Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

Size: px
Start display at page:

Download "Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala"

Transcription

1 Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala

2 Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are different Correct key is identifiable 2

3 Masking countermeasure Each intermediate variable is divided into two shares x r x r Computing on linear functions is easy f (x r) = f x f(r) Non-linear functions (e.g. S-boxes)? 3

4 S-box LUT S(0) S(x) S-boxes are often implemented using LUT Challenge: How to apply masking on LUT? S(FF) 4

5 S-box LUT S(0) S(x) Input x is only available as x 1 = x r Output S(x) can only be revealed as S(x) s S(FF) 5

6 Randomized LUT S(0) S(x) S(0) s Table T S(FF) T u = T u r = S(u) s S(x) s 6

7 Rivain-Prouff solution a = r? Yes R 1 = S(x) s 7

8 Rivain-Prouff solution No a = r? Yes R R 0 = dummy 1 = S(x) s 8

9 What are we trying to solve? We have two solutions at two ends of spectrum Penalty factor vs Memory Unexplored space How about a generic solution? 9

10 Compression of LUT S(0) S(x) S 0 x S 1 x 4 bits 4 bits S(FF) T x 4 bits 10

11 Compression of LUT S(0) S(x) S 0 r 1 S 1 r 2 s Table T S(FF) T u = S 0 u r 1 S 1 u r 2 s S 0 x r 1 S 1 x r 2 s 256 * 4bits = 128 bytes 11

12 Compression scheme variant S(0) S(1) S 0 x = S(x 0, S 1 x = S(x 1 S(2) S(FF) T x 12

13 Randomized Compression scheme variant S(0) S(1) S(2) S 0 r 1 S 1 r 2 s 128* 8bits = 128 bytes Table T 1 S(FF) T 1 u = S 0 u r 1 S 1 u r 2 s 13

14 Getting masked S-box output x = x 1 x 2 7 bits 1 bit Table T 1 S 0 x 1 S 1 x 1 s s S(x) s S(x 1) s Table T 2 S(x) s 14

15 Generic compression x = x 1 n-l bits x 2 l bits Table T 1 S i x 1 s S(x i) s S(x) s Table T 2 15

16 Generic Compression 16

17 Time-Memory Trade-Offs Apply Rivain-Prouff method for Table T 2 ; T 1 stays the same The memory required will be further reduced as we don't need RAM for T 2 l T 1 T

18 Implementation Results 18

19 More in the paper. Second-order compression & Time-memory trade-off Security arguments (software) 19

20 Conclusions Generic compression schemes for first- and second-order Time-memory trade-offs Reasonably efficient implementations with just under 40 bytes of RAM Future work Apply to higher-order? Apply to AES T-table based implementations? 20

21

22 Contact: Praveen Vadnala Riscure B.V. Frontier Building, Delftechpark XJ Delft The Netherlands Phone: Riscure North America 550 Kearny St. Suite 330 San Francisco, CA (650)

23 HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE PASCAL SASDRICH, AMIR MORADI, TIM GÜNEYSU RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017

24 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA INTRODUCTION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

25 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 25 INTRODUCTION SIDE-CHANNEL ANALYSIS (SCA) ATTACKER MODEL input output E K (input) timing, power, EM emanations, leakag e outpu t COUNTERMEASURES masking hiding re-keying RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

26 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 26 INTRODUCTION MOTIVATION BASICS: Side-Channel Analysis (SCA): attacks exploit information leakage of cryptographic devices Side-Channel Protection: countermeasures based on masking, hiding or re-keying (using random behavior) PROBLEM: Common countermeasures only protect against first-order attacks, but still are vulnerable to higher-order attacks (using higher-order statistical moments). DIFFERENT APPROACHES TO ENCOUNTER THIS PROBLEM: Dedicated Higher-Order Countermeasures (e.g., HO-TI [1]) might be restricted to univariate settings area overhead and randomness requirement might be problematic finding representations might be challenging Stay with 1 st -order secure countermeasure and make higher-order attacks harder reduce the signal (e.g., power equalization schemes, logic styles) [2] increase the noise (e.g., shuffling) [3] OUR CONTRIBUTION: General methodology (dynamic hardware modifications) to increase noise. [1] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, Higher-Order Threshold Implementations. ASIACRYPT 2014 [2] A. Moradi, A. Wild, Assessment of Hiding the Higher-Order Leakages in Hardware What are the Achievements versus Overheads?. CHES 2015 [3] P. Sasdrich, A. Moradi, T. Güneysu, Affine Equivalence and its Application to Tightening Threshold Implementations. SAC 2015 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

