Side-Channel Protections for Cryptographic Instruction Set Extensions

Over the past few years, the microprocessor industry has introduced accelerated cryptographic capabilities through instruction set extensions. Although powerful and resistant to side-channel analysis such as cache and timing attacks, these instructions do not implicitly protect against power-based side-channel attacks, such as DPA. This paper provides a specific example with Intel\u27s AES-NI cryptographic instruction set extensions, detailing a DPA, along with results, showing two ways to extract AES keys by simply placing a magnetic field probe beside two capacitors on a motherboard hosting an Intel Core i7 Ivy Bridge microprocessor. Based on the insights of the DPA, methods are then presented on how to mitigate the leaks, in software, providing a dial for diverting the optimal amount of resources required for a prescribed security requirement

Efficient Rijndael Encryption Implementation with Composite Field Arithmetic

Abstract. We explore the use of subfield arithmetic for efficient imple-mentations of Galois Field arithmetic especially in the context of the Rijndael block cipher. Our technique involves mapping field elements to a composite field representation. We describe how to select a represen-tation which minimizes the computation cost of the relevant arithmetic, taking into account the cost of the mapping as well. Our method results in a very compact and fast gate circuit for Rijndael encryption. In conjunction with bit-slicing techniques applied to newly proposed par-allelizable modes of operation, our circuit leads to a high-performance software implementation for Rijndael encryption which offers significant speedup compared to previously reported implementations

On Properties of Random Reductions

Randomness is widely accepted as a powerful computational resource because the most elegant and efficient solutions to several computational problems are randomized. A recurrent theme in the theory of randomized computation is the notion of a random reduction. Random reductions are similar to many-one ($\leq^{P}_{m}$) reductions except for the fact that they are carried out by probablistic transducers which may make errors with small probability. Such reductions are used explicitly in many basic results in complexity theory and implicitly in several randomized algorithms. This thesis investigates the properties of random reductions as a tool towards understanding the power and limitations of randomness. We first prove some startling results which indicate that random reductions can be quite successful in reducing harder problems to simpler ones. We then propose the thesis that in many situations there is a sharp {\em probability threshold} which governs just how successful random reductions can be in this regard. As evidence, we prove that for several complexity classes ${\cal C}$, under standard assumptions, there exist corresponding {\em probability thresholds\/} ${\cal C}_T$, such that random reductions with success probability below ${\cal C}_T$ can reduce the hardest languages in ${\cal C}$ to simpler ones but reductions with success probability above ${\cal C}_T$ cannot do so. Based on these thresholds, we then propose a meaningful definition of completeness under random reductions which resolves several anomalies caused by the traditional definitions which did not place much emphasis on the success probability. The results described above depend on standard but unproven complexity-theoretic assumptions. In order to show that such behavior is inherent to random reductions and not an artifact introduced by these assumptions, we also prove that it is present in very high complexity classes {\em without any assumptions}. In this thesis we also examine other basic aspects of random reducibility. We prove several {\em absolute} separation results between the notions of completeness under various polynomial-time random reductions with different success probabilities and between various random reductions and deterministic polynomial-time reductions. In addition, we also prove new results on the consequences of having random reductions from NP-complete sets to sparse sets

A Note on Time-Space Bounded Interactive Protocols.

In this paper, we examine the power of time-space bounded interactive protocols with private coins. The class of languages having logspace, polynomial-time bounded private coin protocols is exactly PSPACE. We generalize this result to other time-space bounded protocols. As a consequence we obtasin that EXPSPACE is exactly the class of languages having polynomial-space, exponential-time bounded private coin interactive protocols. This coupled with earlier work by Condon, Fortnow and Lund gives us the following characterization of standard complexity classes in terms of time-space bounded interactive protocols

Saving Queries With Randomness

In this paper, we provide tight bounds on the success probabilities of randomized reductions between various classes in the Boolean and Bounded Query Hierarchies. The P$^{SAT\Vert[k]}$ $\leq^{P}_{m}$ - complete language randomly reduces to a language in P$^{SAT\Vert[k-1]}$ with a one-sided error probability of 1/$\lceil$k/2$\rceil$. If two-sided error is allowed, then we show that a much lower error probability of 1/($k$ + 1) can be achieved. We prove that both these reductions are almost optimal by showing that the error probabilities cannot be reduced by even 1/poly, unless the PH collapses. These tight bounds precisely characterize the power and limitations of randomness in saving a query to SAT. These results can be used to identify optimal probability thresholds which determine when languages complete under randomized reductions inherit the hardness properties associated with $\leq^{P}_{m}$ - complete languages. Using these thresholds we prove hardness properties for some languages in these classes which are not $\leq^{P}_{m}$ - complete in certain relativized worlds. We also explore the relationship between randomization and functions computable using bounded queries to SAT. For any function $h (n) = O(log$n$), we show that there is a function$f$computable using$h(n)$nonadaptive queries to SAT, which cannot be computed correctly with probability 1/2+1/poly by any randomized machine which makes less than$h(n)$ adaptive queries to any oracle, unless PH collapses

How to Sign Digital Streams

We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise..

Random Reductions in the Boolean Hierarchy are Not Robust.

We investigate random reductions from complete sets in the Boolean Hierarchy to their complements. We show that under the assumption that the Polynomial Hierarchy is infinite, the error probability of such reductions cannot be significantly lower than a constant. This constant depends on the classes in question. Thus, random reductions in the Boolean Hierarchy are not robust. We also show that the trivial random reductions between classes at the second level of the Boolean Hierarchy are optimal

Fuzzy MLS: An Experiment on Quantified Risk–Adaptive Access Control

The goal of this paper is to present a new model for, or rather a new way of thinking of adaptive, risk–based access control. Our basic premise is that there is always inherent uncertainty in access control decisions and such uncertainty leads to unpredictable risk that should be quantified and addressed in an explicit way. The ability to quantify risk makes it possible to treat risk as countable resource. This enables the use of economic principles to manage this resource with the goal of achieving the optimal utilization of risk, i.e, allocate risk in a manner that optimizes the risk vs. benefit tradeoff. We choose to expand the well known and practiced Bell–Lapadula multi–level security (MLS) access control model as a proof–of–concept case study for our basic premise. The resulting access control model is more like a Fuzzy Logic control system [Jyh97] than a traditional access control system and hence the name “Fuzzy MLS”.