Low-latency implementation of the GIFT cipher on RISC-V architectures

Lightweight cryptography is a viable solution for constrained computational environments that require a secure communication channel. To standardize lightweight primitives, NIST has published a call for algorithms that address needs like compactness, low-latency, low-power/energy, etc. Among the candidates, the GIFT family of block ciphers was utilized in various NIST candidates due to its high-security margin and small gate footprint. As a result of their hardware-oriented design, software implementations of GIFT require additional optimization techniques such as bitslicing and fixslicing to achieve optimal performance. Even though the performance of these methods has been assessed for several ISA families such as x86 and ARM, there is currently a lack of data with regards to their acceleration capabilities for RISC-V. Since this ISA is an important element of the growing open-hardware movement, our goal is to address this knowledge gap. Therefore, we have developed several assembly implementations for both GIFT-64 and GIFT-128, using the RV32I ISA, and performed a quantitative assessment of their performance using a physical board i.e., Hifive1 Rev B. Our study has shown that by using bitslicing the number of clock cycles can be reduced by 69.33% for GIFT-64 and 71.38% for GIFT-128, compared to a naive assembly implementation, while fixslicing decreases the number of clock cycles by 85.7% (GIFT-64) and 81.28% (GIFT-128). Nonetheless, the preferred technique is fixslicing with key pre-computation, which can achieve a reduction of 88.69% (GIFT-64) and 95.05% (GIFT-128), while maintaining relatively low memory requirements of 938 bytes (GIFT-64) and 1388 bytes (GIFT-128), respectively

Boolean Exponent Splitting

A typical countermeasure against side-channel attacks consists of masking intermediate values with a random number. In symmetric cryptographic algorithms, Boolean shares of the secret are typically used, whereas in asymmetric algorithms the secret exponent/scalar is typically masked using algebraic properties. This paper presents a new exponent splitting technique with minimal impact on performance based on Boolean shares. More precisely, it is shown how an exponent can be efficiently split into two shares, where the exponent is the XOR sum of the two shares, typically requiring only an extra register and a few register copies per bit. Our novel exponentiation and scalar multiplication algorithms can be randomized for every execution and combined with other blinding techniques. In this way, both the exponent and the intermediate values can be protected against various types of side-channel attacks. We perform a security evaluation of our algorithms using the mutual information framework and provide proofs that they are secure against first-order side-channel attacks. The side-channel resistance of the proposed algorithms is also practically verified with test vector leakage assessment performed on Xilinx\u27s Zynq zc702 evaluation board

Vectorizing Higher-Order Masking

International audienceThe cost of higher-order masking as a countermeasure against side-channel attacks is often considered too high for practical scenarios, as protected implementations become very slow. At Eurocrypt 2017, the bounded moment leakage model was proposed to study the (theoretical) security of parallel implementations of masking schemes [5]. Work at CHES 2017 then brought this to practice by considering an implementation of AES with 32 shares [26], bitsliced inside 32-bit registers of ARM Cortex-M processors. In this paper we show how the NEON vector instructions of larger ARM Cortex-A processors can be exploited to build much faster masked implementations of AES. Specifically, we present AES with 4 and 8 shares, which in theory provide security against 3rd and 7th-order attacks, respectively. The software is publicly available and optimized for the ARM Cortex-A8. We use refreshing and multiplication algorithms that are proven to be secure in the bounded moment leakage model and to be strongly non-interfering. Additionally, we perform a concrete side-channel evaluation on a BeagleBone Black, using a combination of test vector leakage assessment (TVLA), leakage certification tools and information-theoretic bounds

Pleural myxoid liposarcoma: features of 2 cases and associated literature review

Primary pleural myxoid liposarcoma is a rare entity and no agreed treatment options have been formulated once diagnosis has been made. We report two cases with subsequent management and make recommendations for treatment pathways in these rare cases

A computational index derived from whole-genome copy number analysis is a novel tool for prognosis in early stage lung squamous cell carcinoma.

AbstractSquamous cell carcinoma of the lung is remarkable for the extent to which the same chromosomal abnormalities are detected in individual tumours. We have used next generation sequencing at low coverage to produce high resolution copy number karyograms of a series of 89 non-small cell lung tumours specifically of the squamous cell subtype. Because this methodology is able to create karyograms from formalin-fixed paraffin-embedded material, we were able to use archival stored samples for which survival data were available and correlate frequently occurring copy number changes with disease outcome. No single region of genomic change showed significant correlation with survival. However, adopting a whole-genome approach, we devised an algorithm that relates to total genomic damage, specifically the relative ratios of copy number states across the genome. This algorithm generated a novel index, which is an independent prognostic indicator in early stage squamous cell carcinoma of the lung

The Side-Channel Metrics Cheat Sheet

Side-channel attacks exploit a physical observable originating from a cryptographic device in order to extract its secrets. Many practically relevant advances in the field of side-channel analysis relate to security evaluations of cryptographic functions and devices. Accordingly, many metrics have been adopted or defined to express and quantify side-channel security. These metrics can relate to one another, but also conflict in terms of effectiveness, assumptions and security goals. In this work, we review the most commonly used metrics in the field of side-channel analysis. We provide a self-contained presentation of each metric, along with a discussion of its limitations. We practically demonstrate the metrics on examples of relevant implementations of the Advanced Encryption Standard (AES), and make the software implementation of the presented metrics available to the community as open source. This work, being beyond a survey of the current status of metrics, will allow researchers and practitioners to produce a well-informed security evaluation through a better understanding of its supporting and summarizing metrics