27 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 27 CONCEPT RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

28 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 28 CONCEPT DYNAMIC HARDWARE MODIFICATION OBSERVATIONS: 1. Cryptographic implementations can be represented as sequence of atomic functions applied sequentially. 2. Cryptographic implementations can be modeled by different but equivalent directed graphs. ALGORITHM: APPROACH: build a side-channel protected implementation using classical countermeasures (masking) find directed graph representing the side-channel protected implementation morph graph into different but equivalent representation using random encodings update (randomize) protected implementation according to new representation RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

29 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 29 CASE STUDY RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

30 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 30 CASE STUDY THRESHOLD IMPLEMENTATION THRESHOLD IMPLEMENTATION: efficient countermeasure in hardware against (first-order) Side-Channel Analysis introduced in 2006 by Nikova et al. [1] provides provable security even in a glitching circuit CONCEPT AND PROPERTIES: uniform masking non-completeness correctness uniform sharing of function outputs (each set of output pairs occurs with same probability) NOTE: The number of input and output shares depends on the function S. [4] S. Nikova, C. Rechberger, V. Rijmen, Threshold Implementations Against Side-Channel Attacks and Glitches, ICICS, 2006 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

31 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 31 CASE STUDY CONCEPT THRESHOLD IMPLEMENTATION OF PRESENT CIPHER: S-box decomposition into two quadratic functions g and f [5] minimal number of shares (m = n = 3) register stages to separate functions linear permutation applied individually RANDOM ENCODING: TI as network of look-up tables each table updates 4 bit of internal state use White-Box Cryptography [6] concepts: apply random non-linear 4-bit encoding to every table output apply inverse encoding to every adjacent table input (preserves correctness) DYNAMIC UPDATE: find new random non-linear encodings using element swapping algorithm update look-up tables using BRAM scrambling [5] A. Poschmann, A. Moradi, K. Khoo, C. Lim, H. Wang, S. Ling, Side-Channel Resistant Crypto for Less than 2300 GE. Journal of Cryptology, 2011 [6] S. Chow, P. A. Eisen, H. Johnson, P. C. van Oorschot, White-Box Cryptography and an AES Implementation. SAC, 2002 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

32 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 32 CASE STUDY IMPLEMENTATION (QUARTER ROUND) PRACTICAL FPGA IMPLEMENTATION: round-based architecture using look-up tables for TI S-box and permutation layer 4 quarter rounds in parallel, each using 48 BRAMs permutation layer implemented as table-lookup each BRAM can hold up to 32 different tables store look-up tables for every round (31 rounds) update tables using BRAM scrambling and remaining (empty) table entry track context of active table positions RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

33 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 33 CASE STUDY IMPLEMENTATION RESULTS PRACTICAL IMPLEMENTATION: post-place-and-route implementation on a Kintex-7 of SAKURA-X board basic architecture mainly implemented in Block RAM general purpose logic only required in order to perform dynamic hardware modification RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

34 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 34 SIDE-CHANNEL EVALUATION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

35 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 35 SIDE-CHANNEL EVALUATION SETUP MEASUREMENT SETUP SAKURA-X Side-Channel Evaluation Board designs 24 MHz power measurements using a digital 500 MS/s EVALUATION SETUP high-performance measurement and evaluation setup two different measurement profiles leakage assessment methodology: non-specific t-test (for 1 st, 2 nd, 3 rd order) PROFILE 1: reference measurement PRNG off (countermeasure disabled) power traces random vs. fix plaintexts PROFILE 2: actual measurement PRNG on (countermeasure enabled) power traces random vs. fix plaintexts RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

