Cryptographic Hardware and Embedded Systems -- CHES 2011
13th International Workshop, Nara, Japan, September 28 -- October 1, 2011, Proceedings
Published on 28. September 2011
XIV, 524 pages
978-3-642-23951-9 (ISBN)
Description
This book constitutes the proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2011, held in Nara, Japan, from September 28 until October 1, 2011.
The 32 papers presented together with 1 invited talk were carefully reviewed and selected from 119 submissions. The papers are organized in topical sections named: FPGA implementation; AES; elliptic curve cryptosystems; lattices; side channel attacks; fault attacks; lightweight symmetric algorithms, PUFs; public-key cryptosystems; and hash functions.
More details
Other editions
Additional editions
Bart Preneel | Tsuyoshi Takagi
Cryptographic Hardware and Embedded Systems -- CHES 2011
13th International Workshop, Nara, Japan, September 28 -- October 1, 2011, Proceedings
Book
09/2011
1st Edition
Springer
€53.49
Shipment within 7-9 days
Content
- Title
- Preface
- CHES 2011
- Table of Contents
- FPGA Implementation
- An Exploration of Mechanisms for Dynamic Cryptographic Instruction Set Extension
- Introduction
- Background and Analysis
- PREON: A LEON3-Based Experimental Prototype
- Re-configurable Fabric
- Instruction Register File
- Evaluation of Cryptographic Workloads
- Re-configurable Fabric
- Instruction Register File
- Combined Utilisation
- Issues Relating to Practical Deployment
- Conclusions
- References
- FPGA-Based True Random Number Generation Using Circuit Metastability with Adaptive Feedback Control
- Introduction
- Related Work
- Programmable Delay Lines
- Metastability
- TRNG System Design
- Experimental Results
- Conclusion
- References
- Generic Side-Channel Countermeasures for Reconfigurable Devices
- Introduction
- Generic Countermeasures for FPGAs
- Generating Gaussian Noise
- Clock Randomization (CR)
- Preventing Clock Frequency Manipulations (PCM)
- Block Memory Content Scrambling (BMS)
- Case Study
- Reference Architecture
- Measurement Setup and Attack Model
- Evaluation and Results
- Noise Generators
- Clock Randomizing
- Block Memory Content Scrambling
- Combining Countermeasures
- Conclusion
- References
- AES
- Improved Collision-Correlation Power Analysis on First Order Protected AES
- Introduction
- Targeted Implementations
- Blinded Lookup Table
- Blinded Inversion Calculation
- Measurements and Validation of Implementations
- Description of Our Attacks
- The Collision-Correlation Method
- Attack on the Blinded Lookup Table Implementation
- Attack on the Blinded Inversion Implementation
- Comparison with Second Order Analysis
- Countermeasures
- Conclusion
- References
- Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols
- Introduction
- Related Works
- Our Contribution
- Preliminaries and Multi-party Circuits
- Computation and Adversary Models
- Security in the Probing Adversary Model
- Security in the Gliches Adversary Model
- Secure Multi-party Computation
- Shamir's Secret Sharing Scheme and BGW's Protocol
- SMC Protocol and Multi-party Circuits
- Complexity of the Scheme and Comparison
- Glitches Free HO-Masking of the AES
- Conclusion
- References
- Protecting AES with Shamir's Secret Sharing Scheme
- Introduction
- Shamir's Secret Sharing Scheme
- Higher Order Masking of AES
- Masking Field Operations
- Complexity of the Operations
- Masking the Full S-Box
- Masking the Whole AES
- Security Analysis
- Information Theoretic Analysis
- Higher-Order DPA Evaluation
- Attack Simulations
- Conclusion
- References
- A Fast and Provably Secure Higher-Order Masking of AES S-Box
- Introduction
- Preliminaries
- Advanced Encryption Standard (AES)
- Higher-Order Masking of AES
- The Inversion Operation over a Composite Field
- A Fast and Provably Secure Higher-Order Masking of AES S-Box
- Security Analysis
- Performance Analysis and Implementation Results
- Conclusion
- References
