![Loading...](https://link.springer.com/static/c4a417b97a76cc2980e3c25e2271af3129e08bbe/images/pdf-preview/spacer.gif)
-
Chapter and Conference Paper
Side-Channeling the Kalyna Key Expansion
In 2015, the block cipher Kalyna has been approved as the new encryption standard of Ukraine. The cipher is a substitution-permutation network, whose design is based on AES, but includes several different feat...
-
Article
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
Microarchitectural timing channels expose hidden hardware states though timing. We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud c...
-
Article
CacheBleed: a timing attack on OpenSSL constant-time RSA
The scatter–gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper, we show that scatter–gather is not constant time. We implement a cache timing attack agains...
-
Chapter and Conference Paper
Sliding Right into Disaster: Left-to-Right Sliding Windows Leak
It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is wi...
-
Chapter and Conference Paper
Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme
We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice...
-
Chapter and Conference Paper
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
The scatter-gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant time. We implement a cache timing attack against...
-
Chapter and Conference Paper
Just a Little Bit More
We extend the Flush+Reload side-channel attack of Benger et al. to extract a significantly larger number of bits of information per observed signature when using OpenSSL. This means that by observing only 25 sign...
-
Chapter and Conference Paper
Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher
There is a growing need to develop lightweight cryptographic primitives suitable for resource-constrained devices permeating in increasing numbers into the fabric of life. Such devices are exemplified none mor...