36 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 36 SIDE-CHANNEL EVALUATION NON-SPECIFIC T-TEST EVALUATION BASED ON WELCH S t-test VISUALIZATION measure (many) power traces with digital oscilloscope group traces depending on fix or randomly chosen plaintext (non-specific t-test) compute sample mean for each point in time compute sample variance for each point in time determine t-statistic for each point in time, according to: G 0 G 1 t = μ T ε G 1 μ(t ε G 0 ) δ 2 (T ε G 1 ) G 1 + δ2 (T ε G 0 ) G where μ denotes the sample mean and δ denotes the sample variance Fail/Pass Criteria: If there is any point in time for which the t- statistic exceeds a threshold of ±4.5 the device under test fails. More info: Leakage Assessment Methodology - a clear roadmap for side-channel evaluations, CHES 2015, eprint: 2015/207 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

37 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 37 SIDE-CHANNEL EVALUATION PROFILE 1 (PRNG OFF) NON-SPECIFIC T-TEST (1 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH

38 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 38 SIDE-CHANNEL EVALUATION PROFILE 2 (PRNG ON) NON-SPECIFIC T-TEST (100 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH

39 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 39 CONCLUSION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

40 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 40 CONCLUSION CONCEPT: success of higher-order attacks depends on noise-level combining hiding countermeasures (noise addition) with classical approaches (e.g. first-order secure TI) dynamic hardware modifications (inspired by white-box cryptography) as generic hiding approach RESULTS: proposing a generic approach and methodology called dynamic hardware modifications case study: FPGA implementation combining dynamic hardware modifications with PRESENT TI providing power measurements and leakage assessment (using non-specific t-test) case study implementation is (practically) secure against higher-order attacks (2 nd and 3 rd order) Dynamic hardware modifications are an alternative approach achieve higher-order protection providing generality and scalability. RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

41 HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017 Thank you for your attention! Any questions?

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations Si Gao, Arnab Roy, and Elisabeth Oswald Outline Introduction Design Philosophy Sbox Constructions Implementations Summary

More information

Threshold Implementations. Svetla Nikova

Threshold Implementations. Svetla Nikova Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold

More information

Glitch-Free Implementation of Masking in Modern FPGAs

Glitch-Free Implementation of Masking in Modern FPGAs Glitch-Free Imementation of Masking in Modern FPGAs Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de Abstract Due to

More information

icwaves Inspector Data Sheet

icwaves Inspector Data Sheet Inspector Data Sheet icwaves Advanced pattern-based triggering device for generating time independent pulses to avoid jitter and time-related countermeasures in SCA or FI testing. Riscure icwaves 1/9 Introduction

More information

Side-Channel Leakage through Static Power

Side-Channel Leakage through Static Power Side-Channel Leakage through Static Power Should We Care about in Practice? Amir Moradi Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany amir.moradi@rub.de Abstract. By shrinking

More information

SIDE-CHANNEL attacks exploit the leaked physical information

SIDE-CHANNEL attacks exploit the leaked physical information 546 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 57, NO. 7, JULY 2010 A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators Po-Chun Liu, Hsie-Chia Chang, Member, IEEE,

More information

Inspector Data Sheet. EM-FI Transient Probe. High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8

Inspector Data Sheet. EM-FI Transient Probe. High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8 Inspector Data Sheet EM-FI Transient Probe High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8 Introduction With increasingly challenging chip packages

More information

Current Probe. Inspector Data Sheet. Low-noise, high quality measurement signal for side channel acquisition on embedded devices.

Current Probe. Inspector Data Sheet. Low-noise, high quality measurement signal for side channel acquisition on embedded devices. Inspector Data Sheet Low-noise, high quality measurement signal for side channel acquisition on embedded devices. Riscure Version 1c.1 1/5 Introduction Measuring the power consumption of embedded technology

More information

From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security

From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security Stéphanie Kerckhof, François-Xavier Standaert, Eric Peeters CARDIS 2013 November 2013 Microelectronics Laboratory

More information

Variety of scalable shuffling countermeasures against side channel attacks

Variety of scalable shuffling countermeasures against side channel attacks Variety of scalable shuffling countermeasures against side channel attacks Nikita Veshchikov, Stephane Fernandes Medeiros, Liran Lerman Department of computer sciences, Université libre de Bruxelles, Brussel,

More information

Power Analysis Attacks on SASEBO January 6, 2010

Power Analysis Attacks on SASEBO January 6, 2010 Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER

More information

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

Evaluation of the Masked Logic Style MDPL on a Prototype Chip Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp, Mario Kirschbaum, Thomas Zefferer Graz University of Technology Institute for Applied Information Processing and Communications

More information

IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter

IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter 7 th International Conference on Post-Quantum Cryptography 2016 Ingo von Maurich 1, Lukas Heberle 1, Tim Güneysu 2 1 Horst Görtz Institute for

More information

Glitch Amplifier. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...

