Universite Bordeaux 1

Displaying 1-40 of 79 results

  • White Papers // Oct 2013

    Block Ciphers that are Easier to Mask: How Far Can We Go?

    The design and analysis of lightweight block ciphers has been a very active research area over the last couple of years, with many innovative proposals trying to optimize different performance figures. However, since these block ciphers are dedicated to low-cost embedded devices, their implementation is also a typical target for...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2013

    How to Certify the Leakage of a Chip?

    Evaluating side-channel attacks and countermeasures requires determining the amount of information leaked by a target device. For this purpose, information extraction procedures published so far essentially combine a \"Leakage model\" with a \"Distinguisher\". Fair evaluations ideally require exploiting a perfect leakage model (i.e. exactly corresponding to the true leakage distribution)...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2013

    Non-Malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures

    Verifiability is central to building protocols and systems with integrity. Initially, efficient methods employed the fiat-shamir heuristics. Since 2008, the groth-sahai techniques have been the most efficient in constructing non-interactive witness indistinguishable and zero-knowledge proofs for algebraic relations. For the important task of proving membership in linear subspaces, the researchers...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2013

    Strong PUFs and their (Physical) Unpredictability - A Case Study with Power PUFs

    Physically unclonable functions are more and more important in the design of secure hardware, as they can ensure properties that conventional cryptography cannot. In this paper the authors clarify the relations between strong PUFs and their unpredictability. For this purpose they first introduce an alternative definition for physical unpredictability, where...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2013

    Understanding the Limitations and Improving the Relevance of Spice Simulations in Side-Channel Security Evaluations

    Simulation is a very powerful tool for hardware designers. It generally allows the preliminary evaluation of a chip's performances before its final tape out. As security against side-channel attacks is an increasingly important issue for cryptographic devices, simulation also becomes a desirable option for preliminary evaluation in this case. However,...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2013

    Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions

    Leakage-resilient cryptography aims at formally proving the security of cryptographic implementations against large classes of side-channel adversaries. One important challenge for such an approach to be relevant is to adequately connect the formal models used in the proofs with the practice of side-channel attacks. It raises the fundamental problem of...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2013

    Masking vs. Multiparty Computation: How Large is the Gap for AES?

    In this paper, the authors evaluate the performances of state-of-the-art higher-order masking schemes for the AES. Doing so, they pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal exploiting Multi-Party Computation (MPC) techniques. They show that the additional...

    Provided By Universite Bordeaux 1

  • White Papers // Feb 2013

    Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers

    Generic side-channel distinguisher's aim at revealing the correct key embedded in cryptographic modules even when few assumptions can be made about their physical leakages. In this paper, Kolmogorov-Smirnov Analysis (KSA) and Partial Kolmogorov-Smirnov analysis (PKS) were proposed respectively. Although both KSA and PKS are based on the Kolmogorov-Smirnov (KS) test,...

    Provided By Universite Bordeaux 1

  • White Papers // Jan 2013

    Fresh Re-Keying: Security Against Side-Channel and Fault Attacks for Low-Cost Devices

    The market for RFID technology has grown rapidly over the past few years. Going along with the proliferation of RFID technology is an increasing demand for secure and privacy-preserving applications. In this context, RFID tags need to be protected against physical attacks such as Differential Power Analysis (DPA) and fault...

    Provided By Universite Bordeaux 1

  • White Papers // Jan 2013

    Harvesting the Potential of Nano-CMOS for Lightweight Cryptography: An Ultra-Low-Voltage 65nm AES Coprocessor for Passive RFID Tags

    An important challenge associated with the current massive deployment of RFID solutions is to provide security to passive tags while meeting their power budget. This can either be achieved by designing new lightweight ciphers, or by proposing advanced low-power implementations of standard ciphers. In this paper, the authors show that...

    Provided By Universite Bordeaux 1

  • White Papers // Dec 2012

    Discarding the Endpoints Makes the Cryptanalytic Time-Memory Trade-Offs Even Faster

    Cryptanalytic time-memory trade-offs were introduced by Hellman in 1980 in order to perform key-recovery attacks on cryptosystems. A major advance was presented at Crypto 2003 by Oechslin, with the rainbow table variant that outperforms Hellman's seminal work. This paper introduces the fingerprint tables, which drastically reduce the number of false...

    Provided By Universite Bordeaux 1

  • White Papers // Nov 2012

    Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models

    Inserting random delays in cryptographic implementations is often used as a countermeasure against side-channel attacks. Most previous papers on the topic focus on improving the statistical distribution of these delays. These solutions increase security against attacks that solve the lack of synchronization between different leakage traces by integrating them. In...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2012

    Security Evaluations Beyond Computing Power How to Analyze Side-Channel Attacks You Cannot Mount?

    Concrete security evaluations are at the core of cryptographic research. Taking the example of symmetric cryptography, they are at the same time central in formal definitions of security (e.g. as introduced by Bellare et al.) and in the evaluation of attacks such as linear and differential cryptanalysis. Their goal is...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2012

    Bounds on the Capacity of the Relay Channel with Noncausal State at the Source

    The authors consider a three-terminal state-dependent relay channel with the channel state available non-causally at only the source. Such a model may be of interest for node cooperation in the framework of cognition, i.e., collaborative signal transmission involving cognitive and non-cognitive radios. They study the capacity of this communication model....

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2012

    Group Signatures with Almost-for-Free Revocation

    Group signatures are a central cryptographic primitive where users can anonymously and accountably sign messages in the name of a group they belong to. Several efficient constructions with security proofs in the standard model (i.e., without the random oracle idealization) appeared in the recent years. However, like standard PKIs, group...

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2012

    On Multiaccess Channel With Unidirectional Cooperation and Security Constraints

    The authors study a special case of Willems's two-user multi-access channel with partially cooperating encoders from a security perspective. This model differs from Willems's setup in the following aspects - only one encoder, Encoder 1, is allowed to conference, Encoder 2 does not transmit any message, and there is an...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2012

    Unified and Optimized Linear Collision Attacks and their Application in a Non-Profiled Setting

    Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, the authors discuss their relevance in the security evaluation of leaking devices with two main contributions. On the one hand, they suggest that the exploitation of linear collisions in...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2012

    Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

    Leakage-resilient constructions have attracted significant attention over the last couple of years. In practice, pseudorandom functions are among the most important such primitives, because they are state-less and do not require a secure initialization as, e.g. stream ciphers. However, their deployment in actual applications is still limited by security and...

    Provided By Universite Bordeaux 1

  • White Papers // May 2012

    Multiaccess Channel with Partially Cooperating Encoders and Security Constraints

    The authors study a special case of Willems's two-user multi-access channel with partially cooperating encoders from a security perspective. This model differs from Willems's setup in that only one encoder, Encoder 1, is allowed to conference; Encoder 2 does not transmit any message, and there is an additional passive eavesdropper...

    Provided By Universite Bordeaux 1

  • White Papers // May 2012

    Power Scheduling for Distributed Estimation in Cluster-Based Wireless Sensor Networks

    This paper deals with distributed estimation problem in hierarchical wireless sensor networks, where the network is divided into spatially disjoint groups called clusters. The sensors in each cluster observe a separate random source which is correlated with the sources being observed by other clusters. Each cluster has its designated Cluster...

    Provided By Universite Bordeaux 1

  • White Papers // May 2012

    A Novel Class of Iterative Approximation Methods for DSL Spectrum Optimization

    Spectrum optimization is a promising means to tackle the crosstalk problem in DSL systems, and corresponds to a challenging non-convex optimization problem. Iterative Convex Approximation (ICA) methods have been proposed in the literature to deal with this optimization problem. These methods consist in solving a series of improving convex approximations...

    Provided By Universite Bordeaux 1

  • White Papers // Apr 2012

    Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model

    In this paper the authors consider anonymity in the context of Broadcast Encryption (BE). This issue has received very little attention so far and all but one of the currently available BE schemes fail to provide anonymity. Yet, they argue that it is intrinsically desirable to provide anonymity in standard...

