security of cryptosystems against power-analysis attacks ... · cryptanalysis: power-analysis...

Security of Cryptosystems AgainstPower-Analysis Attacks

PhD Defense

October 22, 2015

Presented by Sonia Belaïd

1/40

2/40

Cryptology

Alice Bob

Eve

Cryptanalysis

CryptographyÜ ConfidentialityÜ AuthenticationÜ Integrity

2/40

Cryptology

Alice Bob

EveCryptanalysis

CryptographyÜ ConfidentialityÜ AuthenticationÜ Integrity

3/40

Cryptography is divided intoÜ Asymmetric cryptographyÜ Symmetric cryptography

Alice Bob

m ← ‘Hello Bob’c ← ENCk (m)

m ← DECk (c)m = ‘Hello Bob’

c = ‘fbjdsiqfesarizom’

Example: confidentiality with encryption

4/40

CryptanalysisÜ Black-box cryptanalysisÜ Side-channel analysis

Alice Bob

ENCmi

k

ci DECci

k

mi

L i

4/40

CryptanalysisÜ Black-box cryptanalysis: A ← (mi ,c i)

Ü Side-Channel Analysis

Alice Bob

ENCmi

k

ci DECci

k

mi

L i

4/40

CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)

Alice Bob

ENCENCmi

k

ci DECDECci

k

mi

L i

5/40

Chosen Contributions

Cryptanalysis: Power-Analysis Attacks

n-bit input m n-bit key k

¯n

n-bit output v

Ü

Cryptography: countermeasures against Power-Analysis Attacks

Ü4B

8

5/40




¯n

n-bit output v

Ü


Ü4B

8

Hidden Multiplier Problem:

1. Successful attack with low noise

2. Improved attack for higher noise

S. Belaïd, P-A. Fouque,and B. Gérard

Asiacrypt 2014

S. Belaïd, J-S. Coron, B.Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff

CHES 2015

6/40

Classical Power-Analysis Attack against AES-128

128-bit input m

⊕k0

S-box

8-bit v

– 8 bits

Attack on 8 bitsÏ prediction of the outputs for the

256 possible 8-bit secretÏ correlation between predictions

and leakageÏ selection of the best correlation to

find the correct 8-bit secret

Attack on 128 bitsÏ repetition of the attack on 8 bits

on each S-box

7/40

Power-Analysis Attack against AES-GCMauthentication, multiplication-based fresh re-keying, ...

Ü k is only manipulated in multiplications

128-bit input m 128-bit key k

¯8

¯8

...

¯8

128-bit output v


¯128

128-bit output v

8/40

Hidden Multiplier Problem

Let k ←GF(2n). Let ` ∈N.Given a sequence {mi ,L i }1≤i≤`where

Ï mi ←GF(2n)

Ï L i =HW(v i)+εi , εi ∼N (0,σ2)

recover k .


¯n

n-bit output v

9/40




¯n

n-bit output v

Ü




Asiacrypt 2014

2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.

Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff

CHES 2015

10/40

Main Observation

Current Issue: each bit of the 128-bitmultiplication’s result depends on allthe key bits

Ü no divide-and-conquer strategy

Hypotheses:Ï leakage of multiplication’s outputs

HW(v)+εÏ multiplication in GF(2128)


¯128

128-bit output v

Main observation:the LSB of a variable’s Hamming weight is a linear function of its bits:

lsb0 (HW(v))= ⊕0ÉiÉ127

v i =⊕

0ÉiÉ127

( ⊕0ÉjÉ127−i

mj

)k i

11/40

System of Equations

With ` Hamming weight values {HW(v (i))}0Éi<`, we recover k bysolving S :

S =

⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(0)j

)k i = lsb0 (HW(v))(0)

⊕b(0)ε

⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(1)j

)k i = lsb0 (HW(v))(1)

⊕b(1)ε

. . .⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(`−1)j

)k i = lsb0 (HW(v))(`−1)