Glitch Amplifier. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting... Glitch Amplifier Quick Start Guide What is in the box... 2 What does it do... 4 How to build a setup... 5 Help and troubleshooting... 8 Technical specifications... 9 2015 Glitch Amplifier - QSG 0.3 1 /

More information

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begül Bilgin, Andrey Bogdanov, Miroslav Knežević, Florian Mendel, and Qingju Wang DIAC 2013, Chicago 1 Side

More information

DPA Leakage Models for CMOS Logic Circuits

DPA Leakage Models for CMOS Logic Circuits CHES 25 in Edinburgh DPA Leakage Models for CMOS Logic Circuits Daisuke Suzuki Minoru Saeki Mitsubishi Electric Corporation, Information Technology R&D Center Tetsuya Ichikawa Mitsubishi Electric Engineering

More information

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and

More information

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE Adrien Le Masle, Wayne Luk Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK email: {al1108,wl}@doc.ic.ac.uk ABSTRACT

More information

Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe

Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe Christian Wittke 1, Ievgen Kabin 1, Dan Klann 1, Zoya Dyka 1, Anton Datsuk 1 and Peter Langendoerfer 1 1 IHP Leibniz-Institut

More information

DES Data Encryption standard

DES Data Encryption standard DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)

More information

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10 Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu

More information

A Hardware-based Countermeasure to Reduce Side-Channel Leakage

A Hardware-based Countermeasure to Reduce Side-Channel Leakage 1 A Hardware-based Countermeasure to Reduce Side-Channel Leakage Design, Implementation, and Evaluation Andreas Gornik, Amir Moradi, Jürgen Oehm, Christof Paar, Fellow, IEEE Analogue Integrated Circuits

More information

ADVANCES IN SIDE-CHANNEL SECURITY

ADVANCES IN SIDE-CHANNEL SECURITY ADVANCES IN SIDE-CHANNEL SECURITY HABILITATIONSSCHRIFT Fakultät für Elektrotechnik und Informationstechnik Ruhr-Universität Bochum vorgelegt von Amir Moradi aus Hamedan Bochum September 214 Copyright 215

More information

Is Your Mobile Device Radiating Keys?

Is Your Mobile Device Radiating Keys? Is Your Mobile Device Radiating Keys? Benjamin Jun Gary Kenworthy Session ID: MBS-401 Session Classification: Intermediate Radiated Leakage You have probably heard of this before App Example of receiving

More information

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep. 978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han

More information

Power Analysis Based Side Channel Attack

Power Analysis Based Side Channel Attack CO411/2::Individual Project I & II Report arxiv:1801.00932v1 [cs.cr] 3 Jan 2018 Power Analysis Based Side Channel Attack Hasindu Gamaarachchi Harsha Ganegoda http://www.ce.pdn.ac.lk Department of Computer

More information

paioli Power Analysis Immunity by Offsetting Leakage Intensity Sylvain Guilley perso.enst.fr/ guilley Telecom ParisTech

paioli Power Analysis Immunity by Offsetting Leakage Intensity Sylvain Guilley perso.enst.fr/ guilley Telecom ParisTech paioli Power Analysis Immunity by Offsetting Leakage Intensity Pablo Rauzy rauzy@enst.fr pablo.rauzy.name Sylvain Guilley guilley@enst.fr perso.enst.fr/ guilley Zakaria Najm znajm@enst.fr Telecom ParisTech

More information

Recommendations for Secure IC s and ASIC s

Recommendations for Secure IC s and ASIC s Recommendations for Secure IC s and ASIC s F. Mace, F.-X. Standaert, J.D. Legat, J.-J. Quisquater UCL Crypto Group, Microelectronics laboratory(dice), Universite Catholique de Louvain(UCL), Belgium email:

More information

Electromagnetic-based Side Channel Attacks

Electromagnetic-based Side Channel Attacks Electromagnetic-based Side Channel Attacks Yasmine Badr 10/28/2015 What is Side Channel Attack Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute

More information

Test Apparatus for Side-Channel Resistance Compliance Testing

Test Apparatus for Side-Channel Resistance Compliance Testing Test Apparatus for Side-Channel Resistance Compliance Testing Michael Hutter, Mario Kirschbaum, Thomas Plos, and Jörn-Marc Schmidt Institute for Applied Information Processing and Communications (IAIK),

More information

Chapter 4 The Data Encryption Standard

Chapter 4 The Data Encryption Standard Chapter 4 The Data Encryption Standard History of DES Most widely used encryption scheme is based on DES adopted by National Bureau of Standards (now National Institute of Standards and Technology) in

More information

Correlation Power Analysis of Lightweight Block Ciphers

Correlation Power Analysis of Lightweight Block Ciphers Correlation Power Analysis of Lightweight Block Ciphers From Theory to Practice Alex Biryukov Daniel Dinu Johann Großschädl SnT, University of Luxembourg ESC 2017 (University of Luxembourg) CPA of Lightweight

More information

Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks

Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School May 2017 Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks Weize Yu

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des

More information

Differential Cryptanalysis of REDOC III

Differential Cryptanalysis of REDOC III Differential Cryptanalysis of REDOC III Ken Shirriff Address: Sun Microsystems Labs, 2550 Garcia Ave., MS UMTV29-112, Mountain View, CA 94043. Ken.Shirriff@eng.sun.com Abstract: REDOC III is a recently-developed

More information

Finding the key in the haystack

Finding the key in the haystack A practical guide to Differential Power hunz Zn000h AT gmail.com December 30, 2009 Introduction Setup Procedure Tunable parameters What s DPA? side channel attack introduced by Paul Kocher et al. 1998

More information

A Novel Encryption System using Layered Cellular Automata

A Novel Encryption System using Layered Cellular Automata A Novel Encryption System using Layered Cellular Automata M Phani Krishna Kishore 1 S Kanthi Kiran 2 B Bangaru Bhavya 3 S Harsha Chaitanya S 4 Abstract As the technology is rapidly advancing day by day

More information

Pseudorandom Number Generation and Stream Ciphers

Pseudorandom Number Generation and Stream Ciphers Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Analysis of S-box in Image Encryption Using Root Mean Square Error Method

Analysis of S-box in Image Encryption Using Root Mean Square Error Method Analysis of S-box in Image Encryption Using Root Mean Square Error Method Iqtadar Hussain a, Tariq Shah a, Muhammad Asif Gondal b, and Hasan Mahmood c a Department of Mathematics, Quaid-i-Azam University,

More information

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Symmetric-key encryption scheme based on the strong generating sets of permutation groups Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan

More information

II. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it

II. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it Enhancement of RC4 Algorithm using PUF * Ziyad Tariq Mustafa Al-Ta i, * Dhahir Abdulhade Abdullah, Saja Talib Ahmed *Department of Computer Science - College of Science - University of Diyala - Iraq Abstract:

More information

Current Probe. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...

Current Probe. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting... Current Probe Quick Start Guide What is in the box... 2 What does it do... 4 How to build a setup... 5 Help and troubleshooting... 8 Technical specifications... 9 2015 Current Probe 1 - QSG 1.0 1 / 12

More information

An on-chip glitchy-clock generator and its application to safe-error attack

An on-chip glitchy-clock generator and its application to safe-error attack An on-chip glitchy-clock generator and its application to safe-error attack Sho Endo, Takeshi Sugawara, Naofumi Homma, Takafumi Aoki and Akashi Satoh Graduate School of Information Sciences, Tohoku University

More information

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE J.M. Rodrigues, W. Puech and C. Fiorio Laboratoire d Informatique Robotique et Microlectronique de Montpellier LIRMM,

More information

An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks

An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks ALI GALIP BAYRAK, NIKOLA VELICKOVIC, and PAOLO IENNE, Ecole Polytechnique Fédérale de Lausanne (EPFL) WAYNE BURLESON,

More information

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery Christophe Petit 1, François-Xavier Standaert 1, Olivier Pereira 1, Tal G. Malkin 2, Moti Yung 2 1, Université

More information

Chapter 4 MASK Encryption: Results with Image Analysis

Chapter 4 MASK Encryption: Results with Image Analysis 95 Chapter 4 MASK Encryption: Results with Image Analysis This chapter discusses the tests conducted and analysis made on MASK encryption, with gray scale and colour images. Statistical analysis including

More information

Local and Direct EM Injection of Power into CMOS Integrated Circuits.