    Provided By Universite Bordeaux 1

  • White Papers // Dec 2011

    Dynamic Channel Modeling at 2.4 GHz for On-Body Area Networks

    In wireless body area networks, on-body radio propagation channels are typically time-varying, because of the frequent body movements. The dynamic local body scattering dominates the temporal and spatial properties of the on-body channels. The influence varies largely depending on the distribution of the channels and the modes of body movements....

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2011

    Fresh Re-Keying II: Securing Multiple Parties Against Side-Channel and Fault Attacks

    Security-aware embedded systems are widespread nowadays and many applications, such as payment, pay-TV and automotive applications rely on them. These devices are usually very resource constrained but at the same time likely to operate in a hostile environment. Thus, the implementation of low-cost protection mechanisms against physical attacks is vital...

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2011

    Extractors Against Side-Channel Attacks: Weak or Strong?

    Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for...

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2011

    Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box

    In this paper, the authors complement this work by analyzing an implementation of the AES s-box, in the DDSLL dual-rail logic style, using the same 65-nanometer technology. For this purpose, they first compare the performance results of the static CMOS and dual-rail s-boxes. They show that full custom design allows...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    Homomorphic Network Coding Signatures in the Standard Model

    Network coding is known to provide improved resilience to packet loss and increased throughput. Unlike traditional routing techniques, it allows network nodes to perform transformations on packets they receive before transmitting them. For this reason, packets cannot be authenticated using ordinary digital signatures, which make it difficult to hedge against...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    Experimenting Linear Cryptanalysis

    In this paper, the authors mainly focused on the experimental review of a number of important assumptions used in linear cryptanalysis and its extensions. It highlights the difficulty of predicting the statistical behavior of a block cipher as its number of rounds increases, both for adversaries trying to exploit key-dependent...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    A Formal Foundation for the Security Features of Physical Functions

    Physical attacks against cryptographic devices typically take advantage of information leakage (e.g., side-channels attacks) or erroneous computations (e.g., fault injection attacks). Preventing or detecting these attacks has become a challenging task in modern cryptographic research. In this context intrinsic physical properties of integrated circuits, such as Physical(ly) Unclonable Functions (PUFs),...

    Provided By Universite Bordeaux 1

  • White Papers // Feb 2011

    FPGA Implementations of the AES Masked Against Power Analysis Attacks

    Power analysis attacks are a serious treat for implementations of modern cryptographic algorithms. Masking is a particularly appealing countermeasure against such attacks since it increases the security to a well quantifiable level and can be implemented without modifying the underlying technology. Its main drawback is the performance overhead it implies....

    Provided By Universite Bordeaux 1

  • White Papers // Feb 2011

    A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

    Variability is a central issue in deep submicron technologies, in which it becomes increasingly difficult to produce two chips with the same behavior. While the impact of variability is well understood from the microelectronic point of view, very few works investigated its significance for cryptographic implementations. This is an important...

    Provided By Universite Bordeaux 1

  • White Papers // Dec 2010

    Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts

    Attribute-Based Encryption (ABE), as introduced by the researchers, allows for fine-grained access control on encrypted data. In its key-policy flavor, the primitive enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2010

    Preimages for the Tillich-Zemor Hash Function

    After 15 years of unsuccessful cryptanalysis attempts by the research community, have recently broken the collision resistance property of the tillich-zemor hash function. In this paper, the authors extend their cryptanalytic work and consider the preimage resistance of the function. They present two algorithms for computing preimages, each algorithm having...

    Provided By Universite Bordeaux 1

  • White Papers // Sep 2010

    The World is Not Enough: Another Look on Second-Order DPA

    Recent paper showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and gaussian templates are essentially equivalent. In this paper, the authors show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2010

    Bounds on the Capacity of the Relay Channel With Noncausal State Information at Source

    The authors consider a three-terminal state-dependent relay channel with the channel state available non-causally at only the source. Such a model may be of interest for node cooperation in the framework of cognition, i.e., collaborative signal transmission involving cognitive and non-cognitive radios. They study the capacity of this communication model....

