Threshold Implementation in Software - Case Study of PRESENT

Masking is one of the predominantly deployed countermeasures in order to prevent side-channel analysis (SCA) attacks. Over the years, various masking schemes have been proposed. However, the implementation of Boolean masking schemes has proven to be difficult in particular for embedded devices due to undisclosed architecture details and device internals. In this article, we investigate the application of Threshold Implementation (TI) in terms of Boolean masking in software using the PRESENT cipher as a case study. Since TI has proven to be a proper solution in order to implement Boolean masking for hardware circuits, we apply the same concept for software implementations and compare it to classical first- and second-order Boolean masking schemes. Eventually, our practical security evaluations reveal that amongst all our considered implementation variants only the TI can provide first-order security while all others still exhibit detectable first-order leakage

Short Solutions to Nonlinear Systems of Equations

This paper presents a new hard problem for use in cryptography, called Short Solutions to Nonlinear Equations (SSNE). This problem generalizes the Multivariate Quadratic (MQ) problem by requiring the solution be short; as well as the Short Integer Solutions (SIS) problem by requiring the underlying system of equations be nonlinear. The joint requirement causes common solving strategies such as lattice reduction or Gröbner basis algorithms to fail, and as a result SSNE admits shorter representations of equally hard problems. We show that SSNE can be used as the basis for a provably secure hash function. Despite failing to find public key cryptosystems relying on SSNE, we remain hopeful about that possibility

Analysis and Implementation of an iterative architecture with 3 stages pipeline and 32 bits datapath to an AES-128 co-processor

Orientador: Luís Geraldo Pedroso MeloniDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Neste trabalho, propõe-se uma arquitetura de hardware para um co-processador capaz de realizar encriptação e decriptação segundo o padrão AES-128 com suporte aos modos de operação ECB, CBC e CTR. A arquitetura proposta emprega as técnica de loop rolling com compartilhamento de recursos (para reduzir a quantidade de lógica necessária) e sub-pipeling (para aumentar a frequência de operação do circuito). A largura do datapath é 32 bits e o número de estágios do pipeline é 3. Também documenta-se os resultados do projeto OpenAES. O OpenAES é um projeto open source desenvolvido a partir deste trabalho e que disponibiliza um IP Core de um co-processador AES compatível com o protocolo AMBA APB. O IP Core do projeto OpenAES faz uso da arquitetura proposta na primeira parte deste trabalho, adicionando a ela diversas funcionalidades, como suporte a DMA, geração de interrupções e possibilidade de suspensão de mensagens. Como resultados do projeto, são disponibilizados: o RTL, em Verilog, do IP Core, um ambiente de verificação funcional, uma camada de abstração de hardware (HAL), escrita em C, compatível com o padrão ARM CMSIS e um script de timing constraints no formato SDC. Como forma de validação, o IP foi prototipado em um dispositivo SmartFusion A2F200M3FAbstract: This work proposes an AES-128 hardware architecture that supports both encryption and decryption for the ECB, CBC and CTR modes. The datapath width is 32 bits and the number of pipeline stages is 3. This work also documents the OpenAES project. The OpenAES is an open source project that provides an IP-Core for an AES co-processor that is compatible with the AMBA APB protocol and is based on the architecture described in the first part of this work. Several features such as DMA capabilites, interruptions generations and suport to message priorization are added to the basic architecture. The project provides: the synthesizable RTL Verilog for the IP Core, a function verification enviroment, a hardware abstraction layer compatible with the CMSIS standard and a SDC timing constraints file. The IP validation was peformed through a SmartFusion A2F200M3F deviceMestradoTelecomunicações e TelemáticaMestre em Engenharia ElétricaCAPE

Policy-Based Sanitizable Signatures

Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one-by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers\u27 public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability