Differential and Higher Order Attacks.- A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter.- Gaussian Mixture Models for Higher-Order Side Channel Analysis.- Side Channel Cryptanalysis of a Higher Order Masking Scheme.- Random Number Generation and Device Identification.- High-Speed True Random Number Generation with Logic Gates Only.- FPGA Intrinsic PUFs and Their Use for IP Protection.- Logic Styles: Masking and Routing.- Evaluation of the Masked Logic Style MDPL on a Prototype Chip.- Masking and Dual-Rail Logic Don't Add Up.- DPA-Resistance Without Routing Constraints?.- Efficient Algorithms for Embedded Processors.- On the Power of Bitslice Implementation on Intel Core2 Processor.- Highly Regular Right-to-Left Algorithms for Scalar Multiplication.- MAME: A Compression Function with Reduced Hardware Requirements.- Collision Attacks and Fault Analysis.- Collision Attacks on AES-Based MAC: Alpha-MAC.- Secret External Encodings Do Not Prevent Transient Fault Analysis.- Two New Techniques of Side-Channel Cryptanalysis.- High Speed AES Implementations.- AES Encryption Implementation and Analysis on Commodity Graphics Processing Units.- Multi-gigabit GCM-AES Architecture Optimized for FPGAs.- Public-Key Cryptography.- Arithmetic Operators for Pairing-Based Cryptography.- FPGA Design of Self-certified Signature Verification on Koblitz Curves.- How to Maximize the Potential of FPGA Resources for Modular Exponentiation.- Implementation Cost of Countermeasures.- TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks.- Power Analysis Resistant AES Implementation with Instruction Set Extensions.- Security Issues for RF and RFID.- Power and EM Attacks on Passive RFID Devices.- RFID Noisy Reader How to Prevent from Eavesdropping on the Communication?.- RF-DNA: Radio-Frequency Certificates of Authenticity.- Special Purpose Hardware for Cryptanalysis.- CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method.- Collision Search for Elliptic Curve Discrete Logarithm over GF(2 m ) with FPGA.- A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations.- Side Channel Analysis.- Differential Behavioral Analysis.- Information Theoretic Evaluation of Side-Channel Resistant Logic Styles.- Problems and Solutions for Lightweight Devices.- On the Implementation of a Fast Prime Generation Algorithm.- PRESENT: An Ultra-Lightweight Block Cipher.- Cryptographic Hardware and Embedded Systems - CHES 2007.

Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings

Low Cost Cryptography.- Quark: A Lightweight Hash.- PRINTcipher: A Block Cipher for IC-Printing.- Sponge-Based Pseudo-Random Number Generators.- Efficient Implementations I.- A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over .- Co-Z Addition Formulae and Binary Ladders on Elliptic Curves.- Efficient Techniques for High-Speed Elliptic Curve Cryptography.- Side-Channel Attacks and Countermeasures I.- Analysis and Improvement of the Random Delay Countermeasure of CHES 2009.- New Results on Instruction Cache Attacks.- Correlation-Enhanced Power Analysis Collision Attack.- Side-Channel Analysis of Six SHA-3 Candidates.- Tamper Resistance and Hardware Trojans.- Flash Memory 'Bumping' Attacks.- Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection.- When Failure Analysis Meets Side-Channel Attacks.- Efficient Implementations II.- Fast Exhaustive Search for Polynomial Systems in .- 256 Bit Standardized Crypto for 650 GE - GOST Revisited.- Mixed Bases for Efficient Inversion in and Conversion Matrices of SubBytes of AES.- SHA-3.- Developing a Hardware Evaluation Method for SHA-3 Candidates.- Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs.- Performance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures.- XBX: eXternal Benchmarking eXtension for the SUPERCOP Crypto Benchmarking Framework.- Fault Attacks and Countermeasures.- Public Key Perturbation of Randomized RSA Implementations.- Fault Sensitivity Analysis.- PUFs and RNGs.- An Alternative to Error Correction for SRAM-Like PUFs.- New High Entropy Element for FPGA Based True Random Number Generators.- The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes.- New Designs.- Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs.- ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware.- Side-Channel Attacks and Countermeasures II.- Provably Secure Higher-Order Masking of AES.- Algebraic Side-Channel Analysis in the Presence of Errors.- Coordinate Blinding over Large Prime Fields.