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    How Leaky is an Extractor?

    In a side-channel attack, an adversary attempts to break a cryptographic primitive, by taking advantage of the physical peculiarities of the hardware on which it is running. Typical examples include the power consumption or electromagnetic radiation of small embedded devices. In view of the physical nature of these implementation issues,...

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    On the Capacity of a Class of Relay Channels with Orthogonal Components and Noncausal State Information at Source

    The authors study the capacity of a class of state-controlled relay channels with orthogonal channels from the source to the relay and from the source and relay to the destination. The channel states are assumed to be known, non-causally, to only the source. This model is useful for relaying in...

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    Representation-, Leakage- and Cipher- Dependencies in Algebraic Side-Channel Attacks

    By combining the extraction of side-channel information leakages with classical cryptanalysis techniques, the recently introduced algebraic side-channel attacks trade a part of the data complexity in standard DPA attacks for more computations. But predicting the success rate of such attacks is made harder because of the numerous parameters that come...

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    Architecture for Cooperative Prefetching in P2P Video-on-Demand System

    Most P2P VoD schemes focused on service architectures and overlays optimization without considering segments rarity and the performance of prefetching strategies. As a result, they cannot better support VCR-oriented service in heterogeneous environment having clients using free VCR controls. Despite the remarkable popularity in VoD systems, there exists no prior...

    Provided By Universite Bordeaux 1

  • White Papers // Apr 2010

    Adaptive Chosen-Message Side-Channel Attacks

    Most side-channel attacks that have been published in the open literature assume known or chosen-message adversarial scenarios. In this paper, the authors analyze the increase of the attacks' efficiencies that can be obtained by adaptively selecting the messages. For this purpose, they first describe a generic strategy that allows an...

    Provided By Universite Bordeaux 1

  • White Papers // Dec 2012

    Discarding the Endpoints Makes the Cryptanalytic Time-Memory Trade-Offs Even Faster

    Cryptanalytic time-memory trade-offs were introduced by Hellman in 1980 in order to perform key-recovery attacks on cryptosystems. A major advance was presented at Crypto 2003 by Oechslin, with the rainbow table variant that outperforms Hellman's seminal work. This paper introduces the fingerprint tables, which drastically reduce the number of false...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2012

    Security Evaluations Beyond Computing Power How to Analyze Side-Channel Attacks You Cannot Mount?

    Concrete security evaluations are at the core of cryptographic research. Taking the example of symmetric cryptography, they are at the same time central in formal definitions of security (e.g. as introduced by Bellare et al.) and in the evaluation of attacks such as linear and differential cryptanalysis. Their goal is...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2012

    Group Signatures with Almost-for-Free Revocation

    Group signatures are a central cryptographic primitive where users can anonymously and accountably sign messages in the name of a group they belong to. Several efficient constructions with security proofs in the standard model (i.e., without the random oracle idealization) appeared in the recent years. However, like standard PKIs, group...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2012

    Bounds on the Capacity of the Relay Channel with Noncausal State at the Source

    The authors consider a three-terminal state-dependent relay channel with the channel state available non-causally at only the source. Such a model may be of interest for node cooperation in the framework of cognition, i.e., collaborative signal transmission involving cognitive and non-cognitive radios. They study the capacity of this communication model....

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2012

    On Multiaccess Channel With Unidirectional Cooperation and Security Constraints

    The authors study a special case of Willems's two-user multi-access channel with partially cooperating encoders from a security perspective. This model differs from Willems's setup in the following aspects - only one encoder, Encoder 1, is allowed to conference, Encoder 2 does not transmit any message, and there is an...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2010

    Bounds on the Capacity of the Relay Channel With Noncausal State Information at Source

    The authors consider a three-terminal state-dependent relay channel with the channel state available non-causally at only the source. Such a model may be of interest for node cooperation in the framework of cognition, i.e., collaborative signal transmission involving cognitive and non-cognitive radios. They study the capacity of this communication model....