Local and Direct EM Injection of Power into CMOS Integrated Circuits. Local and Direct EM Injection of Power into CMOS Integrated Circuits. F. Poucheret 1,4, K.Tobich 2, M.Lisart 2,L.Chusseau 3, B.Robisson 4, P. Maurine 1 LIRMM Montpellier 1 ST Microelectronics Rousset 2

More information

M.E(I.T) Student, I.T Department, L.D College Of Engineering, Ahmedabad, Gujarat, India

M.E(I.T) Student, I.T Department, L.D College Of Engineering, Ahmedabad, Gujarat, India ABSTRACT 2018 IJSRSET Volume 4 Issue 4 Print ISSN: 2395-1990 Online ISSN : 2394-4099 Themed Section : Engineering and Technology Multiple Image Encryption Using Chaotic Map And DNA Computing Aarti Patel

More information

4. Design Principles of Block Ciphers and Differential Attacks

4. Design Principles of Block Ciphers and Differential Attacks 4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and

More information

Transient-Steady Effect Attack on Block Ciphers

Transient-Steady Effect Attack on Block Ciphers Transient-Steady Effect Attack on Block Ciphers Yanting Ren 1,2, An Wang 1,2, and Liji Wu 1,2 1 Tsinghua National Laboratory for Information Science and Technology (TNList), Beijing, China 2 Institute

More information

A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME

A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME International Journal of Power Control Signal and Computation (IJPCSC) Vol. 2 No. 1 ISSN : 0976-268X A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME 1 P. Arunagiri, 2 B.Rajeswary, 3 S.Arunmozhi

More information

Image Encryption Based on the Modified Triple- DES Cryptosystem

Image Encryption Based on the Modified Triple- DES Cryptosystem International Mathematical Forum, Vol. 7, 2012, no. 59, 2929-2942 Image Encryption Based on the Modified Triple- DES Cryptosystem V. M. SILVA-GARCÍA 1, R. FLORES-CARAPIA 2, I. LÓPEZ-YAÑEZ 3 and C. RENTERÍA-MÁRQUEZ

More information

Mohit Arora. The Art of Hardware Architecture. Design Methods and Techniques. for Digital Circuits. Springer

Mohit Arora. The Art of Hardware Architecture. Design Methods and Techniques. for Digital Circuits. Springer Mohit Arora The Art of Hardware Architecture Design Methods and Techniques for Digital Circuits Springer Contents 1 The World of Metastability 1 1.1 Introduction 1 1.2 Theory of Metastability 1 1.3 Metastability

More information

Random Bit Generation and Stream Ciphers

Random Bit Generation and Stream Ciphers Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.

More information

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark Travis Goodspeed Perry Metzger Zachary Wasserman Kevin Xu Matt Blaze Usenix

More information

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS 44 Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS 45 CHAPTER 3 Chapter 3: LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING

More information

Differential Power Analysis Attack on FPGA Implementation of AES

Differential Power Analysis Attack on FPGA Implementation of AES 1 Differential Power Analysis Attack on FPGA Implementation of AES Rajesh Velegalati, Panasayya S V V K Yalla Abstract Cryptographic devices have found their way into a wide range of application and the

More information

Low Randomness Masking and Shulfifgn:

Low Randomness Masking and Shulfifgn: Low Randomness Masking and Shulfifgn: An Evaluation Using Mutual Information Kostas Papagiannopoulos kostaspap88@gmail.com kpcrypto.net Radboud University Nijmegen Digital Security Department The Netherlands

More information

אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים

אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University

More information

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis CESEL: Flexible Crypto Acceleration Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis Cryptography Mathematical operations to secure data Fundamental for building secure systems Computationally intensive:

More information

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC.