Cryptographic hardware and embedded systems : CHES 2010 : 12th international workshop, Santa Barbara, USA, August 17-20, 2010 : proceedings

Side-Channel Analysis 1.- Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform.- Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs.- Multiple-Differential Side-Channel Collision Attacks on AES.- Implementations 1.- Time-Area Optimized Public-Key Engines: -Cryptosystems as Replacement for Elliptic Curves?.- Ultra High Performance ECC over NIST Primes on Commercial FPGAs.- Exploiting the Power of GPUs for Asymmetric Cryptography.- Fault Analysis 1.- High-Performance Concurrent Error Detection Scheme for AES Hardware.- A Lightweight Concurrent Fault Detection Scheme for the AES S-Boxes Using Normal Basis.- RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks.- Random Number Generation.- A Design for a Physical RNG with Robust Entropy Estimators.- Fast Digital TRNG Based on Metastable Ring Oscillator.- Efficient Helper Data Key Extractor on FPGAs.- Side-Channel Analysis 2.- The Carry Leakage on the Randomized Exponent Countermeasure.- Recovering Secret Keys from Weak Side Channel Traces of Differing Lengths.- Attacking State-of-the-Art Software Countermeasures-A Case Study for AES.- Cryptography and Cryptanalysis.- Binary Edwards Curves.- A Real-World Attack Breaking A5/1 within Hours.- Hash Functions and RFID Tags: Mind the Gap.- Implementations 2.- A New Bit-Serial Architecture for Field Multiplication Using Polynomial Bases.- A Very Compact Hardware Implementation of the MISTY1 Block Cipher.- Light-Weight Instruction Set Extensions for Bit-Sliced Cryptography.- Fault Analysis 2.- Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration.- RFID and Its Vulnerability to Faults.- Perturbating RSA Public Keys: An Improved Attack.- Side-Channel Analysis 3.- Divided Backend Duplication Methodology for Balanced Dual Rail Routing.- Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages.- Mutual Information Analysis.- Invited Talks.- RSA-Past, Present, Future.- A Vision for Platform Security.

Cryptographic hardware and embedded systems : CHES 2008 : 10th International Workshop, Washington, D.C., USA, August 10-13, 2008 : proceedings

Cache-based attacks are a class of side-channel attacks that are particularly effective in virtualized or cloud-based environments, where they have been used to recover secret keys from cryptographic implementations. One common approach to thwart cache-based attacks is to use constant-time implementations, i.e., which do not branch on secrets and do not perform memory accesses that depend on secrets. However, there is no rigorous proof that constant-time implementations are protected against concurrent cache-attacks in virtualization platforms with shared cache; moreover, many prominent implementations are not constant-time. An alternative approach is to rely on system-level mechanisms. One recent such mechanism is stealth memory, which provisions a small amount of private cache for programs to carry potentially leaking computations securely. Stealth memory induces a weak form of constant-time, called S-constant-time, which encompasses some widely used cryptographic implementations. However, there is no rigorous analysis of stealth memory and S-constant-time, and no tool support for checking if applications are S-constant-time. We propose a new information-flow analysis that checks if an x86 application executes in constant-time, or in S-constant-time. Moreover, we prove that constant-time (resp. S-constant-time) programs do not leak confidential information through the cache to other operating systems executing concurrently on virtualization platforms (resp. platforms supporting stealth memory). The soundness proofs are based on new theorems of independent interest, including isolation theorems for virtualization platforms (resp. platforms supporting stealth memory), and proofs that constant-time implementations (resp. S-constant-time implementations) are non-interfering with respect to a strict information flow policy which disallows that control flow and memory accesses depend on secrets. We formalize our results using the Coq proof assistant and we demonstrate the effectiveness of our analyses on cryptographic implementations, including PolarSSL AES, DES and RC4, SHA256 and Salsa20.

/pdf/system-level-non-interference-for-constant-time-cryptography-88fzs8p7z7.pdf

System-level Non-interference for Constant-time Cryptography

Recent works show that a combination of perturbation and observation attacks on symmetric ciphers thwarts state-of-the-art countermeasures. In this paper, we first propose a new way - to our knowledge - to classifyfault attacks against block ciphers, allowing us to exhibit their capacity to be combined with observation attacks. We then present a set of common protections against side-channel and fault attacks, namely higher-order masking schemes, detection and infection countermeasures, and how they can be combined. We show that the combination of a higher-order maskingscheme and a detection countermeasure can actually be defeated by a slight variant of the combined attack of Roche et al., even if one applies their patch. Furthermore, we also demonstrate that none of the published infection countermeasures is robust against fault attacks. Finally, using randomness, we propose a set of enhanced countermeasures that thwart considered threats.