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    On the Capacity of a Class of Relay Channels with Orthogonal Components and Noncausal State Information at Source

    The authors study the capacity of a class of state-controlled relay channels with orthogonal channels from the source to the relay and from the source and relay to the destination. The channel states are assumed to be known, non-causally, to only the source. This model is useful for relaying in...

    Provided By Universite Bordeaux 1

  • White Papers // Dec 2011

    Dynamic Channel Modeling at 2.4 GHz for On-Body Area Networks

    In wireless body area networks, on-body radio propagation channels are typically time-varying, because of the frequent body movements. The dynamic local body scattering dominates the temporal and spatial properties of the on-body channels. The influence varies largely depending on the distribution of the channels and the modes of body movements....

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    Homomorphic Network Coding Signatures in the Standard Model

    Network coding is known to provide improved resilience to packet loss and increased throughput. Unlike traditional routing techniques, it allows network nodes to perform transformations on packets they receive before transmitting them. For this reason, packets cannot be authenticated using ordinary digital signatures, which make it difficult to hedge against...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2008

    User Interface Derivation from Business Processes: A Model-Driven Approach for Organizational Engineering

    In this paper, the authors define a model-driven approach for organizational engineering in which user interfaces of information systems are derived from business processes. This paper consists of four steps: business process modeling in the context of organizational engineering, task model derivation from the business process model, task refinement, and...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2013

    Masking vs. Multiparty Computation: How Large is the Gap for AES?

    In this paper, the authors evaluate the performances of state-of-the-art higher-order masking schemes for the AES. Doing so, they pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal exploiting Multi-Party Computation (MPC) techniques. They show that the additional...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2013

    Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions

    Leakage-resilient cryptography aims at formally proving the security of cryptographic implementations against large classes of side-channel adversaries. One important challenge for such an approach to be relevant is to adequately connect the formal models used in the proofs with the practice of side-channel attacks. It raises the fundamental problem of...

    Provided By Universite Bordeaux 1

  • White Papers // Nov 2012

    Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models

    Inserting random delays in cryptographic implementations is often used as a countermeasure against side-channel attacks. Most previous papers on the topic focus on improving the statistical distribution of these delays. These solutions increase security against attacks that solve the lack of synchronization between different leakage traces by integrating them. In...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2012

    Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

    Leakage-resilient constructions have attracted significant attention over the last couple of years. In practice, pseudorandom functions are among the most important such primitives, because they are state-less and do not require a secure initialization as, e.g. stream ciphers. However, their deployment in actual applications is still limited by security and...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2012

    Unified and Optimized Linear Collision Attacks and their Application in a Non-Profiled Setting

    Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, the authors discuss their relevance in the security evaluation of leaking devices with two main contributions. On the one hand, they suggest that the exploitation of linear collisions in...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2013

    Understanding the Limitations and Improving the Relevance of Spice Simulations in Side-Channel Security Evaluations

    Simulation is a very powerful tool for hardware designers. It generally allows the preliminary evaluation of a chip's performances before its final tape out. As security against side-channel attacks is an increasingly important issue for cryptographic devices, simulation also becomes a desirable option for preliminary evaluation in this case. However,...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    Experimenting Linear Cryptanalysis

    In this paper, the authors mainly focused on the experimental review of a number of important assumptions used in linear cryptanalysis and its extensions. It highlights the difficulty of predicting the statistical behavior of a block cipher as its number of rounds increases, both for adversaries trying to exploit key-dependent...

    Provided By Universite Bordeaux 1

  • White Papers // Jan 2013

    Fresh Re-Keying: Security Against Side-Channel and Fault Attacks for Low-Cost Devices

    The market for RFID technology has grown rapidly over the past few years. Going along with the proliferation of RFID technology is an increasing demand for secure and privacy-preserving applications. In this context, RFID tags need to be protected against physical attacks such as Differential Power Analysis (DPA) and fault...