⊕b(`−1)ε

But in practice, the leakage comes with noise: L =HW(v)+ε

lsb0 (dL c) = lsb0 (HW(v))⊕bε

11/40

System of Equations

With ` Hamming weight values {HW(v (i))}0Éi<`, we recover k bysolving S :

S =

⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(0)j

)k i = lsb0 (HW(v))(0) ⊕b(0)

ε

⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(1)j

)k i = lsb0 (HW(v))(1) ⊕b(1)

ε

. . .⊕0ÉiÉ127

( ⊕0ÉjÉ127−i

m(`−1)j

)k i = lsb0 (HW(v))(`−1) ⊕b(`−1)

ε

But in practice, the leakage comes with noise: L =HW(v)+ε

lsb0 (dL c) = lsb0 (HW(v))⊕bε

12/40

Complexities

Signal-to-Noise RatioMethod 3.200 800 200 128

Naive method (Cs,Ct ) (29,221) (29,221) (29,265) (29,2107)

LPN (LF Algo) (Cs,Ct ) (212,214) (221,222) (233,234) (249,250)

Linear decoding (Cs,Ct ) (27,26) (27,27) (29,225) (210,262)

Signal-to-noise ratio= signal variancenoise variance

= 32σ2

13/40




¯n

n-bit output v

Ü




Asiacrypt 2014

2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.

Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff

CHES 2015

14/40

Main Observation

New Attack:Ü filter the multiplication’s outputs

leakage to extract high and lowHamming weights

Ü solve a system with errors

Improvements:4 more generic4 less impacted by noise


¯n

n-bit output v

15/40

System of Equations

Reminder:L (v)=HW(v)+ε=HW(m¯k)+ε

Extreme cases:

HW(v)= 0 Ü v = 0

v0 = ⊕0Éj<n

( ⊕i∈I(0,j)

mi

)k j = 0

v1 = ⊕0Éj<n

( ⊕i∈I(1,j)

mi

)k j = 0

......

...

vn−1 = ⊕0Éj<n

( ⊕i∈I(n−1,j)

mi

)k j = 0

HW(v)= n Ü v = 2n −1

v0 = ⊕0Éj<n

( ⊕i∈I(0,j)

mi

)k j = 1

v1 = ⊕0Éj<n

( ⊕i∈I(1,j)

mi

)k j = 1

......

...

vn−1 = ⊕0Éj<n

( ⊕i∈I(n−1,j)

mi

)k j = 1

with an error probability p

15/40

System of Equations

Reminder:L (v)=HW(v)+ε=HW(m¯k)+ε

Usual cases:

L (v) low Ü v ≈ 0

v0 = ⊕0Éj<n

( ⊕i∈I(0,j)

mi

)k j = 0

v1 = ⊕0Éj<n

( ⊕i∈I(1,j)

mi

)k j = 0

......

...

vn−1 = ⊕0Éj<n

( ⊕i∈I(n−1,j)

mi

)k j = 0

L (v) high Ü v ≈ 2n −1

v0 = ⊕0Éj<n

( ⊕i∈I(0,j)

mi

)k j = 1

v1 = ⊕0Éj<n

( ⊕i∈I(1,j)

mi

)k j = 1

......

...

vn−1 = ⊕0Éj<n

( ⊕i∈I(n−1,j)

mi

)k j = 1

with an error probability p

16/40

Filtering

20 40 60 80 100

0.0

2.0

4.0

6.0

·10−2 50 78

B(128,0.5)