Video-assisted mediastinoscopy (VAM) for surgical resection of ectopic parathyroid adenoma

<p>Abstract</p> <p>Background</p> <p>Ectopic mediastinal parathyroid adenomas or hyperplasia account for up to 25% of primary hyperparathyroidism (HPT). Two percent of them are not accessible by standard cervical surgical approaches. Surgical resection has traditionally been performed via median sternotomy or thoracotomy and more recently, via video assisted thoracoscopic surgery (VATS). We present our experience with the novel use of Video-Assisted Mediastinoscopy (VAM) for resection of ectopic mediastinal parathyroid glands.</p> <p>Case presentation</p> <p>4 patients underwent VAM for removal of an ectopic intramediastinal parathyroid gland. All of them had at least one previous unsuccessful neck exploration.</p> <p>In all cases histology confirmed complete resection of ectopic parathyroid glands (3 parathyroid adenomas and one parathyroid hyperplasia). Two of the patients required a partial sternal split to facilitate exploration.</p> <p>Conclusion</p> <p>The cervical approach for resection of ectopic parathyroid adenomas is frequently unsuccessful. Previously, the standard surgical approach in such cases was sternotomy and exploration of the mediastinum. Recently, a number of less invasive modalities have been introduced.</p> <p>We found that VAM has several advantages. It has a short theatre time does not require a complex anaesthetic and is performed with the patient in classic supine position utilising often a previous cervical scar with good cosmetic results. It offers a short hospital stay; it is cost effective with minimal use of fancy and pricy consumables with a comfortable incision and no violation of the pleural space.</p> <p>Additionally the use of digital Video imaging has increased the sensitivity of the mediastinoscopy and has added safety and confidence in performing a detailed mediastinal exploration with an additional great training value as well.</p

European guidelines on structure and qualification of general thoracic surgery

OBJECTIVE To update the recommendations for the structural characteristics of general thoracic surgery (GTS) in Europe in order to provide a document that can be used as a guide for harmonizing the general thoracic surgical practice in Europe. METHODS A task force was created to set the structural, procedural and qualification characteristics of a European GTS unit. These criteria were endorsed by the Executive Committee of the European Society of Thoracic Surgeons and by the Thoracic Domain of the European Association for Cardio-Thoracic Surgery and were validated by the European Board of Thoracic Surgery at European Union of Medical Specialists. RESULTS Criteria regarding definition and scope of GTS, structure and qualification of GTS unit, training and education and recommendations for subjects of particular interest (lung transplant, oesophageal surgery, minimally invasive thoracic surgery, quality surveillance) were developed. CONCLUSIONS This document will hopefully represent the first step of a process of revision of the modern thoracic surgeons' curricula, which need to be qualitatively rethought in the setting of the qualification process. The structural criteria highlighted in the present document are meant to help and tackle the challenge of cultural and language barriers as well as of widely varying national training programme

Using next-generation sequencing for high resolution multiplex analysis of copy number variation from nanogram quantities of DNA from formalin-fixed paraffin-embedded specimens

The use of next-generation sequencing technologies to produce genomic copy number data has recently been described. Most approaches, however, reply on optimal starting DNA, and are therefore unsuitable for the analysis of formalin-fixed paraffin-embedded (FFPE) samples, which largely precludes the analysis of many tumour series. We have sought to challenge the limits of this technique with regards to quality and quantity of starting material and the depth of sequencing required. We confirm that the technique can be used to interrogate DNA from cell lines, fresh frozen material and FFPE samples to assess copy number variation. We show that as little as 5 ng of DNA is needed to generate a copy number karyogram, and follow this up with data from a series of FFPE biopsies and surgical samples. We have used various levels of sample multiplexing to demonstrate the adjustable resolution of the methodology, depending on the number of samples and available resources. We also demonstrate reproducibility by use of replicate samples and comparison with microarray-based comparative genomic hybridization (aCGH) and digital PCR. This technique can be valuable in both the analysis of routine diagnostic samples and in examining large repositories of fixed archival material

An integrated inspection of the somatic mutations in a lung squamous cell carcinoma using next-generation sequencing

Squamous cell carcinoma (SCC) of the lung kills over 350,000 people annually worldwide, and is the main lung cancer histotype with no targeted treatments. High-coverage whole-genome sequencing of the other main subtypes, small-cell and adenocarcinoma, gave insights into carcinogenic mechanisms and disease etiology. The genomic complexity within the lung SCC subtype, as revealed by The Cancer Genome Atlas, means this subtype is likely to benefit from a more integrated approach in which the transcriptional consequences of somatic mutations are simultaneously inspected. Here we present such an approach: the integrated analysis of deep sequencing data from both the whole genome and whole transcriptome (coding and non-coding) of LUDLU-1, a SCC lung cell line. Our results show that LUDLU-1 lacks the mutational signature that has been previously associated with tobacco exposure in other lung cancer subtypes, and suggests that DNA-repair efficiency is adversely affected; LUDLU-1 contains somatic mutations in TP53 and BRCA2, allelic imbalance in the expression of two cancer-associated BRCA1 germline polymorphisms and reduced transcription of a potentially endogenous PARP2 inhibitor. Functional assays were performed and compared with a control lung cancer cell line. LUDLU-1 did not exhibit radiosensitisation or an increase in sensitivity to PARP inhibitors. However, LUDLU-1 did exhibit small but significant differences with respect to cisplatin sensitivity. Our research shows how integrated analyses of high-throughput data can generate hypotheses to be tested in the lab