There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.

Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

I and i

1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.

The Design of Rijndael: AES - The Advanced Encryption Standard

After two decades of research and development, elliptic curve cryptography now has widespread exposure and acceptance. Industry, banking, and government standards are in place to facilitate extensive deployment of this efficient public-key mechanism. Anchored by a comprehensive treatment of the practical aspects of elliptic curve cryptography (ECC), this guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures. Readers receive the theoretical fundamentals as an underpinning for a wealth of practical and accessible knowledge about efficient application. Features & Benefits: * Breadth of coverage and unified, integrated approach to elliptic curve cryptosystems * Describes important industry and government protocols, such as the FIPS 186-2 standard from the U.S. National Institute for Standards and Technology * Provides full exposition on techniques for efficiently implementing finite-field and elliptic curve arithmetic* Distills complex mathematics and algorithms for easy understanding* Includes useful literature references, a list of algorithms, and appendices on sample parameters, ECC standards, and software toolsThis comprehensive, highly focused reference is a useful and indispensable resource for practitioners, professionals, or researchers in computer science, computer engineering, network design, and network data security.

https://cdn.preterhuman.net/texts/cryptography/Hankerson,%20Menezes,%20Vanstone.%20Guide%20to%20elliptic%20curve%20cryptography%20(Springer,%202004)(ISBN%20038795273X)(332s)_CsCr_.pdf

Guide to Elliptic Curve Cryptography

National Institute of Standards and Technology における超伝導研究及び生活

The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

[서평]「Applied Cryptography」

The threat of inserting hardware Trojans during the design, production, or in-field poses a danger for integrated circuits in real-world applications. A particular critical case of hardware Trojans is the malicious manipulation of third-party FPGA configurations. In addition to attack vectors during the design process, FPGAs can be infiltrated in a non-invasive manner after shipment through alterations of the bitstream. First, we present an improved methodology for bitstream file format reversing. Second, we introduce a novel idea for Trojan insertion.

https://dl.acm.org/doi/pdf/10.1145/3287624.3288742

Insights into the mind of a trojan designer: the challenge to integrate a trojan into the bitstream

Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device’s side-channel leakage can be exploited.

/pdf/the-first-thorough-side-channel-hardware-trojan-qbnrt2970y.pdf

The First Thorough Side-Channel Hardware Trojan

This paper explores the resistance of MOS Current Mode Logic (MCML) against attacks based on the observation of the power consumption. Circuits implemented in MCML, in fact, have unique characteristics both in terms of power consumption and the dependency of the power profile from the input signal pattern. Therefore, MCML is suitable to protect cryptographic hardware from Differential Power Analysis and similar side-channel attacks.

In order to demonstrate the effectiveness of different logic styles against power analysis attacks, two full cores implementing the AES algorithm were realized and implemented with CMOS and MCML technology, and a set of different types of attack was performed using power traces derived from SPICE-level simulations. Although all keys were discovered for CMOS, MCML traces did not presents characteristic that can lead to a successful attack.

/pdf/evaluating-resistance-of-mcml-technology-to-power-analysis-3npu4cnd2k.pdf

Evaluating Resistance of MCML Technology to Power Analysis Attacks Using a Simulation-Based Methodology

Cryptographic primitives need to be carefully evaluated when being applied in components ensuring enhanced protection aims. This work analyses the performance of RSA- and ECDSA-based digital signature schemes in the context of multi-hop ad hoc networks. Our work shows that contrary to a single wireless hop scenario with restricted clients in the wireless network and a powerful server in the fixed network, the choice of an appropriate signature candidate is not as obvious as for the aforementioned architecture. Our performance analysis considers three partially interdependent axes (a) the required security level, (b) the device restriction and (c) the protocol specification with the required security relationships, and the assumed traffic flow. We take (c) into account by analysing two charging protocols for wireless multi-hop scenarios. By generalising our observations, we carefully derive some recommendations to strengthen the security engineering process for dependable distributed systems over the wireless network. Copyright © 2005 AEIT.

On digital signatures in ad hoc networks

In this paper we introduce an efficient authentication mechanism especially designed for navigation systems that is based upon the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) algorithm We analyze the different attack scenarios on navigation systems and show that it is only necessary to authenticate the source and time of the signals to enable a secure position determination Traditional message authentication is only needed to prevent counterfeit correction message attacks With this knowledge and a detailed security analysis of the needed key size, we developed adjusted TESLA, an authentication mechanisms that can authenticate the source and time-messages using only 80 bits One of the reasons why we can use such a small authentication message is due to the insertion of a timestamp into the generation of the one-way chains This significantly increases the security of adjusted TESLA compared to the original TESLA and enables us to use a smaller key size
Adjusted TESLA has a about a 75% smaller size than traditional digital signatures that have signature sizes of at least 320 bits To prevent counterfeit correction message attacks additional 32 or 40 bits are needed for the transmission of a MAC But this is still an improvement of at least 625% compared to digital signatures or the first proof-of-concept implementation of TESLA in eLORAN This enables us to significantly improve the security of navigation systems by using only a very small data rate We propose the use of adjusted TESLA in eLORAN With this security improvement and LORAN’s strength against over-the-air attacks, eLORAN will not only be a backup for current GNSS systems, but will be a real alternative for current civil GNSS systems in application that require the highest possible security level against attacks

Christof Paar

Papers

Insights into the mind of a trojan designer: the challenge to integrate a trojan into the bitstream

The First Thorough Side-Channel Hardware Trojan

Evaluating Resistance of MCML Technology to Power Analysis Attacks Using a Simulation-Based Methodology

On digital signatures in ad hoc networks

Efficient Authentication Mechanisms for Navigation Systems - a Radio-Navigation Case Study