The Montgomery and Joye Powering Ladders are Dual

Hitherto the duality between left-to-right and right-to-left exponentiation algorithms has been a loosely defined concept. Recently, the author made the definition precise by adding requirements on space usage and operation types. Here it is shown that the Montgomery and Joye powering ladders are dual in this sense. Several versions of these algorithms are derived naturally with a cost-free, natural, built-in blinding mechanism as a side channel counter-measure

Efficient scalar multiplication against side channel attacks using new number representation

Elliptic curve cryptography (ECC) is probably the most popular public key systems nowadays. The classic algorithm for computation of elliptic curve scalar multiplication is Doubling-and-Add. However, it has been shown vulnerable to simple power analysis, which is a type of side channel attacks (SCAs). Among different types of attacks, SCAs are becoming the most important and practical threat to elliptic curve computation. Although Montgomery power ladder (MPL) has shown to be a good choice for scalar multiplication against simple power analysis, it is still subject to some advanced SCAs such like differential power analysis. In this thesis, a new number representation is firstly proposed, then several scalar multiplication algorithms using this new number system are presented. It has also been shown that the proposed algorithms outperform or comparable to the best of existing similar algorithms in terms of against side channel attacks and computational efficiency. Finally we extend both the new number system and the corresponding scalar multiplication algorithms to high radix cases

Semi-automatic ladderisation : improving code security through rewriting and dependent types

Funding: This work was generously supported by the EU Horizon 2020 project, TeamPlay (https://www.teamplay-h2020.eu), grant number 779882, and UK EPSRC, Energise, grant number EP/V006290/1.Cyber attacks become more and more prevalent every day.An arms race is thus engaged between cyber attacks and cyber defences.One type of cyber attack is known as a side channel attack, where attackers exploit information leakage from the physical execution of a program, e.g. timing or power leakage, to uncover secret information, such as encryption keys or other sensitive data. There have been various attempts at addressing the problem of side-channel attacks, often relying on various measures to decrease the discernibility of several code variants or code paths. Most techniques require a high-degree of expertise by the developer, who often employs ad hoc, hand-crafted code-patching in an attempt to make it more secure. In this paper, we take a different approach: building on the idea of ladderisation, inspired by Montgomery Ladders. We present a semi-automatic tool-supported technique, aimed at the non-specialised developer, which refactors (a class of) C programs into functionally (and even algorithmically) equivalent counterparts with improved security properties. Our approach provides refactorings that transform the source code into its ladderised equivalent, driven by an underlying verified rewrite system, based on dependent types. Our rewrite system automatically finds rewritings of selected C expressions, facilitating the production of their equivalent ladderised counterparts for a subset of C. Using our tool-supported technique, we demonstrate our approach on a number of representative examples from the cryptographic domain, showing increased security.Postprin

Fragmentation and OB Star Formation in High-Mass Molecular Hub-Filament System

Filamentary structures are ubiquitously seen in the interstellar medium. The concentrated molecular mass in the filaments allows fragmentation to occur in a shorter timescale than the timescale of the global collapse. Such hierarchical fragmentation may further assist the dissipation of excessive angular momentum. It is crucial to resolve the morphology and the internal velocity structures of the molecular filaments observationally. We perform 0".5-2".5 angular resolution interferometric observations toward the nearly face-on OB cluster forming region G33.92+0.11. Observations of various spectral lines as well as the millimeter dust continuum emission, consistently trace several $\sim$1 pc scale, clumpy molecular arms. Some of the molecular arms geometrically merge to an inner 3.0$^{{\scriptsize{+2.8}}}_{{-\scriptsize{1.4}}}\cdot10^{3}$\,$M_{\odot}$, 0.6 pc scale central molecular clump, and may directly channel the molecular gas to the warm ($\sim$50 K) molecular gas immediately surrounding the centrally embedded OB stars. The NH$_{3}$ spectra suggest a medium turbulence line width of FWHM$\lesssim$2\,km\,s$^{-1}$ in the central molecular clump, implying a $\gtrsim$10 times larger molecular mass than the virial mass. Feedbacks from shocks and the centrally embedded OB stars and localized (proto)stellar clusters, likely play a key role in the heating of molecular gas and could lead to the observed chemical stratification. Although (proto)stellar feedbacks are already present, G33.92+0.11 chemically appears to be at an early evolutionary stage given by the low abundance limit of SO$_{2}$ observed in this region.Comment: 37 pages, 23 figure

