Search

Your search keyword '"Standaert, François-Xavier"' showing total 26 results
Start Over Author "Standaert, François-Xavier" Topic side-channel attacks

Refine your results

more »

more »

26 results on '"Standaert, François-Xavier"'

1. Systematic Study of Decryption and Re-encryption Leakage: The Case of Kyber

Author

Azouaoui, Melissa, Bronchain, Olivier, Hoffmann, Clément, Kuzovkova, Yulia, Schneider, Tobias, Standaert, François-Xavier, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Balasch, Josep, editor, and O’Flynn, Colin, editor

Published
2022
Full Text
View/download PDF

2. Handcrafting: Improving Automated Masking in Hardware with Manual Optimizations

Author

Momin, Charles, Cassiers, Gaëtan, Standaert, François-Xavier, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Balasch, Josep, editor, and O’Flynn, Colin, editor

Published
2022
Full Text
View/download PDF

3. Key Enumeration from the Adversarial Viewpoint : When to Stop Measuring and Start Enumerating?

Author

Azouaoui, Melissa, Poussier, Romain, Standaert, François-Xavier, Verneuil, Vincent, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Belaïd, Sonia, editor, and Güneysu, Tim, editor

Published
2020
Full Text
View/download PDF

5. maskVerif: Automated Verification of Higher-Order Masking in Presence of Physical Defaults

Author

Barthe, Gilles, Belaïd, Sonia, Cassiers, Gaëtan, Fouque, Pierre-Alain, Grégoire, Benjamin, Standaert, Francois-Xavier, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sako, Kazue, editor, Schneider, Steve, editor, and Ryan, Peter Y. A., editor

Published
2019
Full Text
View/download PDF

6. Fast Side-Channel Security Evaluation of ECC Implementations : Shortcut Formulas for Horizontal Side-Channel Attacks Against ECSM with the Montgomery Ladder

Author

Azouaoui, Melissa, Poussier, Romain, Standaert, François-Xavier, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Polian, Ilia, editor, and Stöttinger, Marc, editor

Published
2019
Full Text
View/download PDF

7. Masking Proofs Are Tight and How to Exploit it in Security Evaluations

Author

Grosso, Vincent, Standaert, François-Xavier, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Nielsen, Jesper Buus, editor, and Rijmen, Vincent, editor

Published
2018
Full Text
View/download PDF

9. Small Tweaks Do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards

Author

Liu, Junrong, Yu, Yu, Standaert, François-Xavier, Guo, Zheng, Gu, Dawu, Sun, Wei, Ge, Yijie, Xie, Xinjun, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Pernul, Günther, editor, Y A Ryan, Peter, editor, and Weippl, Edgar, editor

Published
2015
Full Text
View/download PDF

10. From New Technologies to New Solutions : Exploiting FRAM Memories to Enhance Physical Security

Author

Kerckhof, Stéphanie, Standaert, François-Xavier, Peeters, Eric, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Francillon, Aurélien, editor, and Rohatgi, Pankaj, editor

Published
2014
Full Text
View/download PDF

11. Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Author

Medwed, Marcel, Petit, Christoph, Regazzoni, Francesco, Renauld, Mathieu, Standaert, François-Xavier, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and Prouff, Emmanuel, editor

Published
2011
Full Text
View/download PDF

14. Automated Verification of Higher-Order Masking in Presence of Physical Defaults

Author

Barthe, Gilles, Belaïd, Sonia, Cassiers, Gaëtan, Fouque, Pierre-Alain, Grégoire, Benjamin, Standaert, François-Xavier, Institute IMDEA Software [Madrid], Max Planck Institute for Security and Privacy [Bochum] (MPI Security and Privacy), CryptoExperts, Université Catholique de Louvain = Catholic University of Louvain (UCL), EMbedded SEcurity and Cryptography (EMSEC), SYSTÈMES LARGE ÉCHELLE (IRISA-D1), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Sûreté du logiciel et Preuves Mathématiques Formalisées (STAMP), Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), and Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)

Subjects
Automated verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Physical Defaults, Side-Channel Attacks, Maskverif, Composability, Glitches, Masking Countermeasure
Abstract

International audience; Power and electromagnetic based side-channel attacks are serious threats against the security of cryptographic embedded devices. In order to mitigate these attacks, implementations use countermeasures, among which masking is currently the most investigated and deployed choice. Unfortunately, commonly studied forms of masking rely on underlying assumptions that are difficult to satisfy in practice. This is due to physical defaults, such as glitches or transitions, which can recombine the masked data in a way that concretely reduces an implementation's security. We develop and implement an automated approach for verifying security of masked implementations in presence of physical defaults (glitches or transitions). Our approach helps to recover the main strengths of masking: rigorous foundations, composability guarantees, automated verification under more realistic assumptions. Our work follows the approach of (Barthe et al, EUROCRYPT 2015) and thus contributes to demonstrate the benefits of language-based approaches (specifically probabilistic information flow) for masking.

Published
2019
Full Text
View/download PDF

15. Side-Channel Attacks Against the Human Brain: the PIN Code Case Study

Author

Lange, Joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
0301 basic medicine, High probability, The PIN code case, Computer science, Side-channel attacks, Computer security, computer.software_genre, 03 medical and health sciences, Adversarial system, 030104 developmental biology, 0302 clinical medicine, Entropy (information theory), Side channel attack, computer, 030217 neurology & neurosurgery, Brain–computer interface
Abstract

We revisit the side-channel attacks with Brain-Computer Interfaces (BCIs) first put forward by Martinovic et al. at the USENIX 2012 Security Symposium. For this purpose, we propose a comprehensive investigation of concrete adversaries trying to extract a PIN code from electroencephalogram signals. Overall, our results confirm the possibility of partial PIN recovery with high probability of success in a more quantified manner (i.e., entropy reductions), and put forward the challenges of full PIN recovery. They also highlight that the attack complexities can significantly vary in function of the adversarial capabilities (e.g., supervised/profiled vs. unsupervised/non-profiled), hence leading to an interesting tradeoff between their efficiency and practical relevance. We then show that similar attack techniques can be used to threat the privacy of BCI users. We finally use our experiments to discuss the impact of such attacks for the security and privacy of BCI applications at large, and the important emerging societal challenges they raise.

Published
2017

16. A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks

Author

Poussier, Romain, Zhou, Yuanyuan, Standaert, François-Xavier, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Side-channel attacks, side-channel analysis, Computer engineering, Computer science, Scalar (mathematics), 0202 electrical engineering, electronic engineering, information engineering, Elliptic Curve Digital Signature Algorithm, 020201 artificial intelligence & image processing, 02 engineering and technology, Side channel attack, Scalar multiplication, Implementation, 020202 computer hardware & architecture
Abstract

The wide number and variety of side-channel attacks against scalar multiplication algorithms makes their security evaluations complex, in particular in case of time constraints making exhaustive analyses impossible. In this paper, we present a systematic way to evaluate the security of such implementations against horizontal attacks. As horizontal attacks allow extracting most of the information in the leakage traces of scalar multiplications, they are suitable to avoid risks of overestimated security levels. For this purpose, we additionally propose to use linear regression in order to accurately characterize the leakage function and therefore approach worst-case security evaluations. We then show how to apply our tools in the contexts of ECDSA and ECDH implementations, and validate them against two targets: a Cortex-M4 and a Cortex-A8 micro-controllers.

Published
2017
Full Text
View/download PDF

17. Towards Sound Fresh Re-Keying with Hard (Physical) Learning Problems

Author

Dziembowski, Stefan, Faust, Sebastian, Herold, Gottfried, Journault, Anthony, Masny, Daniel, Standaert, François-Xavier, Advances in Cryptology - 36th International Cryptology Conference (CRYPTO 2016), and UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique

Subjects
Theoretical computer science, Computer science, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Side-channel attacks, Encryption, Leakage-resilient cryptographic constructions, 01 natural sciences, Secret sharing, Random oracle, Public-key cryptography, Pseudorandom function family, 0202 electrical engineering, electronic engineering, information engineering, Cryptographic constructions, Security level, Stream cipher, Leakage parity, AKA, Block cipher, business.industry, Homomorphic encryption, Fresh re-keying, Symmetric-key algorithm, 010201 computation theory & mathematics, Authentication protocol, 020201 artificial intelligence & image processing, business
Abstract

Most leakage-resilient cryptographic constructions aim at limiting the information adversaries can obtain about secret keys. In the case of asymmetric algorithms, this is usually obtained by secret sharing (aka masking) the key, which is made easy by their algebraic properties. In the case of symmetric algorithms, it is rather key evolution that is exploited. While more efficient, the scope of this second solution is limited to stateful primitives that easily allow for key evolution such as stream ciphers. Unfortunately, it seems generally hard to avoid the need of (at least one) execution of a stateless primitive, both for encryption and authentication protocols. As a result, fresh re-keying has emerged as an alternative solution, in which a block cipher that is hard to protect against side-channel attacks is re-keyed with a stateless function that is easy to mask. While previous proposals in this direction were all based on heuristic arguments, we propose two new constructions that, for the first time, allow a more formal treatment of fresh re-keying. More precisely, we reduce the security of our re-keying schemes to two building blocks that can be of independent interest. The first one is an assumption of Learning Parity with Leakage, which leverages the noise that is available in side-channel measurements. The second one is based on the Learning With Rounding assumption, which can be seen as an alternative solution for low-noise implementations. Both constructions are efficient and easy to mask, since they are key homomorphic or almost key homomorphic.

Published
2016

18. Score-Based vs. Probability-Based Enumeration - A Cautionary Note

Author

Choudary, Marios O., Poussier, Romain, Standaert, François-Xavier, 17th International Conference in Cryptology in India - Progress in cryptology (INDIACRYPT 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Exploit, Computer science, Heuristic, Bayesian probability, Rank (computer programming), Context (language use), 02 engineering and technology, Side-channel attacks, 020202 computer hardware & architecture, Probability-based enumeration, Linear regression, Statistics, 0202 electrical engineering, electronic engineering, information engineering, Enumeration, Key (cryptography), 020201 artificial intelligence & image processing, Score-based enumeration
Abstract

The fair evaluation of leaking devices generally requires to come with the best possible distinguishers to extract and exploit side-channel information. While the need of a sound model for the leakages is a well known issue, the risks of additional errors in the post-processing of the attack results (with key enumeration/key rank estimation) are less investigated. Namely, optimal post-processing is known to be possible with distinguishers outputting probabilities (e.g. template attacks), but the impact of a deviation from this context has not been quantified so far. We therefore provide a consolidating experimental analysis in this direction, based on simulated and actual measurements. Our main conclusions are twofold. We first show that the concrete impact of heuristic scores such as produced with a correlation power analysis can lead to non-negligible post-processing errors. We then show that such errors can be mitigated in practice, with Bayesian extensions or specialized distinguishers (e.g. on-the-fly linear regression).

Published
2016

19. Towards Easy Leakage Certification

Author

Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, 18th International Conference on Cryptographic hardware and Embedded Systems (CHES 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Exploit, Computer science, business.industry, Cryptography, 02 engineering and technology, Certification, Side-channel attacks, 020202 computer hardware & architecture, Reliability engineering, Leakage certification, Information sensitivity, Power analysis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Leakage, Leakage (electronics)
Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published
2016

20. Information Theoretic Evaluation of Logic Styles to Counteract Side-Channel Attacks

Author

Macé, François, Standaert, François-Xavier, Quisquater, Jean-Jacques, Proceedings of CHES 2007, and UCL - FSA/ELEC - Département d'électricité

Subjects
Logic styles, Side-channel attacks
Abstract

We propose to apply an information theoretic metric to the evaluation of side-channel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to replace the need of actual measurements, we show that simulations can be used as a meaningful first step in the validation chain of a cryptographic product. For illustration purposes, we apply our methodology to gate-level simulations of different logic styles and stress that it allows a significant improvement of the previously considered evaluation methods. In particular, our results allow putting forward the respective strengths and weaknesses of actual countermeasures and determining to which extent they can practically lead to secure implementations (with respect to a noise parameter), if adversaries were provided with simulation-based side-channel traces. Most importantly, the proposed methodology can be straightforwardly adapted to adversaries provided with any other kind of leakage traces (including physical ones).