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC. Power Analysis an overview Agenda Benedikt Gierlichs KU Leuven COSIC, Belgium benedikt.gierlichs@esat.kuleuven.be Measurements Analysis Pre-processing Summer School on Design and security of cryptographic

More information

When Electromagnetic Side Channels Meet Radio Transceivers

When Electromagnetic Side Channels Meet Radio Transceivers Screaming Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon What s this all about? - A novel attack

More information

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography CSC 580 Cryptography and Computer Security Math Basics for Cryptography January 25, 2018 Overview Today: Math basics (Sections 2.1-2.3) To do before Tuesday: Complete HW1 problems Read Sections 3.1, 3.2

More information

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Li Lin and Wenling Wu Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

More information

On Permutation Operations in Cipher Design

On Permutation Operations in Cipher Design On Permutation Operations in Cipher Design Ruby B. Lee, Z. J. Shi and Y. L. Yin Princeton University Department of Electrical Engineering B-218, Engineering Quadrangle Princeton, NJ 08544, U.S.A. Email:

More information

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1 Cryptography CS 555 Topic 17: DES, 3DES 2 Recap Goals for This Week: Practical

More information

Methodologies for power analysis attacks on hardware implementations of AES

Methodologies for power analysis attacks on hardware implementations of AES Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 8-1-2009 Methodologies for power analysis attacks on hardware implementations of AES Kenneth James Smith Follow

More information

Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design

Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design Cao Cao and Bengt Oelmann Department of Information Technology and Media, Mid-Sweden University S-851 70 Sundsvall, Sweden {cao.cao@mh.se}

More information

Investigations of Power Analysis Attacks on Smartcards

Investigations of Power Analysis Attacks on Smartcards THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Investigations of Power Analysis

More information

DeepStack: Expert-Level AI in Heads-Up No-Limit Poker. Surya Prakash Chembrolu

DeepStack: Expert-Level AI in Heads-Up No-Limit Poker. Surya Prakash Chembrolu DeepStack: Expert-Level AI in Heads-Up No-Limit Poker Surya Prakash Chembrolu AI and Games AlphaGo Go Watson Jeopardy! DeepBlue -Chess Chinook -Checkers TD-Gammon -Backgammon Perfect Information Games

More information

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1 Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption

More information

DIFFERENTIAL power analysis (DPA) attacks can obtain

DIFFERENTIAL power analysis (DPA) attacks can obtain 438 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 63, NO. 5, MAY 2016 Charge-Withheld Converter-Reshuffling: A Countermeasure Against Power Analysis Attacks Weize Yu and Selçuk Köse,

More information

Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic

More information

Network Security: Secret Key Cryptography

Network Security: Secret Key Cryptography 1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified

More information

Five-Card Secure Computations Using Unequal Division Shuffle

Five-Card Secure Computations Using Unequal Division Shuffle Five-Card Secure Computations Using Unequal Division Shuffle Akihiro Nishimura, Takuya Nishida, Yu-ichi Hayashi, Takaaki Mizuki, and Hideaki Sone Sone-Mizuki Lab., Graduate School of Information Sciences,

More information

Eliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA

Eliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA Eliminating Random Permutation Oracles in the Even-Mansour Cipher Zulfikar Ramzan Joint work w/ Craig Gentry DoCoMo Labs USA ASIACRYPT 2004 Outline Even-Mansour work and open problems. Main contributions

More information

Constant Power Reconfigurable Computing

Constant Power Reconfigurable Computing Constant Power Reconfigurable Computing Adrien Le Masle 1, Gary C T Chow 2, Wayne Luk 3 Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK { 1 al1108, 2 cchow, 3 wl}@docicacuk

More information

Towards Optimal Pre-processing in Leakage Detection

Towards Optimal Pre-processing in Leakage Detection Towards Optimal Pre-processing in Leakage Detection Changhai Ou, Degang Sun, Zhu Wang and Xinping Zhou Institute of Information Engineering, Chinese Academy of Sciences 2 School of Cyber Security, University

More information

DUBLIN CITY UNIVERSITY

DUBLIN CITY UNIVERSITY DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone

More information

Information Security Theory vs. Reality

Information Security Theory vs. Reality Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 6: Physical Side Channel Attacks on PCs Guest lecturer: Lev Pachmanov 1 Side channel attacks probing CPU architecture optical