Hometown Prosperity: Increasing Opportunity for DC's Low-Income Working Families

Describes how Washington, D.C.'s poor working families have not benefited from the district's economic growth; identifies the key reasons; and recommends investing more in education and training, local workforce development, and income and work supports

Technical design of the phase I Mu3e experiment

The Mu3e experiment aims to find or exclude the lepton flavour violating decay μ→eee at branching fractions above 10−16. A first phase of the experiment using an existing beamline at the Paul Scherrer Institute (PSI) is designed to reach a single event sensitivity of 2⋅10−15. We present an overview of all aspects of the technical design and expected performance of the phase I Mu3e detector. The high rate of up to 108 muon decays per second and the low momenta of the decay electrons and positrons pose a unique set of challenges, which we tackle using an ultra thin tracking detector based on high-voltage monolithic active pixel sensors combined with scintillating fibres and tiles for precise timing measurements

Technical design of the phase I Mu3e experiment

The Mu3e experiment aims to find or exclude the lepton flavour violating decay $\mu \rightarrow eee$ at branching fractions above $10^{-16}$. A first phase of the experiment using an existing beamline at the Paul Scherrer Institute (PSI) is designed to reach a single event sensitivity of $2\cdot 10^{-15}$. We present an overview of all aspects of the technical design and expected performance of the phase~I Mu3e detector. The high rate of up to $10^{8}$ muon decays per second and the low momenta of the decay electrons and positrons pose a unique set of challenges, which we tackle using an ultra thin tracking detector based on high-voltage monolithic active pixel sensors combined with scintillating fibres and tiles for precise timing measurements.Comment: 114 pages, 185 figures. Submitted to Nuclear Instruments and Methods A. Edited by Frank Meier Aeschbacher This version has many enhancements for better readability and more detail

Highly secure cryptographic computations against side-channel attacks

Side channel attacks (SCAs) have been considered as great threats to modern cryptosystems, including RSA and elliptic curve public key cryptosystems. This is because the main computations involved in these systems, as the Modular Exponentiation (ME) in RSA and scalar multiplication (SM) in elliptic curve system, are potentially vulnerable to SCAs. Montgomery Powering Ladder (MPL) has been shown to be a good choice for ME and SM with counter-measures against certain side-channel attacks. However, recent research shows that MPL is still vulnerable to some advanced attacks [21, 30 and 34]. In this thesis, an improved sequence masking technique is proposed to enhance the MPL\u27s resistance towards Differential Power Analysis (DPA). Based on the new technique, a modified MPL with countermeasure in both data and computation sequence is developed and presented. Two efficient hardware architectures for original MPL algorithm are also presented by using binary and radix-4 representations, respectively

Fault attacks on RSA and elliptic curve cryptosystems

This thesis answered how a fault attack targeting software used to program EEPROM can threaten hardware devices, for instance IoT devices. The successful fault attacks proposed in this thesis will certainly warn designers of hardware devices of the security risks their devices may face on the programming leve

Atomicity Improvement for Elliptic Curve Scalar Multiplication

Abstract. In this paper we address the problem of protecting elliptic curve scalar multiplication implementations against side-channel analysis by using the atomicity principle. First of all we reexamine classical assumptions made by scalar multiplication designers and we point out that some of them are not relevant in the context of embedded devices. We then describe the state-of-the-art of atomic scalar multiplication and propose an atomic pattern improvement method. Compared to the most efficient atomic scalar multiplication published so far, our technique shows an average improvement of up to 10.6%