8 research outputs found
Affine Masking against Higher-Order Side Channel Analysis
Get PDFIn the last decade, an effort has been made by the research community to find efficient ways to thwart side channel analysis (SCA) against physical implementations of cryptographic algorithms. A common countermeasure for implementations of block ciphers is Boolean masking which randomizes by the bitwise addition of one or several random value(s) to the variables to be protected. However, advanced techniques called higher-order SCA attacks exist that overcome such a countermeasure. These attacks are greatly favored by the very nature of Boolean masking. In this paper, we revisit the affine masking initially introduced by Von Willich in 2001 as an alternative to Boolean masking. We show how to apply it to AES at the cost of a small timing overhead compared to Boolean masking. We then conduct an in-depth analysis pinpointing the leakage reduction implied by affine masking. Our results clearly show that the proposed scheme provides an excellent performance-security trade-off to protect AES against higher-order SCA
DMTs and Covid-19 severity in MS: a pooled analysis from Italy and France
Get PDFWe evaluated the effect of DMTs on Covid-19 severity in patients with MS, with a pooled-analysis of two large cohorts from Italy and France. The association of baseline characteristics and DMTs with Covid-19 severity was assessed by multivariate ordinal-logistic models and pooled by a fixed-effect meta-analysis. 1066 patients with MS from Italy and 721 from France were included. In the multivariate model, anti-CD20 therapies were significantly associated (OR = 2.05, 95%CI = 1.39–3.02, p < 0.001) with Covid-19 severity, whereas interferon indicated a decreased risk (OR = 0.42, 95%CI = 0.18–0.99, p = 0.047). This pooled-analysis confirms an increased risk of severe Covid-19 in patients on anti-CD20 therapies and supports the protective role of interferon
Protecting AES with Shamir\u27s Secret Sharing Scheme
No full textCryptographic algorithms embedded on physical devices are
particularly vulnerable to Side Channel Analysis (SCA). The most
common countermeasure for block cipher implementations is masking,
which randomizes the variables to be protected by combining them with
one or several random values. In this paper, we propose an original
masking scheme based on Shamir\u27s Secret Sharing scheme~\cite{Sha79}
as an alternative to Boolean masking. We detail its implementation
for the AES using the same tool than Rivain and Prouff in
CHES 2010~\cite{RP10}: multi-party computation. We then conduct a
security analysis of our scheme in order to compare it to Boolean
masking. Our results show that for a given amount of noise the
proposed scheme - implemented to the first order - provides the same
security level as up to order boolean masking,
together with a better efficiency
Impact of Sboxes Size upon Side Channel Resistance and Block Cipher Design
No full textInternational audienc
The Hidden Parallelepiped Is Back Again: Power Analysis Attacks on Falcon
Get PDFFALCON is a very efficient and compact lattice-based signature finalist of the NIST’s Post-Quantum standardization campaign. This work assesses Falcon’s sidechannel resistance by analyzing two vulnerabilities, namely the pre-image computation and the trapdoor sampling. The first attack is an improvement of Karabulut and Aysu (DAC 2021). It overcomes several difficulties inherent to the structure of the stored key like the Fourier representation and directly recovers the key with a limited number of traces and a reduced complexity. The main part of this paper is dedicated to our second attack: we show that a simple power analysis during the signature execution could provide the exact value of the output of a subroutine called the base sampler. This intermediate value does not directly lead to the secret and we had toadapt the so-called hidden parallelepiped attack initially introduced by Nguyen and Regev in Eurocrypt 2006 and reused by Ducas and Nguyen in Asiacrypt 2012. We extensively quantify the resources for our attacks and experimentally demonstrate them with FALCON’s reference implementation on the ELMO simulator (McCann, Oswald and Whitnall USENIX 2017) and on a ChipWhisperer Lite with STM32F3 target (ARM Cortex M4).These new attacks highlight the need for side-channel protection for one of the three finalists of NIST’s standardization campaign by pointing out the vulnerable parts and quantifying the resources of the attacks
High Rate of Recurrent De Novo Mutations in Developmental and Epileptic Encephalopathies
Get PDFDevelopmental and epileptic encephalopathy (DEE) is a group of conditions characterized by the co-occurrence of epilepsy and intellectual disability (ID), typically with developmental plateauing or regression associated with frequent epileptiform activity. The cause of DEE remains unknown in the majority of cases. We performed whole-genome sequencing (WGS) in 197 individuals with unexplained DEE and pharmaco-resistant seizures and in their unaffected parents. We focused our attention on de novo mutations (DNMs) and identified candidate genes containing such variants. We sought to identify additional subjects with DNMs in these genes by performing targeted sequencing in another series of individuals with DEE and by mining various sequencing datasets. We also performed meta-analyses to document enrichment of DNMs in candidate genes by leveraging our WGS dataset with those of several DEE and ID series. By combining these strategies, we were able to provide a causal link between DEE and the following genes: NTRK2, GABRB2, CLTC, DHDDS, NUS1, RAB11A, GABBR2, and SNAP25. Overall, we established a molecular diagnosis in 63/197 (32%) individuals in our WGS series. The main cause of DEE in these individuals was de novo point mutations (53/63 solved cases), followed by inherited mutations (6/63 solved cases) and de novo CNVs (4/63 solved cases). De novo missense variants explained a larger proportion of individuals in our series than in other series that were primarily ascertained because of ID. Moreover, these DNMs were more frequently recurrent than those identified in ID series. These observations indicate that the genetic landscape of DEE might be different from that of ID without epilepsy