More information

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption Applied Mathematical Sciences, Vol. 7, 2013, no. 23, 1143-1155 HIKARI Ltd, www.m-hikari.com Triple-DES Block of 96 Bits: An Application to Colour Image Encryption V. M. Silva-García Instituto politécnico

More information

Provably weak instances of Ring-LWE revisited

Provably weak instances of Ring-LWE revisited Provably weak instances of Ring-LWE revisited Wouter Castryck 1,2, Ilia Iliashenko 1, Frederik Vercauteren 1,3 1 COSIC, KU Leuven 2 Ghent University 3 Open Security Research EUROCRYPT, May 9, 2016 Provably

More information

Differential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem

Differential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem Differential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem Martin Petrvalsky, Tania Richmond, Milos Drutarovsky, Pierre-Louis Cayrel, Viktor Fischer To cite this version:

More information

Hardware Bit-Mixers. Laszlo Hars January, 2016

Hardware Bit-Mixers. Laszlo Hars January, 2016 Hardware Bit-Mixers Laszlo Hars January, 2016 Abstract A new concept, the Bit-Mixer is introduced. It is a function of fixed, possibly different size of input and output, which computes statistically uncorrelated

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random

More information

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 1 Cryptography Module in Autumn Term 2016 University of Birmingham Lecturers: Mark D. Ryan and David Galindo Slides originally written

More information

This chapter describes the objective of research work which is covered in the first

This chapter describes the objective of research work which is covered in the first 4.1 INTRODUCTION: This chapter describes the objective of research work which is covered in the first chapter. The chapter is divided into two sections. The first section evaluates PAPR reduction for basic

More information

Some Cryptanalysis of the Block Cipher BCMPQ

Some Cryptanalysis of the Block Cipher BCMPQ Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,

More information

אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים

אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv

More information

Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables

Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables Takaaki Mizuki Tohoku University tm-paper+cardconjweb[atmark]g-mailtohoku-universityjp Abstract Consider a deck of real

More information

JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks

JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks Sheng-Yuan Chiu 1,2, Hoang Hai Nguyen 1, Rui Tan 1, David K.Y. Yau 1,3,Deokwoo Jung 1 1 Advanced Digital Science Center,

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper

More information

Robust Key Establishment in Sensor Networks

Robust Key Establishment in Sensor Networks Robust Key Establishment in Sensor Networks Yongge Wang Abstract Secure communication guaranteeing reliability, authenticity, and privacy in sensor networks with active adversaries is a challenging research

More information

Lossy Compression of Permutations

Lossy Compression of Permutations 204 IEEE International Symposium on Information Theory Lossy Compression of Permutations Da Wang EECS Dept., MIT Cambridge, MA, USA Email: dawang@mit.edu Arya Mazumdar ECE Dept., Univ. of Minnesota Twin

More information

Enhance Image using Dynamic Histogram and Data Hiding Technique

Enhance Image using Dynamic Histogram and Data Hiding Technique _ Enhance Image using Dynamic Histogram and Data Hiding Technique 1 D.Bharadwaja, 2 Y.V.N.Tulasi 1 Department of CSE, Gudlavalleru Engineering College, Email: bharadwaja599@gmail.com 2 Department of CSE,

More information

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

Evaluation of the Masked Logic Style MDPL on a Prototype Chip Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp 1, Mario Kirschbaum 1, Thomas Zefferer 1, and Stefan Mangard 2, 1 Institute for Applied Information Processing and Communications

More information

OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS

OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS Proceedings of SDR'11-WInnComm-Europe, 22-24 Jun 2011 OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS Raúl Torrego (Communications department:

More information

A New Image Steganography Depending On Reference & LSB

A New Image Steganography Depending On Reference & LSB A New Image Steganography Depending On & LSB Saher Manaseer 1*, Asmaa Aljawawdeh 2 and Dua Alsoudi 3 1 King Abdullah II School for Information Technology, Computer Science Department, The University of

More information

Random. Bart Massey Portland State University Open Source Bridge Conf. June 2014

Random. Bart Massey Portland State University Open Source Bridge Conf. June 2014 Random Bart Massey Portland State University Open Source Bridge Conf. June 2014 No Clockwork Universe Stuff doesn't always happen the same even when conditions seem pretty identical.

More information