L < n2 −λ

pn

2 L > n2 +λ

pn

2

SNR= 128n = 128λ≈ 2.5

filtering: 1 trace over 25

error probability: p ≈ 0.38

17/40

Error Probabilities

log2(1/F (λ)) 30 25 20 15 10 5SNR= 128, σ= 0.5

λ 6.00 5.46 4.85 4.15 3.29 2.16p 0.23 0.25 0.28 0.31 0.34 0.39

p [BFG14] 0.31SNR= 8, σ= 2

λ 6.37 5.79 5.14 4.39 3.48 2.28p 0.25 0.27 0.29 0.32 0.35 0.40

p [BFG14] > 0.49SNR= 2, σ= 4

λ 7.42 6.73 5.97 5.09 4.03 2.64p 0.28 0.30 0.32 0.34 0.37 0.41

p [BFG14] > 0.49SNR= 0.5, σ= 8

λ 10.57 9.58 8.48 7.21 5.71 3.73p 0.34 0.36 0.37 0.39 0.41 0.44

p [BFG14] > 0.49

Signal-to-noise ratio= signal variancenoise variance

= 32σ2

18/40

Experiments for n = 128Ï Filtering on a Virtex 5 - 128 bits (n = 128) : SNR= 8.21, σ= 7.11

1 1.5 2 2.5 3 3.5 4

0.36

0.38

0.4

0.42

0.44

filtering (λ)

erro

rpro

babi

litie

sptheoretical

pexperimental

Ï Expected complexities to recover k with 220 consumption traces

trade-offs (time , memory )

(259.31,227.00

)(251.68,236.00

)(250.00,244.00

)

19/40

Conclusion on the Multiplication Cryptanalysis



¯n

n-bit output v

Ü

Summary4 successful attacks on multiplications from the output’s leakage4 practical for n = 128 (use cases: AES-GCM, re-keying)

Further WorkÜ application of similar attacks on other primitivesÜ deeper analysis of LPN techniques in the context of side-channel

analysis

20/40




¯n

n-bit output v

Ü


Ü4B

8

20/40




¯n

n-bit output v

Ü


Ü4B

8

Masking and t-probing model:

1. Verified Proofs of Higher-Order Masking

G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub

Eurocrypt 2015

2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,

F. Dupressoir, P-A. Fouque,and B. Grégoire

ePrint 2015

21/40

Countermeasures against Power-Analysis Attacks

m

k

c

L

Problem: leakage L is key-dependent

Fresh Re-keying

Idea: regularly change k

session key k?

R

master key k

cm

r

Masking

Idea: make leakage L random

sensitive value: v = f (m,k)

v0 ← v ⊕( ⊕1ÉiÉt

v i

)v1 ← $ ... v t ← $

Ü each t-uple of v i isindependent from v

22/40

Security of Masked Programs: Leakage Model

realism

conv

enie

nce

fors

ecur

itypr

oofs t-probing model

Ishai, Sahai, Wagner

Crypto 03

noisyleakage model

Prouff, Rivain

Eurocrypt 13

no leak-free gates

leak-free gates

reductionDuc, Dziembowski, Faust

Eurocrypt 14

23/40



Ü4B

8




Eurocrypt 2015



ePrint 2015

24/40

Security in the t-probing model

1. show that a t-uple is independent from the secret2. test all the possible t-uples

function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)

r1 ← $

r2 ← $

y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3

y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)

1. independentfrom the secret?

8 many mistakes

48?

2. test 286 3-uples8 missing cases8 inefficient

24/40




r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)


8 many mistakes

4

8?


24/40




r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)


8 many mistakes

4

8

?


24/40




r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)


8 many mistakes

48

?


24/40




r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)


8 many mistakes

48?


25/40

1. Show that a t-uple is independent from the secret

Inputs: t intermediate variables, b ← true

(Rule 1) secret variables?yes Ü (Rule 2)

no Ü 4

(Rule 2) an expression v is invertible in theonly occurrence of a random r?

yes Ü v ← r ; (Rule 1)

no Ü (Rule 3)

(Rule 3) is flag b = true?

yes Ü simplify; b ← false; (Rule 1)

no Ü 8

function Ex-t3(x1,x2,x3,x4,c):

r1 ← $

r2 ← $

y1 ← x1 + r1

y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1

t2 ← (x2 + r1)+x3

y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)