- Elliptic Curve Cryptosystems
- Software Implementation of Binary Elliptic Curves: Impact of the Carry-Less Multiplier on Scalar Multiplication
- Introduction
- Binary Field Arithmetic
- Multiplication
- Squaring, Square-Root and Multi-squaring
- Inversion
- Half-Trace
- Random Binary Elliptic Curves
- Sequential Algorithms for Random Binary Curves
- Parallel Scalar Multiplication on Random Binary Curves
- Side-Channel Resistant Multiplication on Random Binary Curves
- Koblitz Elliptic Curves
- Sequential Algorithms for Koblitz Curves
- Parallel Algorithm for Koblitz Curves
- Experimental Results
- Conclusion and Future Work
- References
- High-Speed High-Security Signatures
- Introduction
- The Signature System
- Fast Arithmetic Modulo 2255-19
- Signing Messages
- Verifying Signatures
- References
- To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order
- Introduction
- Background on Elliptic Curves
- Group Law
- Scalar Multiplication
- Elliptic Curve Points with Low Order Neighbours
- Constructing Points of Given Order
- Constructing Points with Low Order Neighbours
- Combined Attack Using Low Order Neighbours
- Full Domain Correctness
- Partial Domain Correctness
- Analysis of the Attack
- Analysis of Assumptions
- Scalar Multiplication
- Common DSCA and FA Countermeasures
- Curves over Finite Fields of Characteristic Two
- Conclusions
- References
- Lattices
- Random Sampling for Short Lattice Vectors on Graphics Cards
- Introduction
- Previous Results
- Our Contribution
- Organization of the Paper
- Preliminaries
- Random Sampling
- GPU Computation
- GPU Algorithm CUDA-SSR
- Parallel Implementation of Subroutine Sample
- Experimental Results
- Comparison of CUDA-SSR and BKZ
- Comparison of GPU and CPU Variant of SSR
- Conclusion and Further Work
- References
- Extreme Enumeration on GPU and in Clouds - How Many Dollars You Need to Break SVP Challenges -
- Introduction
- Preliminaries
- Lattices, Algorithms, and SVP
- Enumeration and Extreme Pruning
- Cloud Computing, Amazon EC2, and GPU
- Implementation
- Bounding Function
- Parallelization of Extreme Pruning Using GPU and Clouds
- Experimental Results
- GPU Implementation
- MapReduce Implementation
- Final Pricing
- Concluding Remarks and Further Work
- References
- Modulus Fault Attacks against RSA-CRT Signatures
- Introduction
- RSA-CRT Signatures
- Fault Attacks on RSA-CRT Signatures
- Our Contribution
- Related Work
- Roadmap
- The New Attack
- Overview
- Applying Orthogonal Lattice Techniques
- Attack Summary
- Simulation Results
- Extending the Attack to Unknown Faulty Moduli
- Single Byte Faults
- Faults on Many Least Significant Bits
- Practical Experiments
- First Scenario: Known Modulus
- Second Scenario: Unknown Single Byte Fault
- Third Scenario: Unknown Least Significant Bytes Faults
- Countermeasures and Further Research
- References
- Side Channel Attacks
- Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World
- Introduction
- Related Work
- Contribution of this Paper
- Demodulation for SCA of Contactless Smartcards
- Measurement Setup
- Practical Results: Profiling of Mifare DESFire MF3ICD40
- Practical Attack: CPA of the 3DES Engine
- Full Key-Recovery
- Practical Attack: Template Attack on the Key Transfer
- Conclusion
- References
- Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box
- Introduction
- Previous Works
- Performance Analysis
- Side-Channel Attacks
- Notations, Metrics and Tools
- Leakage Traces
- Information Theoretic Analysis
- Security Analysis
- Discussion and Open Questions
- References
- Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings
- Introduction
- Related Works
- Our Results
- Road Map
- Basics and Notations
- Notations
- Basics on Masking
- Higher-Order Masking
- Core Idea
- Issue 1: Mapping Elements of GF(2n)m Into (GF(2n))m
- Issue 2: Conversion Functions
- Full Scheme
- Application to the AES
- Conclusion
- References
- Extractors against Side-Channel Attacks: Weak or Strong?