    Provided By Universite Bordeaux 1

  • White Papers // Nov 2009

    Physical Security

    A cryptographic primitive can be considered from two points of view: on the one hand, it can be viewed as an abstract mathematical object or black box (i.e. a transformation, possibly parameterized by a key, turning some input into some output); on the other hand, this primitive will in fine...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2013

    Strong PUFs and their (Physical) Unpredictability - A Case Study with Power PUFs

    Physically unclonable functions are more and more important in the design of secure hardware, as they can ensure properties that conventional cryptography cannot. In this paper the authors clarify the relations between strong PUFs and their unpredictability. For this purpose they first introduce an alternative definition for physical unpredictability, where...

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2011

    Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box

    In this paper, the authors complement this work by analyzing an implementation of the AES s-box, in the DDSLL dual-rail logic style, using the same 65-nanometer technology. For this purpose, they first compare the performance results of the static CMOS and dual-rail s-boxes. They show that full custom design allows...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2011

    A Formal Foundation for the Security Features of Physical Functions

    Physical attacks against cryptographic devices typically take advantage of information leakage (e.g., side-channels attacks) or erroneous computations (e.g., fault injection attacks). Preventing or detecting these attacks has become a challenging task in modern cryptographic research. In this context intrinsic physical properties of integrated circuits, such as Physical(ly) Unclonable Functions (PUFs),...

    Provided By Universite Bordeaux 1

  • White Papers // Jan 2013

    Harvesting the Potential of Nano-CMOS for Lightweight Cryptography: An Ultra-Low-Voltage 65nm AES Coprocessor for Passive RFID Tags

    An important challenge associated with the current massive deployment of RFID solutions is to provide security to passive tags while meeting their power budget. This can either be achieved by designing new lightweight ciphers, or by proposing advanced low-power implementations of standard ciphers. In this paper, the authors show that...

    Provided By Universite Bordeaux 1

  • White Papers // Feb 2011

    FPGA Implementations of the AES Masked Against Power Analysis Attacks

    Power analysis attacks are a serious treat for implementations of modern cryptographic algorithms. Masking is a particularly appealing countermeasure against such attacks since it increases the security to a well quantifiable level and can be implemented without modifying the underlying technology. Its main drawback is the performance overhead it implies....

    Provided By Universite Bordeaux 1

  • White Papers // Jul 2011

    Extractors Against Side-Channel Attacks: Weak or Strong?

    Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for...

    Provided By Universite Bordeaux 1

  • White Papers // Apr 2010

    Adaptive Chosen-Message Side-Channel Attacks

    Most side-channel attacks that have been published in the open literature assume known or chosen-message adversarial scenarios. In this paper, the authors analyze the increase of the attacks' efficiencies that can be obtained by adaptively selecting the messages. For this purpose, they first describe a generic strategy that allows an...

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    Representation-, Leakage- and Cipher- Dependencies in Algebraic Side-Channel Attacks

    By combining the extraction of side-channel information leakages with classical cryptanalysis techniques, the recently introduced algebraic side-channel attacks trade a part of the data complexity in standard DPA attacks for more computations. But predicting the success rate of such attacks is made harder because of the numerous parameters that come...

    Provided By Universite Bordeaux 1

  • White Papers // May 2010

    How Leaky is an Extractor?

    In a side-channel attack, an adversary attempts to break a cryptographic primitive, by taking advantage of the physical peculiarities of the hardware on which it is running. Typical examples include the power consumption or electromagnetic radiation of small embedded devices. In view of the physical nature of these implementation issues,...

    Provided By Universite Bordeaux 1

  • White Papers // Sep 2010

    The World is Not Enough: Another Look on Second-Order DPA

    Recent paper showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and gaussian templates are essentially equivalent. In this paper, the authors show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single...