4 Ü distribution independent from the secret8 Ü might be used for an attack

25/40

1. Show that a t-uple is independent from the secret

Inputs: t intermediate variables, b ← true

(Rule 1) secret variables?yes Ü (Rule 2)

no Ü 4

(Rule 2) an expression v is invertible in theonly occurrence of a random r?

yes Ü v ← r ; (Rule 1)

no Ü (Rule 3)

(Rule 3) is flag b = true?

yes Ü simplify; b ← false; (Rule 1)

no Ü 8

function Ex-t3(x1,x2,x3,x4,c):

r1 ← $

r2 ← $

y1 ← x1 + r1

y2 ← (x +x1 +x2 +x3)+ r2

y2 ← x3

t1 ← x2 + r1

t2 ← (x2 + r1)+x3

y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)

4 Ü distribution independent from the secret8 Ü might be used for an attack

26/40

2. Extension to All Possible Sets

Problem: n intermediate variables Ü(n

t)

proofs

New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard

problemÏ two algorithms efficient in practice

X X C(X

)

Algorithm 1:

1. select X = (t variables) and prove itsindependence

2. extend X to X with moreobservations but still independence

3. recursively descend in set C(X

)4. merge X and C

(X

)once they are

processed separately.

26/40



t)

proofs



X

X C(X

)

Algorithm 1:1. select X = (t variables) and prove its

independence



)4. merge X and C

(X

)once they are


26/40



t)

proofs



X X

C(X

)

Algorithm 1:1. select X = (t variables) and prove its

independence2. extend X to X with more

observations but still independence


)4. merge X and C

(X

)once they are


26/40



t)

proofs



X X C(X

)Algorithm 1:




)

4. merge X and C(X

)once they are


26/40



t)

proofs



X X C(X

)Algorithm 1:




)4. merge X and C

(X

)once they are


27/40

2. Extension to All Possible Sets: Example

function Ex-t3(x1,x2,x3,x4,c):r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)

X : 4X : 4

C (X ): 4

merge X and C (X ): 8

Ü 207 proofs instead of 286

27/40

2. Extension to All Possible Sets: Example

function Ex-t3(x1,x2,x3,x4,c):r1 ← $

r2 ← $


y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2

return(y1,y2,y3,y4)

X : 4

X : 4

C (X ): 4

merge X and C (X ): 8

Ü 207 proofs instead of 286

28/40

Application to the Sbox [CPRR13, Algorithm 4]

Method # tuples Security Complexity# sets time*

First-Order Maskingnaive

63 4

63 0.001sAlg. 1 17 0.001sAlg. 2 17 0.001s

Second-Order Maskingnaive

12,561 4

12,561 0.180sAlg. 1 851 0.046sAlg. 2 619 0.029s

Third-Order Maskingnaive

4,499,950 4

4,499,950 140.642sAlg. 1 68,492 9.923sAlg. 2 33,075 3.894s

Fourth-Order Maskingnaive

2,277,036,685 4

- unpracticalAlg. 1 8,852,144 2959.770sAlg. 2 3,343,587 879.235s

*run on a headless VM with a dual core (only one core is used in the computation) 64-bit processor clocked at 2GHz

29/40

Benchmarks

Reference Target # tuples Security Complexity# sets time (s)

First-Order MaskingFSE13 full AES 17,206 4 3,342 128

MAC-SHA3 full Keccak-f 13,466 4 5,421 405Second-Order Masking

RSA06 Sbox 1,188,111 4 4,104 1.6491st -orderCHES10 Sbox 7,140 flaws (2) 866 0.045

CHES10 AES KS 23,041,866 4 771,263 340,745FSE13 2 rnds AES 25,429,146 4 511,865 1,295FSE13 4 rnds AES 109,571,806 4 2,317,593 40,169

Third-Order Masking3rd -orderRSA06 Sbox 2,057,067,320 flaws (98,176) 2,013,070 695

FSE13 Sbox(4) 4,499,950 4 33,075 3.894FSE13 Sbox(5) 4,499,950 4 39,613 5.036

Fourth-Order MaskingFSE13 Sbox (4) 2,277,036,685 4 3,343,587 879

Fifth-Order MaskingCHES10 ¯ 216,071,394 4 856,147 45

30/40



Ü4B

8




Eurocrypt 2015



ePrint 2015

31/40

Current Issues in Composition

8

A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′

i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually

independent.

