Keymill: Side-Channel Resilient Key Generator

In the crypto community, it is widely acknowledged that any cryptographic scheme that is built with no countermeasure against side-channel analysis (SCA) can be easily broken. In this paper, we challenge this intuition. We investigate a novel approach in the design of cryptographic primitives that promotes inherent security against side-channel analysis without using redundant circuits. We propose Keymill, a new keystream generator that is immune against SCA attacks. Security of the proposed scheme depends on mixing key bits in a special way that expands the size of any useful key hypothesis to the full entropy, which enables SCA-security that is equivalent to the brute force. Doing so, we do not propose a better SCA countermeasure, but rather a new one. The current solution focuses exclusively on side-channel analysis and works on top of any unprotected block cipher for mathematical security. The proposed primitive is generic and can turn any block cipher into a protected mode using only 775 equivalent NAND gates, which is almost half the area of the best countermeasure available in the literature

Transparent code authentication at the processor level

The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes

Implementing Grover Oracles for Quantum Key Search on AES and LowMC

Grover's search algorithm gives a quantum attack against block ciphers by searching for a key that matches a small number of plaintext-ciphertext pairs. This attack uses $O(\sqrt{N})$ calls to the cipher to search a key space of size $N$. Previous work in the specific case of AES derived the full gate cost by analyzing quantum circuits for the cipher, but focused on minimizing the number of qubits. In contrast, we study the cost of quantum key search attacks under a depth restriction and introduce techniques that reduce the oracle depth, even if it requires more qubits. As cases in point, we design quantum circuits for the block ciphers AES and LowMC. Our circuits give a lower overall attack cost in both the gate count and depth-times-width cost models. In NIST's post-quantum cryptography standardization process, security categories are defined based on the concrete cost of quantum key search against AES. We present new, lower cost estimates for each category, so our work has immediate implications for the security assessment of post-quantum cryptography. As part of this work, we release Q# implementations of the full Grover oracle for AES-128, -192, -256 and for the three LowMC instantiations used in Picnic, including unit tests and code to reproduce our quantum resource estimates. To the best of our knowledge, these are the first two such full implementations and automatic resource estimations.Comment: 36 pages, 8 figures, 14 table

Low Complexity Sequential Normal Basis Multipliers over ¢¡¤£¦¥¨§�©

For efficient hardware implementation of finite field arithmetic units, the use of a normal basis is advantageous. In this article, two architectures for multipliers over the finite field �¨�������� � are proposed. Both of these multipliers are of sequential type – after receiving the coordinates of the two input field elements, they go through � iterations (or clock cycles) to finally yield all the coordinates of the product in parallel. These multipliers are highly area efficient and require fewer number of logic gates even when compared with the most area efficient multiplier available in the open literature. This makes the proposed multipliers suitable for applications where the value of � is large but space is of concern, e.g., resource constrained cryptographic systems. Additionally, the AND gate count for one of the multipliers is � ������� � only. This implies that if the multiplication over �¨���� � � � is performed using a suitable subfield ���������¦ � where �� � � and ������ � then the corresponding multiplier architecture will yield a highly efficient digit or word serial multiplier. Keywords: Finite field, Massey-Omura multiplier, optimal normal basis

Utilizing Machine Learning and Virtual Reality to Facilitate Brain-computer Interface Control

Brain-computer interface (BCI) users must first participate in many training sessions to obtain adequate data for optimizing the classification algorithm and subsequently acquiring brain-based control. Such traditional training paradigms are neither motivating nor engaging. In recent years, it has been shown that the synergy of virtual reality (VR) and a BCI can lead to increased user engagement. This study created a 3-class BCI that initially presented sham feedback but was eventually driven by EEG associated with motor imagery to navigate a single-path maze in VR. Ten of the eleven recruited participants achieved online performance superior to chance (pM.A.S

Secure Clustering and Symmetric Key Establishment in Heterogeneous Wireless Sensor Networks

<p/> <p>Information security in infrastructureless wireless sensor networks (WSNs) is one of the most important research challenges. In these networks, sensor nodes are typically sprinkled liberally in the field in order to monitor, gather, disseminate, and provide the sensed data to the command node. Various studies have focused on key establishment schemes in homogeneous WSNs. However, recent research has shown that achieving survivability in WSNs requires a hierarchy and heterogeneous infrastructure. In this paper, to address security issues in the heterogeneous WSNs, we propose a secure clustering scheme along with a deterministic pairwise key management scheme based on public key cryptography. The proposed security mechanism guarantees that any two sensor nodes located in the same cluster and routing path can directly establish a pairwise key without disclosing any information to other nodes. Through security performance evaluation, it is shown that the proposed scheme guarantees node-to-node authentication, high resiliency against node capture, and minimum memory space requirement.</p

A Structure-independent Approach for Fault Detection Hardware Implementations of the Advanced Encryption Standard

The Advanced Encryption Standard, which is used extensively for secure communications, has been accepted recently as a symmetric cryptography standard. However, occurrence of the internal faults by intrusion of the attackers may cause confidential information leak to reveal the secret key. For this reason, several schemes for fault detection of the transformations and rounds in the encryption and decryption of the Advanced Encryption Standard are proposed. In this paper, we present a structure-independent fault detection scheme for the Advanced Encryption Standard. The proposed scheme is independent of the way S- box (inverse S-box) is constructed and can be used for both encryption and decryption. It can be applied to both the S-boxes (and inverse S-boxes) using look-up tables as well as those utilizing logic gate implementations based on composite fields. We have obtained the formulations for the fault detection of the SubBytes (inverse SubBytes) using the relation between the input and output of the S-box (inverse S-box). Then, we have proposed and simulated a signature-based structure-independent fault detection scheme. Moreover, the FPGA implementations of the original and the proposed schemes as well as their overhead are presented