D
Dag Arne Osvik
Researcher at École Polytechnique Fédérale de Lausanne
Publications - 17
Citations - 3886
Dag Arne Osvik is an academic researcher from École Polytechnique Fédérale de Lausanne. The author has contributed to research in topics: Encryption & Cryptographic primitive. The author has an hindex of 13, co-authored 17 publications receiving 3547 citations.
Papers
More filters
Posted Content
Cache attacks and Countermeasures: the Case of AES.
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Book ChapterDOI
Cache attacks and countermeasures: the case of AES
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Journal ArticleDOI
Efficient Cache Attacks on AES, and Countermeasures
TL;DR: An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache.
Book ChapterDOI
Factorization of a 768-bit RSA modulus
Thorsten Kleinjung,Kazumaro Aoki,Jens Franke,Arjen K. Lenstra,Emmanuel Thomé,Joppe W. Bos,Pierrick Gaudry,Alexander Kruppa,Peter L. Montgomery,Dag Arne Osvik,Herman J. J. te Riele,Andrey Timofeev,Paul Zimmermann +12 more
TL;DR: In this paper, the authors report on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discuss some implications for RSA.
Book ChapterDOI
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
Marc Stevens,Alexander Sotirov,Jacob Appelbaum,Arjen K. Lenstra,David Molnar,Dag Arne Osvik,Benne de Weger +6 more
TL;DR: A more flexible family of differential paths and a new variable birthdaying search space are described, leading to just three pairs of near-collision blocks to generate the collision, enabling construction of RSA moduli that are sufficiently short to be accepted by current CAs.