Vectorizing Higher-Order Masking

International audienceThe cost of higher-order masking as a countermeasure against side-channel attacks is often considered too high for practical scenarios, as protected implementations become very slow. At Eurocrypt 2017, the bounded moment leakage model was proposed to study the (theoretical) security of parallel implementations of masking schemes [5]. Work at CHES 2017 then brought this to practice by considering an implementation of AES with 32 shares [26], bitsliced inside 32-bit registers of ARM Cortex-M processors. In this paper we show how the NEON vector instructions of larger ARM Cortex-A processors can be exploited to build much faster masked implementations of AES. Specifically, we present AES with 4 and 8 shares, which in theory provide security against 3rd and 7th-order attacks, respectively. The software is publicly available and optimized for the ARM Cortex-A8. We use refreshing and multiplication algorithms that are proven to be secure in the bounded moment leakage model and to be strongly non-interfering. Additionally, we perform a concrete side-channel evaluation on a BeagleBone Black, using a combination of test vector leakage assessment (TVLA), leakage certification tools and information-theoretic bounds

A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why it is Not

In this work, we explore the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers---Simon and Present. The implementation results show that two-share TI gains in compactness while loses in throughput compared with three-share schemes. Moreover, the leakage analyses show that two-share TI retains perfect first-order resistance but is shadowed by a strong second-order leakage, making it less worthwhile

Estimating fossil fuel carbon dioxide (ffCO2) emissions in the Rhine Valley metropolitan region from local atmospheric observations in Heidelberg

This cumulative dissertation investigates the potential of radiocarbon (14C)-based and carbon monoxide (∆CO)-based fossil fuel CO2 (∆ffCO2) estimates from the urban observation site Heidelberg to deduce the seasonal cycle of the ffCO2 emissions in the Rhine Valley. For this, the CarboScope inversion system is used to investigate the benefit of few but accurate 14C-based ∆ffCO2 estimates from about 100 hourly flask samples collected in 2019 and 2020, compared to a continuous ∆CO-based ∆ffCO2 record with about 4 times larger uncertainty. The urban observation site with large ffCO2 point sources in the vicinity places special demands on the transport model. Therefore, a method is developed for the high-resolution Weather Research and Forecasting - Stochastic Time-Inverted Lagrangian Transport model (WRF-STILT) to represent the effective emission heights of point sources. This work shows that the 14C-based ∆ffCO2 observations contain the seasonal cycle of the ffCO2 emissions, but do not lead to robust inversion results. In contrast, the continuous ∆CO-based ∆ffCO2 estimates provide robust and data-driven seasonal cycles that show the distinct COVID-19 signal in 2020 and are suitable for validating the amplitude and phasing of the seasonal cycle of the emission inventories in the main footprint of Heidelberg

ADVANCED TURBINE SYSTEMS PROGRAM

Natural gas combustion turbines are rapidly becoming the primary technology of choice for generating electricity. At least half of the new generating capacity added in the US over the next twenty years will be combustion turbine systems. The Department of Energy has cosponsored with Siemens Westinghouse, a program to maintain the technology lead in gas turbine systems. The very ambitious eight year program was designed to demonstrate a highly efficient and commercially acceptable power plant, with the ability to fire a wide range of fuels. The main goal of the Advanced Turbine Systems (ATS) Program was to develop ultra-high efficiency, environmentally superior and cost effective competitive gas turbine systems for base load application in utility, independent power producer and industrial markets. Performance targets were focused on natural gas as a fuel and included: System efficiency that exceeds 60% (lower heating value basis); Less than 10 ppmv NO{sub x} emissions without the use of post combustion controls; Busbar electricity that are less than 10% of state of the art systems; Reliability-Availability-Maintainability (RAM) equivalent to current systems; Water consumption minimized to levels consistent with cost and efficiency goals; and Commercial systems by the year 2000. In a parallel effort, the program was to focus on adapting the ATS engine to coal-derived or biomass fuels. In Phase 1 of the ATS Program, preliminary investigators on different gas turbine cycles demonstrated that net plant LHV based efficiency greater than 60% was achievable. In Phase 2 the more promising cycles were evaluated in greater detail and the closed-loop steam-cooled combined cycle was selected for development because it offered the best solution with least risk for achieving the ATS Program goals for plant efficiency, emissions, cost of electricity and RAM. Phase 2 also involved conceptual ATS engine and plant design and technology developments in aerodynamics, sealing, combustion, cooling, materials, coatings and casting development. The market potential for the ATS gas turbine in the 2000-2014 timeframe was assessed for combined cycle, simple cycle and integrated gasification combined cycle, for three engine sizes. The total ATS market potential was forecasted to exceed 93 GW. Phase 3 and Phase 3 Extension involved further technology development, component testing and W501ATS engine detail design. The technology development efforts consisted of ultra low NO{sub x} combustion, catalytic combustion, sealing, heat transfer, advanced coating systems, advanced alloys, single crystal casting development and determining the effect of steam on turbine alloys. Included in this phase was full-load testing of the W501G engine at the McIntosh No. 5 site in Lakeland, Florida

暗号ハードウェアの形式的設計に関する研究

Tohoku University青木孝文課

A Search for WIMP Dark Matter using an Optimized Chi-square Technique on the Final Data from the Cryogenic Dark Matter Search Experiment (CDMS II).