    Provided By Universite Bordeaux 1

  • White Papers // Nov 2009

    Algebraic Side-Channel Attacks

    In this paper, the authors show that algebraic techniques can be combined with side-channel attacks in a very effective and natural fashion. As an illustration, they apply them to the block cipher present that is a stimulating first target, due to its simple algebraic structure. The proposed attacks have a...

    Provided By Universite Bordeaux 1

  • White Papers // Jun 2009

    A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions

    Power-based side channel attacks are a significant security risk, especially for embedded applications. To improve the security of such devices, protected logic styles have been proposed as an alternative to CMOS. However, they should only be used sparingly, since their area and power consumption are both significantly larger than for...

    Provided By Universite Bordeaux 1

  • White Papers // Apr 2008

    On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks

    Energy is a central concern in the deployment of wireless sensor networks. In this paper, the authors investigate the energy cost of cryptographic protocols, both from a communication and a computation point of view, based on practical measurements on the MICAz and TelosB sensors. They focus on the cost of...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2008

    Implementation of the AES-128 on Virtex-5 FPGAs

    In this paper, the authors presents an updated implementation of the Advanced Encryption Standard (AES) on the recent xilinx virtex-5 FPGAs. The authors show how a modified slice structure in these reconfigurable hardware devices results in significant improvement of the design efficiency. In particular, a single substitution box of the...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2009

    How to Compare Profiled Side-Channel Attacks?

    Side-channel attacks are an important class of attacks against cryptographic devices and profiled side-channel attacks are the most powerful type of side-channel attacks. In this scenario, an adversary first uses a device under the author control in order to build a good leakage model. Then, the user takes advantage of...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2010

    Leakage Resilient Cryptography in Practice

    In this paper, the authors are concerned with models to analyze the security of cryptographic algorithms against side-channel attacks. Their objectives are threefold. In a first part of the paper, they aim to survey a number of well known intuitions related to physical security and to connect them with more...

    Provided By Universite Bordeaux 1

  • White Papers // Aug 2007

    Security Analysis of Higher-Order Boolean Masking Schemes for Block Ciphers

    Side-channel attacks are an important class of cryptanalytic techniques against cryptographic implementations and masking is a frequently considered solution to improve the resistance of a cryptographic implementation against side-channel attacks. In this paper, the authors consequently analyze the security of higher-order boolean masking schemes in various contexts. Their results are...

    Provided By Universite Bordeaux 1

  • White Papers // Feb 2008

    Improved and Multiple Linear Cryptanalysis of Reduced Round Serpent

    In this paper, the authors first present a modification of matsui's branch-and-bound algorithm for the linear approximation search in a block cipher. It enabled the authors to find the best reported 9-round approximation for the AES candidate Serpent. The algorithm allows speeding up the search of linear approximations at the...

    Provided By Universite Bordeaux 1

  • White Papers // Mar 2008

    Secure and Efficient Implementation of Symmetric Encryption Schemes Using FPGAs

    Reconfigurable computing intends to fill the gap between hardware and software, achieving potentially much higher performance than software, while maintaining a higher level of flexibility than hardware. Reconfigurable devices such as FPGAs contain arrays of computational elements whose functionality is determined through multiple programmable configuration bits. These elements, sometimes known...

    Provided By Universite Bordeaux 1

  • White Papers // May 2007

    Physically Secure Cryptographic Computations from Micro to Nano Electronic Devices

    A recent branch of cryptography focuses on the physical constraints that a real-life cryptographic device must face, and attempts to exploit these constraints to expose the devices secrets. This gave birth to implementation-specific attacks, which often turned out to be much more efficient than the best known cryptanalytic attacks against...

    Provided By Universite Bordeaux 1

  • White Papers // Oct 2010

    Preimages for the Tillich-Zemor Hash Function

    After 15 years of unsuccessful cryptanalysis attempts by the research community, have recently broken the collision resistance property of the tillich-zemor hash function. In this paper, the authors extend their cryptanalytic work and consider the preimage resistance of the function. They present two algorithms for computing preimages, each algorithm having...

    Provided By Universite Bordeaux 1