32/40

Security properties in the t-probing model

if t is fixed: show that any set of t intermediate variables isindependent from the secret

if t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input

3observations

a0 a1 a2 a3 (= a+a0 +a1 +a2)

c0 c1 c2 c3

function Linear-function-t(a0, ...,ai , ...at ):

for i = 0 to t

ci ← f (ai )

return (c0, ...,ci , ...,ct )

Ü straightforward for linear functionsÜ formal proofs with EasyCrypt and pen-and paper proofs for small

non-linear functions

32/40


if t is fixed: show that any set of t intermediate variables isindependent from the secretif t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input

3observations

a0 a1 a2 a3 (= a+a0 +a1 +a2)

c0 c1 c2 c3


for i = 0 to t

ci ← f (ai )

return (c0, ...,ci , ...,ct )



32/40



3observations

a0 a1 a2 a3 (= a+a0 +a1 +a2)

c0 c1 c2 c3


for i = 0 to t

ci ← f (ai )

return (c0, ...,ci , ...,ct )

Ü straightforward for linear functions

Ü formal proofs with EasyCrypt and pen-and paper proofs for smallnon-linear functions

32/40



3observations

a0 a1 a2 a3 (= a+a0 +a1 +a2)

c0 c1 c2 c3


for i = 0 to t

ci ← f (ai )

return (c0, ...,ci , ...,ct )



33/40

Current Issues

Constraint:t0 + t1 + t2 + t3 É tA0

t0observations

A1t1

observationsA2

t2observations

A3t3

observations

trobservations

tr + t3observations

33/40

Current Issues


t0observations

A1

t1observations

t1 + t3observations

A2

t2observations

t2 + t3observations

A3

t3observations

trobservations

tr + t3observations

33/40

Current Issues


t0observations

A1

t1observations

t1 + t3 + t2 + t3observations

A2

t2observations

A3

t3observations

trobservations

tr + t3observations

33/40

Current Issues


t0observations

A1

t1observations

t1 + t2 +2t3É t?observations

A2

t2observations

A3

t3observations

trobservations

tr + t3observations

33/40

Current Issues

Constraint:t0 + t1 + t2 + t3 É t

Constraint:t0 + t1 + t2 + t3 + tr É tA0

t0observations

A1t1

observationsA2

t2observations

A3t3

observations

trobservations

tr + t3observations

33/40

Current Issues



t0observations

A1t1

observationsA2

t2observations

t2 + t3observations

A3

t3observations

trobservations

tr + t3observations

33/40

Current Issues



t0observations

A1

t1observations

t1 + t2 +2t3 + trÉ t?observations

A2

t2observations

A3

t3observations

trobservations

tr + t3observations

34/40

Stronger security property for Refresh

Strong Non-Interference in the t-probing model:

if t is not fixed: show that any set of t intermediate variables with- t1 on internal variables- t2 = t − t1 on the outputs

