Page 84 - profile2014.indd
P. 84
研究員
楊柏因 Bo-Yin Yang
Research Fellow
Ph.D., Applied Mathematics, MIT
Tel: +886-2-2788-3799 ext. 1731 Fax: +886-2-2782-4814
Email: byyang@iis.sinica.edu.tw
http://www.iis.sinica.edu.tw/pages/byyang
● B.S. Mathematics, National Tai- Research Description
wan University (1987)
● Ph.D. Mathematics, Massachu- My research is mainly in applied cryptography and e cient implementations of cryptog-
setts Institute of Technology raphy and cryptanalysis. Our team is internationally renowned, particularly in the elds of
(1991) post-quantum cryptography and cryptographic implementation, especially on specialist
● Associate Professor of Math- platforms.
ematics, Tamkang University,
(1992-2006) In 2009, our team put Academia Sinica on the CHES (Cryptographic Hardware and Embed-
ded Systems) map with “ECM on Graphics Cards” at Eurocrypt. The ECM (Elliptic Curve Meth-
● Associate Research Fellow, IIS, od) is critical in factoring RSA modulus using the Number Field Sieve. In 2010, we showed
Academia Sinica, (2006-2011)
that GPUs (Graphic Processing Units) on graphic cards can run brute-force solutions so
● Research Fellow, IIS, Academia quickly that Groebner basis methods cannot compete against them on random systems
Sinica, (2011-)
over the eld of 2 elements. In 2011, our team dominated the SVP Challenge Hall of Fame,
using the Hadoop distributed computing framework as well as GPUs. The Short Vector (in a
Lattice) Problem and Multivariate Quadratic Problem are important problems, both in and
of themselves, and have many other implications.
There is always a tradeo of security against speed. E cient implementation of cryptography is therefore extremely important in that
only fast enough applications will get used. One unfortunate di erence when programming for crypto applications is that compiling
C usually yields suboptimal code, because cryptographers are not the intended clientele of vendors. Another unique aspect of cryp-
tography is that, to conform to the security model, data ow from secrets to observables must be avoided. As such, we cannot read
with a secret index from a table, and cannot branch depending on secret data. Pragmatically, this also means no bugs. Correctness is as
important as speed. We have contributed to the high-speed, high-security Curve25519 elliptic curve cryptosystem, which is being used
by Apple and Google; our code was recently formally veri ed to be correct.
Publications
1. C. Bouillaguet, C.-M. Cheng, T. Chou, R. Niederhagen and 7. C. Bouillaguet, H.-C. K. Chen, C.-M. Cheng, T. Chou, R. Nie-
B.-Y. Yang, Fast Exhaustive Search for Quadratic Systems in derhagen, A. Shamir, and B.-Y. Yang, Fast Exhaustive Search
F_2 on FPGAs, SAC 2013, LNCS 8282, pp. 205-222 for Polynomial Systems in F_2 , CHES 2010, LNCS 6225,
pp. 203-218.
2. T. Chou, C.-M. Cheng, R. Niederhagen, and B.-Y. Yang, Solv-
ing Quadratic Equations with XL on Parallel Architectures, 8. Y.-H. Lin, A. Studer, Y.-H. Chen, H.-C. Hsiao, E. L.-H. Kuo,
CHES 2012, LNCS 7428, pp. 356-373. J. Lee, J. McCune, K.-H. Wang, M. Krohn, A. Perrig, B.-Y.
Yang, H.-M. Sun, and P.-L. Lin, SPATE: Small-group PKI-
3. D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. less Authenticated Trust Establishment, IEEE Trans on Mo-
Yang, High-speed high-security signatures, Journal of Cryp- bile Computing 9:12(2010), pp. 1666-1681. Invited as best
tographic Engineering 2:2(2012), pp. 77-89. Invited paper paper of MobiSys 2009.
from CHES 2011, LNCS 6917, pp. 124-142.
9. D. J. Bernstein, T.-R. Chen, C.-M. Cheng, T. Lange, and B.-Y.
4. F.-H. Liu, Y.-J. Huang, and B.-Y. Yang, Public-Key Cryptog- Yang, ECM on Graphics Cards, Eurocrypt 2009, LNCS 5479,
raphy from New Multivariate Quadratic Assumptions, PKC pp. 483-501.
2012, and LNCS 7293, pp. 190-205.
10. A. I.-T. Chen, M.-S. Chen, T.-R. Chen, C.-M. Cheng, J. Ding,
5. P.-C. Kuo, M. Schneider, ? Dagdelen, J. Reichelt, J. Buch-
E. L.-H. Kuo, F. Y.-S. Lee, and B.-Y. Yang, SSE Implementa-
mann, C.-M. Cheng, and B.-Y. Yang, Extreme Enumeration
tion of Multivariate PKCs on Modern x86 CPUs, CHES 2009,
on GPU and in Clouds, CHES 2011, LNCS 6917, pp. 176-
pp. 33-48, LNCS 5747.
191.
6. K.-M. Chung, F.-H. Liu, C.-J. Lu, and B.-Y. Yang, Efficient
String-Commitment from Weak Bit-Commitment, Asiacrypt
2010, LNCS 6477, pp. 268-282.
84 研究人員 Research Faculty