchange for the TLS protocol from the ring learning with errors problem,” IEEE Symposium on Security and Privacy, San Jose, CA, USA, pp. 553-570, May 2015. Article (CrossRef Link)

[19] D. C. Ruan, S. R. Sujoy, V. Frederik, and V. Ingrid, “Efficient software implementation of ring-LWE encryption,” Design, Automation and Test in Europe Conference and Exhibition, France, pp. 339-344, Mar. 2015. Article (CrossRef Link)

[20] W. Wei, H. Yi, C. Lianmu, H. Xinming, and S. Berk, “Exploring the feasibility of fully homomorphic encryption,” IEEE Trans. Computers, vol. 64, no. 3, pp. 698-706, 2016. Article (CrossRef Link)

[21] C. Peikert, “Lattice cryptography for the internet,” International Workshop on Post-Quantum Cryptography, Waterloo, ON, Canada, pp. 197-219, Oct. 2014. Article (CrossRef Link)

[22] P. Thomas and G. Tim, “Area optimization of lightweight lattice-based encryption on

reconfigurable hardware,” IEEE International Symposium on Circuits Systems, Melbourne VIC, Australia, pp. 2796-2799, Jun. 2014. Article (CrossRef Link)

[23] S. R. Sujoy, V. Frederik, M. Nele, D. C. Donald, and V. Ingrid, “Compact ring-LWE cryptoprocessor,” International Workshop on Cryptographic Hardware and Embedded Systems, Busan, Korea, pp. 371-391, Sep. 2014. Article (CrossRef Link)

[24] S. R. Sujoy, V. Frederik, and V. Ingrid, “High precision Gaussian sampling on FPGAs,” International Conference on Selected Areas in Cryptography, Burnaby, BC, Canada, pp. 383-401, Aug. 2013. Article (CrossRef Link)

[25] D. Chaohui and B. Guoqiang, “Towards efficient discrete Gaussian sampling for lattice-based cryptography,” 25th International Conference on Field Programmable Logic and Applications, London, UK, pp.1-6, Sep. 2015. Article (CrossRef Link)

[26] D. C. Dong, X. Y. Gavin, C. Ray, P. Derek, and K. K. Cetin, “Parameter space for the architecture of FFT-Based montgomery modular multiplication,” IEEE Trans. Computers, vol. 65, no. 1, pp. 147-160, 2016. Article (CrossRef Link)

[27] A. Ali, A. Gheith, and H. Noor, “Crypto-based algorithms for secured medical image transmission,” IET Information Security, vol. 1, no. 6, pp. 365-373, 2015. Article (CrossRef Link)

[28] O. M. K. Luiz, S. F. Sergio, and S. L. M. B. Paulo, “Providing integrity and authenticity in DICOM images: A novel approach,” IEEE Trans. Information Technology in Biomedicine, vol. 13, no. 4, pp. 582-589, July 2009. Article (CrossRef Link)

Tuy Nguyen Tan received the B.S. degree in Electronic and Telecommuni- cation Engineering from Danang University of Technology, Vietnam, and the M.S. degree in Information and Communication Engineering, Inha University, Korea in 2009 and 2014, respectively. He is currently pursuing

the Ph.D. degree in Information and Communication Engineering from Inha University, Korea. His interests include algorithm and architecture design for crypto- systems.

Tan et al.: High-performance Ring-LWE Cryptography Scheme for Biometric Data Security

106

Hanho Lee received a Ph.D. and MSc, both in Electrical and Computer Engineering, from the University of Minnesota, Minneapolis, in 2000 and 1996, respectively. In 1999, he was a Member of Technical Staff-1 at Lucent Technologies, Bell Labs, Holmdel, New Jersey. From April 2000 to

August 2002, he was a Member of the Technical Staff at Lucent Technologies (Bell Labs Innovations), Allentown. From August 2002 to August 2004, he was an Assistant Professor in the Department of Electrical and Computer Engineering, University of Connecticut, USA. Since August 2004, he has been with the Department of Information and Communication Engineering, Inha University, where he is currently a Professor. From August 2010 to August 2011, he was a visiting scholar at Bell Labs, Alcatel-Lucent, Murray Hill, New Jersey, USA. His research interests include algorithm and architecture design for cryptographic, forward error correction coding, and digital signal processing.

Copyrights © 2018 The Institute of Electronics and Information Engineers