Published
2007

21. An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays.

Author

Standaert, François-Xavier, Peeters, Eric, Rouvroy, Gael, and Quisquater, Jean-Jacques

Subjects
COMPUTER network security, DATA protection, COMPUTER security, CRYPTOGRAPHY, DATA encryption, PUBLIC key cryptography
Abstract

Since their introduction by Kocher in 1998, power analysis attacks have attracted significant attention within the cryptographic community. While early works in the field mainly threatened the security of smart cards and simple processors, several recent publications have shown the vulnerability of hardware implementations as well. In particular, field programmable gate arrays are attractive options for hardware implementation of encryption algorithms, but their security against power analysis is a serious concern, as we discuss in this paper. For this purpose, we present recent results of attacks attempted against standard encryption algorithms, provide a theoretical estimation of these attacks based on simple statistical parameters and evaluate the cost and security of different possible countermeasures. [ABSTRACT FROM AUTHOR]

Published
2006
Full Text
View/download PDF

22. Fault Sensitivity Analysis

Author

Li, Yang, Sakiyama, Kazuo, Gomisawa, Shigeto, Fukunaga, Toshinori, Takahashi, Junko, Ohta, Kazuo, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Mangard, Stefan, editor, and Standaert, François-Xavier, editor

Published
2010
Full Text
View/download PDF

23. Algebraic Side-Channel Analysis in the Presence of Errors

Author

Oren, Yossef, Kirschbaum, Mario, Popp, Thomas, Wool, Avishai, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Mangard, Stefan, editor, and Standaert, François-Xavier, editor

Published
2010
Full Text
View/download PDF

24. Key enumeration, rank estimation and horizontal side-channel attacks

Author

Poussier, Romain, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, UCL - Ecole Polytechnique de Louvain, Standaert, François-Xavier, Bol, David, Pereira, Olivier, Rivain, Matthieu, and Dhem, Jean-François

Subjects
Rank Estimation, Side-Channel Attacks, Cryptography, Horizontal Attacks, Key Enumeration
Abstract

Since their discovery in the late 90's, side-channel attacks have been shown to be a great threat to the security of cryptographic implementations. In addition to the standard inputs and outputs of an algorithm, these attacks exploit the leakages coming from its implementation. As this additional information was not taken into account during the design of the standard schemes, they have been broken. A wide range of countermeasures has then been developed to increase the resilience of cryptographic schemes against these attacks. However, these countermeasures do not prevent attacks, but rather make them more complex to perform. As a result, the actual security of a given implementation needs to be tested in practice. A way to assess the security of an algorithm is to actually attack it in two steps. The first one, that we denote by information extraction, focuses on the way to use the information arising from the leakages as optimally as possible. The second one, that we denote by information exploitation, focuses on the way to use computational power to mitigate the lack of side-channel information after its extraction. This thesis follows this strategy and tackles both of these problems in two parts. In the first one, we focus on the leakage exploitation in the case of block ciphers. In this respect, we present new key enumeration and rank estimation algorithms and study their applicability. In the second part, we focus on the leakage extraction against elliptic curve cryptography. In that purpose, we present a method to use most of the available information against scalar multiplication algorithms through horizontal differential power attacks. (FSA - Sciences de l'ingénieur) -- UCL, 2018

Published
2018

25. Protection des algorithmes cryptographiques embarqués

Author

RENNER, Soline, Institut de Mathématiques de Bordeaux (IMB), Université Bordeaux Segalen - Bordeaux 2-Université Sciences et Technologies - Bordeaux 1-Université de Bordeaux (UB)-Institut Polytechnique de Bordeaux (Bordeaux INP)-Centre National de la Recherche Scientifique (CNRS), Université de Bordeaux, Gilles Zémor, Guilhem Castagnos, François-Xavier Standaert [Président], Louis Goubin [Rapporteur], Philippe Gaborit [Rapporteur], Christophe Giraud, Zémor, Gilles, Castagnos, Guilhem, Giraud, Christophe, Standaert, François-Xavier, Goubin, Louis, and Gaborit, Philippe

Subjects
Schémas de partage de secret, Linear codes, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Codes linéaires, [MATH.MATH-GM]Mathematics [math]/General Mathematics [math.GM], Attaques par canaux cachés, Side-channel attacks, Secret sharing schemes
Abstract

Since the late 90s, the implementation of cryptosystems on smart card faces two kinds of attacks : side-channel attacks and fault injection attacks. Countermeasures are then developed and validated by considering a well-defined attacker model. This thesis focuses on the protection of symmetric cryptosystems against side-channel attacks. Specifically, we are interested in masking countermeasures in order to tackle high-order attacks for which an attacker is capable of targeting t intermediate values. After recalling the analogy between masking countermeasures and secret sharing schemes, the construction of secret sharing schemes from linear codes introduced by James L. Massey in 1993 is presented.By adapting this construction together with tools from the field of Multi-Party Computation, we propose a generic masking countermeasure resistant to high-order attacks. Furthermore, depending on the cryptosystem to protect, this solution optimizes the cost of the countermeasure by selecting the most appropriate code. In this context, we propose two countermeasures to implement the AES cryptosystem. The first is based on a family of evaluation codes similar to the Reed Solomon code used in the secret sharing scheme of Shamir. The second considers the family of self-dual and self-orthogonal codes generated by a matrix defined over GF(2) or GF(4). These two alternatives are more effective than masking countermeasures from 2011 based on Shamir's secret sharing scheme. Moreover, for t=1, the second solution is competitive with usual solutions.; Depuis la fin des années 90, les cryptosystèmes implantés sur carte à puce doivent faire face à deux grandes catégories d'attaques : les attaques par canaux cachés et les attaques par injection de fautes. Pour s'en prémunir, des contre-mesures sont élaborées, puis validées en considérant un modèle d'attaquant bien défini. Les travaux réalisés dans cette thèse se concentrent sur la protection des cryptosystèmes symétriques contre les attaques par canaux cachés. Plus précisément, on s'intéresse aux contre-mesures de masquage permettant de se prémunir des attaques statistiques d'ordre supérieur pour lesquelles un attaquant est capable de cibler t valeurs intermédiaires. Après avoir rappelé l'analogie entre les contre-mesures de masquage et les schémas de partage de secret, on présente la construction des schémas de partage de secret à partir de codes linéaires, introduite par James L. Massey en 1993. En adaptant cette construction et des outils issus du calcul multi-parties, on propose une méthode générique de contre-mesure de masquage résistante aux attaques statistiques d'ordre supérieur. De plus, en fonction des cryptosystèmes à protéger et donc des opérations à effectuer, cette solution permet d'optimiserle coût induit par les contre-mesures en sélectionnant les codes les plus adéquats. Dans cette optique, on propose deux contre-mesures de masquage pour implanter le cryptosystème AES. La première est basée sur une famille de code d'évaluation proche de celle utilisée pour le schéma de partage de secret de Shamir, tandis que la seconde considéré la famille des codes auto-duaux et faiblement auto-duaux ayant leur matrice génératrice à coefficient sur F2 ou F4. Ces deux alternatives se révèlent plus efficaces que les contremesures de masquage publiées en 2011 et basées sur le schéma de partage de secret de Shamir. De plus la seconde s'avère compétitive pour t=1 comparée aux solutions usuelles.

Published
2014

26. Physical design of cryptographic applications : constrained environments and power analysis resistance

Author

Macé, François, UCL - FSA - Sciences de l'ingénieur, Quisquater, Jean-Jacques, Legat, Jean-Didier, Vandendorpe, Luc, Verbauwhede, Ingrid, Standaert, François-Xavier, and Fischer, Wieland

Subjects
Countermeasurs, Side-Channel Attacks, Cryptography, Constrained Environments, Digital Circuit Design
Abstract

Modern cryptography responds to the need for security that has arisen with the emergence of communication appliances. However, its adapted integration in the wide variety of existing communication systems has opened new design challenges. Amongst them, this thesis addresses two in particular, related to hardware integration of cryptographic algorithms: constrained environments and side-channel security. In the context of constrained environments, we propose to study the interest of the Scalable Encryption Algorithm SEA for constrained hardware applications. We investigate both the FPGA and ASIC contexts and illustrate, using practical implementation results, the interest of this algorithm. Indeed, we demonstrate how hardware implementations can keep its high scalability properties while achieving interesting implementation figures in comparison to conventional algorithms such as the AES. Next, we deal with three complementary aspects related to side-channel resistance. We first propose a new class of dynamic and differential logic families achieving low-power performance with matched leakage of information to state of-the-art countermeasures. We then discuss a power consumption model for these logic styles and apply it to DyCML implementations. It is based on the use of the isomorphism existing between the gate structures of the implemented functions and the binary decision diagrams describing them. Using this model, we are not only able to predict the power consumption, and therefore attack such implementations, but also to efficiently choose the gate structures achieving the best resistance against this model. We finally study a methodology for the security evaluation of cryptographic applications all along their design and test phases. We illustrate the interest of such a methodology at different design steps and with different circuit complexity, using either simulations or power consumption measurements. (FSA 3) -- UCL, 2008

Published
2008

Catalog

Books, media, physical & digital resources
See catalog results