can be simulated with at most t1 shares of each input

2 internalobservations

+ 1 outputobservation

a0 a1 a2 a3

c0 c1 c2 c3

35/40

Secure Composition


t0observations

A1t1

observationsA2

t2observations

A3t3

observations

trobservations

tr internalobservations+t3 output

observations

t3 outputobservations

35/40

Secure Composition


t0observations

A1t1

observationsA2

t2observations

t2 + t3observations

A3

t3observations

trobservations


observations


35/40

Secure Composition


t0observations

A1

t1observations

t1 + t2 + t3 + trobservations

A2

t2observations

A3

t3observations

trobservations


observations


35/40

Secure Composition


t0observations

t0 + t1 + t2 + t3 + trobservations

A1

t1observations

A2

t2observations

A3

t3observations

trobservations


observations


35/40

Secure Composition


t0observations

t0 + t1 + t2 + t3 + trobservations

É t 4

A1

t1observations

A2

t2observations

A3

t3observations

trobservations


observations


36/40

Secure Composition

Automatic tool for C-based algorithms

Ï unprotected algorithm Ü higher-order masked algorithmÏ example for AES S-box

x

·2

⊗

x

·2

⊗

8

x

·2

⊗

4

37/40

Some Results

Resource usage statistics for generating masked algorithms (at anyorder) from some unmasked implementations1

Scheme # Refresh Time MemoryAES (¯) 2 0.09s 4MoAES (x ¯g(x)) 0 0.05s 4MoKeccak with Refresh 0 121.20 456MoKeccak 600 2728.00s 22870MoSimon 67 0.38s 15MoSpeck 61 6.22s 38Mo

1On a Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz with 64Go of memory runningLinux (Fedora)

37/40

Some Results

Resource usage statistics for generating masked algorithms (at anyorder) from some unmasked implementations1

Scheme # Refresh Time MemoryAES (¯) 2 0.09s 4MoAES (x ¯g(x)) 0 0.05s 4MoKeccak with Refresh 0 121.20s 456MoKeccak 600 2728.00s 22870MoSimon 67 0.38s 15MoSpeck 61 6.22s 38Mo

1On a Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz with 64Go of memory runningLinux (Fedora)

38/40

Conclusion on Higher-Order Masking

Summary4 verification of higher-order masking schemes4 efficient and proven composition4 two automatic tools

Further WorkÜ extend the verification to higher orders using compositionÜ integrate transition/glitch-based modelÜ build practical experiments for both attacks and new

countermeasures


Ü4B

8

39/40

Conclusion


Ü investigate the LPN algorithms in the context of power-analysisattacks

Ü analyze the operation modes


Ü implement and evaluate our countermeasures on real devices(software and hardware)

Ü make verifications and compositions as practical as possibleÜ use the characterization of a device as a leakage model

40/40

Publications

Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, and Franck Rondepierre.

Differential Power Analysis of HMAC SHA-2 in the Hamming weight model. SECRYPT 2013.

Michel Abdalla, Sonia Belaïd, and Pierre-Alain Fouque.

Leakage-resilient symmetric encryption via re-keying. CHES 2013.

Sonia Belaïd, Pierre-Alain Fouque, and Benoît Gérard.

Side-channel analysis of multiplications in GF(2128) - application to AES-GCM. ASIACRYPT 2014.

Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub.

Verified proofs of higher-order masking. EUROCRYPT 2015.

Sonia Belaïd, Jean-Sébastien Coron, Benoît Gérard, Pierre-Alain Fouque, Jean-Gabriel Kammerer, and Emmanuel Prouff.

Improved Side-Channel Analysis of Finite-Field Multiplication. CHES 2015.

Michel Abdalla, Sonia Belaïd, David Pointcheval, Sylvain Ruhault, and Damien Vergnaud.

Robust pseudo-random number generators with input secure against side-channel attacks. ACNS 2015.

Sonia Belaïd, Fabrizio De Santis, Johann Heyszl, Stefan Mangard, Marcel Medwed, Jörn-Marc Schmidt, François-XavierStandaert, and Stefan Tillich.Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. Journal of Cryptographic Engineering2014.

Sonia Belaïd, Vincent Grosso, and François-Xavier Standaert.Masking and leakage-resilient primitives: One, the other(s) or both? Cryptography and Communications 2015.

Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, and Franck Rondepierre.Differential Power Analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming weight model. E-Business andTelecommunications - International Joint Conference, ICETE 2014, Revised Selected Papers, Springer, 2015.

security of cryptosystems against power-analysis attacks ... · cryptanalysis: power-analysis...

Documents