-
Chapter and Conference Paper
Consolidating Inner Product Masking
Masking schemes are a prominent countermeasure to defeat power analysis attacks. One of their core ingredients is the encoding function. Due to its simplicity and comparably low complexity overheads, many mask...
-
Chapter and Conference Paper
Does Coupling Affect the Security of Masked Implementations?
Masking schemes achieve provable security against side-channel analysis by using secret sharing to decorrelate key-dependent intermediate values of the cryptographic algorithm and side-channel information. Mas...
-
Chapter and Conference Paper
Design and Implementation of a Waveform-Matching Based Triggering System
Implementation attacks such as side channel attacks and fault attacks require triggering mechanisms to activate the acquisition device or fault injection equipment. Most academic works work with a very simple ...
-
Chapter and Conference Paper
On the Cost of Lazy Engineering for Masked Software Implementations
Masking is one of the most popular countermeasures to mitigate side-channel analysis. Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that th...
-
Chapter and Conference Paper
Inner Product Masking Revisited
Masking is a popular countermeasure against side channel attacks. Many practical works use Boolean masking because of its simplicity, ease of implementation and comparably low performance overhead. Some recent...
-
Chapter and Conference Paper
A Note on the Use of Margins to Compare Distinguishers
Relative distinguishing margins are becoming a popular measure for comparing distinguishers. This paper presents some examples that show that this measure, although informative and intuitively sound, should no...
-
Chapter and Conference Paper
Generic DPA Attacks: Curse or Blessing?
Generic DPA attacks, such as MIA, have been recently proposed as a method to mount DPA attacks without the need for possibly restrictive assumptions on the leakage behaviour. Previous work identified some shor...
-
Chapter and Conference Paper
Higher-Order Threshold Implementations
Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking....
-
Chapter and Conference Paper
A More Efficient AES Threshold Implementation
Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in t...
-
Chapter and Conference Paper
Theory and Practice of a Leakage Resilient Masking Scheme
A recent trend in cryptography is to formally prove the leakage resilience of cryptographic implementations – that is, one formally shows that a scheme remains provably secure even in the presence of side channel...
-
Chapter and Conference Paper
The World Is Not Enough: Another Look on Second-Order DPA
In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are ess...
-
Chapter and Conference Paper
Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices
Given a cryptographic device leaking side-channel information, different distinguishers can be considered to turn this information into a successful key recovery. Such proposals include e.g. Kocher’s original DPA...
-
Chapter and Conference Paper
Fault Analysis Study of IDEA
We present a study of several fault attacks against the block cipher IDEA. Such a study is particularly interesting because of the target cipher’s specific property to employ operations on three different algebra...
-
Chapter and Conference Paper
Perfect Matching Disclosure Attacks
Traffic analysis is the best known approach to uncover relationships amongst users of anonymous communication systems, such as mix networks. Surprisingly, all previously published techniques require very speci...