Catálogo de publicaciones - libros

In recent years, some countermeasures against Differential Power Analysis (DPA) at the logic level have been proposed. At CHES 2005 conference, Popp and Mangard proposed a new countermeasure named Masked Dual-Rail Pre-Charge Logic (MDPL) which combine dual-rail circuits with random masking to improve Wave Dynamic Differential Logic (WDDL). The proposers of MDPL claim that it can implement secure circuits using a standard CMOS cell library without special constraints for the place-and-route because the difference of loading capacitance between all pairs of complementary logic gates in MDPL can be covered up by the random masking. In this paper, we especially focus the signal transition of the MDPL gate and evaluate the DPA-resistance of MDPL in detail. Our evaluation results show that the leakage occurs in the MDPL gates as well as WDDL gates when input signals have difference of delay time even if MDPL has an effectiveness on reducing the leakage caused by the difference of loading capacitance. Furthermore, we demonstrate the problem with different input signal delays by measurements of an FPGA and show the validity of our evaluation.

Secure communication over public networks like the Internet requires the use of cryptographic algorithms as basic building blocks. Most cryptographic workloads pose a considerable burden on devices like PDAs, cell phones, and sensor nodes, which are limited in processing power, memory and energy. In this paper we present an approach to increase the efficiency of 32-bit processors for handling symmetric cryptographic algorithms with the help of instruction set extensions. We propose a number of custom instructions to support the Advanced Encryption Standard (AES). Using the SPARC V8-compatible Leon2 embedded processor, we evaluate the effects of the extensions on performance and code size of AES, as well as on silicon area. With a moderate increase in silicon area, AES performance can be improved by a factor of nearly 10, while code size is reduced significantly and implementation flexibility is retained. We also show that our approach is very beneficial for implementation in superscalar processors and that it can compete with the performance of previously proposed cryptographic processors and instruction set extensions.

This paper describes the implementation of the Advanced Encryption Standard Algorithm, Rijndael, in a new nanoscale technology, called CMOL. This technology consists of an array of conventional CMOS gates and a wiring network, which consists of a high density mesh of nanowires. The basic Modules of Rijndael were implemented using CMOL architecture. It is observed that the implementation in such a technology has considerable advantages compared to a conventional CMOS approach as regards to defect tolerance, speed, area and power consumption.

This paper proposes a set of new techniques to improve the implementation of the SHA-2 hashing algorithm. These techniques consist mostly in operation rescheduling and hardware reutilization, allowing a significant reduction of the critical path while the required area also decreases. Both SHA256 and SHA512 hash functions have been implemented and tested in the VIRTEX II Pro prototyping technology. Experimental results suggest improvements to related SHA256 art above 50% when compared with commercial cores and 100% to academia art, and above 70% for the SHA512 hash function. The resulting cores are capable of achieving the same throughput as the fastest unrolled architectures with 25% less area occupation than the smallest proposed architectures. The proposed cores achieve a throughput of 1.4 Gbit/s and 1.8 Gbit/s with a slice requirement of 755 and 1667 for SHA256 and SHA512 respectively, on a XC2VP30-7 FPGA.

Many Field-Programmable Gate Array (FPGA) based systems utilize third-party intellectual property (IP) in their development. When they are deployed in non-networked environments, the question raises how this IP can be protected against non-authorized use. We describe an offline authentication scheme for IP modules. The scheme implements mutual authentication of the IP modules and the hardware platform, and enables us to provide authentication and integrity assurances to both the system developer and IP provider. Compared to the Trusted Computing Platform’s approach to hardware, software authentication, our solution is more lightweight and tightly integrates with existing FPGA security features. We are able to demonstrate an implementation of the authentication scheme that requires a symmetric cipher and a Physically Unclonable Function (PUF). In addition to the low hardware requirements, our implementation does not require any on-chip, non-volatile storage.

It is well known that a malicious adversary can try to retrieve secret information by inducing a fault during cryptographic operations. Following the work of Seifert on fault inductions during RSA signature verification, we consider in this paper the signature counterpart. Our article introduces the first fault attack applied on RSA in standard mode. By only corrupting one public key element, one can recover the private exponent. Indeed, similarly to Seifert’s attack, our attack is done by modifying the modulus. One of the strong points of our attack is that the assumptions on the induced faults’ effects are relaxed. In one mode, absolutely no knowledge of the fault’s behavior is needed to achieve the full recovery of the private exponent. In another mode, based on a fault model defining what is called dictionary , the attack’s efficiency is improved and the number of faults is dramatically reduced. All our attacks are very practical. Note that those attacks do work even against implementations with deterministic ( e.g., RSA-FDH ) or random ( e.g., RSA-PFDH ) paddings, except for cases where we have signatures with randomness recovery (such as RSA-PSS ). The results finally presented on this paper lead us to conclude that it is also mandatory to protect RSA ’s public parameters against fault attacks.

In this paper, we present a new attack on RSA when the public exponent is short, for instance 3 or 2^16+1, and when the classical exponent randomization is used. This attack works even if blinding is used on the messages. From a Simple Power Analysis (SPA) we study the problem of recovering the RSA private key when non consecutive bits of it leak from the implementation. We also show that such information can be gained from sliding window implementations not protected against SPA.

The successful application to elliptic curve cryptography of side-channel attacks, in which information about the secret key can be recovered from the observation of side channels like power consumption, timing, or electromagnetic emissions, has motivated the recent development of unified formulæ for elliptic curve point operations. In this paper, we show how an attack introduced by Walter can be improved and used against the unified formulæ of Brier, Déchène and Joye when it relies on a standard field arithmetic implementation, both in affine and projective coordinates. We also describe how the field arithmetic might be implemented to obtain more uniform operations that avoid this type of attack.

In cryptography it is assumed that adversaries only have black box access to the secret keys of honest parties. In real life, however, the black box approach is not sufficient because attackers have access to many physical means that enable them to derive information on the secret keys. In order to limit the attacker’s ability to read out secret information, the concept of Algorithmic Tamper Proof (ATP) security is needed as put forth by Gennaro, Lysyanskaya, Malkin, Micali and Rabin. An essential component to achieve ATP security is read-proof hardware. In this paper, we develop an implementation of read-proof hardware that is resistant against invasive attacks. The construction is based on a hardware and a cryptographic part. The hardware consists of a protective coating that contains a lot of randomness. By performing measurements on the coating a fingerprint is derived. The cryptographic part consists of a Fuzzy Extractor that turns this fingerprint into a secure key. Hence no key is present in the non-volatile memory of the device. It is only constructed at the time when needed, and deleted afterwards. A practical implementation of the hardware and the cryptographic part is given. Finally, experimental evidence is given that an invasive attack on an IC equipped with this coating, reveals only a small amount of information on the key.

This paper presents a Path Swapping (PS) method which enables to enhance the security of Quasi Delay Insensitive Asynchronous Circuits against Power Analysis (PA) attack. This approach exploits the logical symmetries of the QDI asynchronous blocks, particularly its data-path redundancies, to make all electrical curves used when implementing a PA attacks useless. Indeed, the idea is to average the electrical signatures of a block by randomly exchanging its data-paths during processing. To be able to implement this approach, we adopted a formal model of QDI circuits. Firstly, this formal model enables the designer to formally verify the symmetry of all paths in order to apply a path swapping method. Secondly, it offers the possibility to model the electrical signature of QDI asynchronous circuits. Finally, applying DPA on this formal model allows us to evaluate, in an early phase of the design, the circuit’s sensitivity to the relevancy of the approach. Electrical simulations performed on a DES crypto-processor confirm the efficiency of the technique.