During the last two decades, cosmology has become a precision observational science thanks (in part) to the incredible number of experiments performed to better understand the composition of the universe. The large amount of data accumulated strongly indicates that the bulk of the universe’s matter is in the form of nonbaryonic matter that does not interact electromagnetically. Combined evidence from the dynamics of galaxies and galaxy clusters confirms that most of the mass in the universe is not composed of any known form of matter. Measurements of the cosmic microwave background, big bang nucleosynthesis and many other experiments indicate that ∼ 80% of the matter in the universe is dark, non-relativistic and cold. The dark matter resides in the halos surrounding galaxies, galaxy clusters and other large-scale structures. Weakly Interacting Massive Particles (WIMPs) are well motivated class of dark matter candidates that arise naturally in supersymmetric extensions to the Standard Model of particles physics, and can be produced as non-relativistic thermal relics in the early universe with about the right density to account for the missing mass. The Cryogenic Dark Matter Search (CDMS) experiment seeks to directly detect the keV-scale energy deposited by WIMPs in the galactic halo when they scatter from nuclei in the crystalline detectors made of germanium and silicon. These detectors, called Z-sensitive Ionization and Phonon detectors (ZIPs) are operated at ∼ 45 mK and simultaneously measure the ionization and the (athermal) phonons produced by particle interactions. The ratio of ionization and phonon energies allows discrimination of a low rate of nuclear recoils (expected for WIMPs) from an overwhelming rate of electron recoils (expected for most backgrounds). Phonon-pulse shape and timing enables further suppression of lower-rate interactions at the detector surfaces. This dissertation describes the results of a WIMP search using CDMS II data sets accumulated at the Soudan Underground Laboratory in Minnesota. Results from the original analysis of these data were published in 2009; two events were observed in the signal region with an expected leakage of 0.9 events. Further investigation revealed an issue with the ionization-pulse reconstruction algorithm leading to a software upgrade and a subsequent reanalysis of the data. As part of the reanalysis, I performed an advanced discrimination technique to better distinguish (potential) signal events from backgrounds using a 5-dimensional chi-square method. This data analysis technique combines the event information recorded for each WIMP-search event to derive a background-discrimination parameter capable of reducing the expected background to less than one event, while maintaining high efficiency for signal events. Furthermore, optimizing the cut positions of this 5-dimensional chi-square parameter for the 14 viable germanium detectors yields an improved expected sensitivity to WIMP interactions relative to previous CDMS results. This dissertation describes my improved (and optimized) discrimination technique and the results obtained from a blind application to the reanalyzed CDMS II WIMP-search data. This analysis achieved the best expected sensitivity of the three techniques developed for the reanalysis and so was chosen as the primary timing analysis whose limit will be quoted in a on-going publication paper which is currently in preparation. For this analysis, a total raw exposure of 612.17 kg-days are analyzed for this work. No candidate events were observed, and a corresponding upper limit on the WIMP-nucleon scattering cross section as a function of WIMP mass is defined. These data set a 90% upper limit on spin-independent WIMP-nucleon elastic-scattering cross section of 3.19 × 10 −44 cm2 for a WIMP mass of 60 GeV/c2. Combining this result with all previous CDMS II data gives an upper limit of 1.96×10 −44 cm2 for a WIMP of mass 60 GeV/c2 (a factor of 2 better than the original analysis). At the moment this analysis is being written, the WIMP-search results obtained with the reanalyzed CDMS II data occupies the second most stringent limits on WIMP-nucleon scattering, after XENON100, excluding previously unexplored parameter space. Interesting parameter space is excluded for WIMP-nucleon cross section as function of WIMP masse under standard assumptions, the parameter space favored by interpretations of other experiments’s data as low-mass WIMP signals due to an excess of low energy events and annual modulation is partially excluded for DAMA/LIBRA and CoGeNT

Ultrastructural analysis of odontocete cochlea

The morphological study of the Odontocete organ of Corti including possible pathological features resulting from sound over-exposure, represent a key conservation issue to assess the effects of acoustic pollution on marine ecosystems. Through the collaboration with stranding networks belonging to 26 countries, 150 ears from 13 species of Odontocetes were processed. In this dissertation, we present a standard protocol to 1) compare the ultrastructure of the cochlea in several Odontocete species and 2) investigate possible damage as a consequence of sound exposure, using scanning (SEM) and transmission (TEM) electron microscopy, and immunohistochemistry. In a preliminary study, computerized tomography scans were performed before decalcification with ears of 15 odontocete species, proposing a set of standard measurements which classified very well the species. In addition, the constant ratio between measurements of inner and middle ear structures contributed to confirm the active role of the odontocete middle ear in sound reception mechanism. We established a decalcification protocol using the fast commercial decalcifier RDO® and EDTA (Ethylendiaminetetraacetic acid). Although further experiments should be conducted to assess the suitability of using one or the other method (because the number of samples treated with EDTA was comparatively small), RDO® at specific dilutions decreased the decalcification time of cetacean ear bones with control of the decalcification endpoint, helping a faster access to inner structures. The complementary use of electron microscopy and immunofluorescence allowed the description in odontocetes of new morphological features of tectorial membrane, spiral limbus, spiral ligament, stria vascularis, hair cells and their innervation. Furthermore, this study revealed qualitative and quantitative morphological characteristics of the organ of Corti in high-frequency hearing species, including 1) an outer hair cell (OHC) small length, 2) a thick cuticular plate in OHC, and a thick reticular lamina, 3) robust cup formation of the Deiters cell body, 4) the high development of cytoskeleton in Deiters and pillar cells and 5) the basilar membrane high stiffness. Interestingly, all these features, including a common molecular design of prestin, are also shared by echolocating bats, suggesting a convergent evolution in echolocating species. The presence of scars among hair cell rows, the pattern of stereocilia imprints in the tectorial membrane and the condition of fibrocytes II and IV were criteria suitable to determine or discard possible acoustic trauma, despite the numerous artefacts that rapidly develop as a consequence of tissue autolysis. Consequently, matching the preliminary approximation of the cochlear frequency map with the damaged region would bring information on the sound source that would have triggered a possible lesion.Postprint (published version