- Introduction
- Low Complexity Extractor
- Hardware Implementation
- Adversarial Capabilities and Leakage Assumptions
- Information Theoretic Analysis
- Single Sample Attacks, Serial Implementation
- Multi-sample Attacks, Serial Implementation
- Decreasing the Leakage by Reducing t
- Security Analysis
- Identifying Multiple Samples
- Attacking the Masking
- Conclusions
- References
- Invited Talk
- Standardization Works for Security Regarding the Electromagnetic Environment
- Fault Attacks
- Meet-in-the-Middle and Impossible Differential Fault Analysis on AES
- Introduction
- Backgrounds and Previous Attacks
- Description of the AES
- Previous Differential Fault Analysis
- Meet-in-the-Middle Fault Analysis on AES-128
- From Fault Path to Differential Fault Equations
- Recovery K10
- Cost and Complexity
- Reduction of Memory Requirement
- Impossible Differential Fault Attack on AES-128
- From Impossible Differential to Inequation System
- Recovery Steps
- Property of Recombination
- Theoretical and Simulation Results
- Extension to AES-192 and AES-256
- Meet-in-the-Middle Fault Analysis on AES-192 and AES-256
- Impossible Differential Fault Analysis on AES-192 and AES-256
- Conclusion
- References
- On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
- Introduction
- Preliminaries
- Fault Sensitivity Analysis
- Correlation Collision Attack
- Combinations
- Experimental Setup
- Option 1: Colliding Faulty Ciphertext Distributions
- Model and Attack Concept
- Attack Scheme
- Practical Results
- Observations
- Option 2: Colliding Timing Characteristics
- How to Measure the Timing
- Definitions
- Attack Scheme
- Practical Results
- Conclusions
- References
- Lightweight Symmetric Algorithms
- spongent: A Lightweight Hash Function
- Introduction
- Motivation
- Design Considerations for a Lightweight Hash Function
- Organization of the Paper
- The Design of spongent
- Permutation-Based Sponge Construction
- Parameters
- present-type Permutation
- Design Rationale
- Security Analysis
- Resistance against Differential Cryptanalysis
- Collision Attacks
- Linear Attacks
- Hardware Implementations
- Conclusion
- References
- The LED Block Cipher
- Introduction
- Design Approach and Specifications
- Specification of LED
- Security Analysis
- The Key Schedule
- Differential/Linear Cryptanalysis
- Cube Testers and Algebraic Attacks
- Other Cryptanalysis
- LED in a Hash Function Setting
- Performance and Comparison
- Hardware Implementation
- Software Implementation
- Conclusion
- References
- Piccolo: An Ultra-Lightweight Blockcipher
- Introduction
- Specification
- Notations
- Data Processing Part
- Key Scheduling Part
- Design Rationale
- Security Analysis
- Implementation Aspects
- Optimization in Key Scheduling Part
- Optimization in Data Processing Part
- Hardware Performance
- Security against Side Channel Attacks
- Conclusion
- References
- PUFs
- Lightweight and Secure PUF Key Storage Using Limits of Machine Learning
- Introduction
- Contributions
- Related Works
- Organization
- PUFs with Lightweight Error Correction
- Empirical Viability of Lightweight Error Correction
- Implementation Complexity
- Stability
- Secure Constructions
- Unlearnable Bits
- Leaked Bits (LB)
- Secure Construction Examples
- Conclusions
- References
- Recyclable PUFs: Logically Reconfigurable PUFs
- Introduction
- Background: Physically Unclonable Functions (PUFs)
- Logically Reconfigurable PUFs
- System Model
- Assumptions and Adversary Model
- Security Objectives
- Constructions
- Speed-Optimized LR-PUF Construction
- Area-Optimized LR-PUF Construction.
- Implementation and Performance Evaluation
- Security Definitions and Evaluation
- Applications
- LR-PUF-Based Authentication Tokens
- Other Applications Envisaged
- Conclusion
- References
- Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
- Introduction
- Conventional Methods
- Conv. Mtd (1): Generation of Responses from a BPUF
- Conv. Mtd (2): Implementation of RS Latches on FPGAs
- Proposed Methods
- Proposed Mtd (1): Use of the Locations of Random Latches
- Proposed Mtd (2): Increasing the Number of Random Latches
- Performance Evaluation
- Experimental Environment
- Experimental Results
- Conclusion
- References
- MECCA: A Robust Low-Overhead PUF Using Embedded Memory Array
- Introduction
- Related Work
- MECCA PUF
- Simulation Results and Analysis
- Conclusion
- References
- Public-Key Cryptosystems
- FPGA Implementation of Pairings Using Residue Number System and Lazy Reduction
- Introduction and Motivation
- Optimal Ate Pairings
- Pairings on Barreto-Naehrig Curves
- Pairing Computation and Parameter Selection
- Residue Number System
- RNS Montgomery Reduction
- Base Extension
- Design I: A Scalable Architecture
- Cox-Rower Architecture
- Cox-Rower Parametrization for Pairing
- Pipeline Architecture
- Design II: Hardware/Algorithm Co-optimization
- Base Selection Revisited
- A Fine-tuned Rower for Pairing Computation
- Scheduling the Pairing Algorithm
- Arithmetic in Fp2: Back to the Schoolbook Method
- Arithmetic in Fp12: Interpolation with Parsimony
- Fp Inversion
- Higher Level Scheduling
- Implementation Results and Analysis
- Area
- Performance
- Comparison and Discussion
- Conclusions
- References
- High Speed Cryptoprocessor for ?T Pairing on 128-bit Secure Supersingular Elliptic Curves over Characteristic Two Fields
- Introduction
- The F21223-Multiplier
- Serial Use of 306-bit Parallel Multiplier
- The T Pairing Cryptoprocessor over F21223
- Computation of Miller's Loop
- Computation of Final Exponentiation
- Results
- Comparison with Existing Designs
- Conclusion
- References
- Fast Multi-precision Multiplication for Public-Key Cryptography on Embedded Microprocessors
- Introduction
- Related Work
- Multi-precision Multiplication Techniques
- Operand-Scanning Method
- Product-Scanning Method
- Hybrid Method
- Operand-Caching Method
- Results
- Conclusions
- References
- Small Public Keys and Fast Verification for Multivariate Quadratic Public Key Systems
- Introduction
- Achievement
- Organization
- Multivariate Quadratic Cryptography
- Notation
- Unbalanced Oil and Vinegar
- Reviewing Cyclic Keys
- Security of UOV
- The New Construction
- Message Recovery Attacks
- Choice of B
- Ordering of Monomials
- Efficiency of the Verification Process
- Security of 0/1 UOV
- Parameters and Implementation
- Conclusion
- References
- Hash Functions
- Throughput vs. Area Trade-offs in High-Speed Architectures of Five Round 3 SHA-3 Candidates Implemented Using Xilinx and Altera FPGAs
- Introduction
- Previous Work
- Performance Metrics
- Investigated Hardware Architectures
- Design Methodology and Design Environment
- Results
- Conclusions
- References
- Efficient Hashing Using the AES Instruction Set
- Introduction
- Preliminaries
- Implementations of the Target Algorithms
- Blockcipher-Based Constructions
- Permutation-Based Constructions
- Discussion and Conclusion
- References
- Author Index