/pdf/on-the-need-of-randomness-in-fault-attack-countermeasures-2lwn38g6xt.pdf

On the Need of Randomness in Fault Attack Countermeasures - Application to AES

Since the early work of Piret and Quisquater on fault attacks against AES at CHES 2003, many works have been devoted to reduce the number of faults and to improve the time complexity of this attack. This attack is very efficient as a single fault is injected on the third round before the end, and then it allows to recover the whole secret key in 232 in time and memory. However, since this attack, it is an open problem to know if provoking a fault at a former round of the cipher allows to recover the key. Indeed, since two rounds of AES achieve a full diffusion and adding protections against fault attack decreases the performance, some countermeasures propose to protect only the three first and last rounds. In this paper, we give an answer to this problem by showing two practical cryptographic attacks on one round earlier of AES-128 and for all keysize variants. The first attack requires 10 faults and its complexity is around 240 in time and memory, an improvement allows only 5 faults and its complexity in memory is reduced to 2224 while the second one requires either 1000 or 45 faults depending on fault model and recovers the secret key in around 2240 in time and memory.

/pdf/meet-in-the-middle-and-impossible-differential-fault-2iyn00teqe.pdf

Meet-in-the-middle and impossible differential fault analysis on AES

Fault attacks have been developed in the cryptographic community to extract secret information on hardware implementations. They have also been used to bypass security checks during authentication processes for example. Here, we show that they can be exploited to make more damage, taking the control of a machine as buffer overflow attacks do for instance. In this short paper, we demonstrate by using one example that countermeasures against buffer overflow must also be used for software running on embedded processors.

/pdf/using-faults-for-buffer-overflow-effects-5eqlxz2cgs.pdf

Using faults for buffer overflow effects

In this paper, we present several efficient fault attacks against implementations of RSA–CRT signatures that use modular exponentiation algorithms based on Montgomery multiplication. They apply to any padding function, including randomized paddings, and as such are the first fault attacks effective against RSA–PSS. The new attacks are based on the assumption that a small register can be forced to either zero, or a constant value, or a value with zero high-order bits. We show that these models are quite realistic, as such faults can be achieved against many proposed hardware designs for RSA signatures.

/pdf/attacking-rsa-crt-signatures-with-faults-on-montgomery-3b1tpxsums.pdf

Attacking RSA–CRT signatures with faults on montgomery multiplication

In this paper we present an attack that recovers the whole internal state of RC4 using a cache timing attack model first introduced in the cache timing attack of Osvik, Shamir and Tromer against some highly efficient AES implementations. In this model, the adversary can obtain some information related to the elements of a secret state used during the encryption process. Zenner formalized this model for LFSRbased stream ciphers.

In this theoretical model inspired from practical attacks, we propose a new state recovery analysis on RC4 using a belief propagation algorithm. The algorithm works well and its soundness is proved for known or unknown plaintext and only requires that the attacker queries the RC4 encryption process byte by byte for a practical attack. Depending on the processor, our simulations show that we need between 300 to 1,300 keystream bytes and a computation time of less than a minute.

/pdf/cache-timing-analysis-of-rc4-4dgv7jr0kg.pdf

Cache timing analysis of RC4

In this paper, we present several efficient fault attacks against implementations of RSA–CRT signatures that use modular exponentiation algorithms based on Montgomery multiplication. They apply to any padding function, including randomized paddings, and as such are the first fault attacks effective against RSA–PSS. The new attacks work provided that a small register can be forced to either zero, or a constant value, or a value with zero high-order bits. We show that these models are quite realistic, as such faults can be achieved against many proposed hardware designs for RSA signatures.

/pdf/attacking-rsa-crt-signatures-with-faults-on-montgomery-1455m94hmt.pdf

Delphine Leresteux

Papers

Meet-in-the-middle and impossible differential fault analysis on AES

Using faults for buffer overflow effects

Attacking RSA–CRT signatures with faults on montgomery multiplication

Cache timing analysis of RC4

Attacking RSA-CRT Signatures with Faults on Montgomery Multiplication.