CHES Tutorial


8:30 - 9:00: Registration & Welcome Coffee

9:00 - 12:20

Tutorial 1

(coffee break 10:45 - 11:10)

Fault Analysis of Cryptosystems: Attacks, Countermeasures and Metrics
Debdeep Mukhopadhyay and Sikhar Patranabis
Download the slides

13:40 - 17:00

Tutorial 2

(coffee break 15:10 - 15:35)

RFID and NFC security in practice
David Oswald and Timo Kasper
Download the slides (password sent by email)

18:00 - 21:00: Welcome cocktail & Registration

CHES Day 1


8:15 - 8:50: Registration

8:50 - 9:00: Opening Remarks

9:00 - 10:15

S1: Processing Techniques in Side-Channel Analysis

Session chair: Elke De Mulder

  1. Robust Profiling for DPA-Style Attacks slides ]
    Carolyn Whitnall, Elisabeth Oswald (University of Bristol)
  2. Less is More -- Dimensionality Reduction, from a Theoretical Perspective slides ] video ]
    Nicolas Bruneau (Telecom ParisTech & STMicroelectronics); Sylvain Guilley (Telecom ParisTech & Secure-IC S.A.S.); Annelie Heuser (Telecom ParisTech); Damien Marion (Telecom ParisTech & Secure-IC S.A.S.); Olivier Rioul (Telecom ParisTech & Ecole Polytechnique)
  3. Blind Source Separation from Single Measurements using Singular Spectrum Analysis slides ] video ]
    Santos Merino Del Pozo, François-Xavier Standaert (ICTEAM/ELEN/Crypto Group, Université catholique de Louvain)

Coffee Break (30min)

10:45 - 12:25

S2: Cryptographic Hardware Implementations

Session chair: Junfeng Fan

  1. Highly Efficient GF(2^8) Inversion Circuit Based on Redundant GF Arithmetic and Its Application to AES Design slides ] video ]
    Rei Ueno (Tohoku University); Naofumi Homma (Tohoku University); Yukihiro Sugawara (Tohoku University); Yasuyuki Nogami (Okayama University); Takafumi Aoki (Tohoku University)
  2. NaCl's crypto_box in hardware slides ] video ]
    Wolfgang Wieser (Graz University of Technology); Jürgen Schilling (Graz University of Technology); Peter Schwabe (Radboud University of Nijmegen); Michael Hutter (Cryptography Research Inc.)
  3. Lightweight Coprocessor for Koblitz Curves: 283-bit ECC Including Scalar Conversion with only 4300 Gates slides ] video ]
    Sujoy Sinha Roy, Kimmo Järvinen, Ingrid Verbauwhede (KU Leuven ESAT/COSIC and iMinds)
  4. Single Base Modular Multiplication for Efficient Hardware RNS Implementations of ECC slides ] video ]
    Karim Bigou, Arnaud Tisserand (CNRS, IRISA, INRIA Centre Rennes - Bretagne Atlantique, University Rennes 1)

Lunch Break (1h 35min)

14:00 - 15:15

S3: Homomorphic Encryption in Hardware

Session chair: Christof Paar

  1. Accelerating Homomorphic Evaluation on Reconfigurable Hardware slides ] video ]
    Thomas Pöppelmann (Ruhr-Universität Bochum); Michael Naehrig (Microsoft Research); Andrew Putnam (Microsoft Research); Adrian Macias (Altera Corporation)
  2. Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation slides ] video ]
    Sujoy Sinha Roy (KU Leuven ESAT/COSIC and iMinds); Kimmo Järvinen (KU Leuven ESAT/COSIC and iMinds); Frederik Vercauteren (KU Leuven ESAT/COSIC and iMinds); Vassil Dimitrov (University of Calgary, Department of Electrical and Computer Engineering); Ingrid Verbauwhede (KU Leuven ESAT/COSIC and iMinds)
  3. Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware slides ] video ]
    Yarkın Doröz (Worcester Polytechnic Institute); Erdinç Öztürk (Istanbul Commerce University); Erkay Savaş (Sabancı University); Berk Sunar (Worcester Polytechnic Institute)

Coffee Break (30min), until 15:45

16:00: Guided Excursion and Dinner

CHES Day 2


9:00 - 10:15

S4: Side-Channel Attacks on Public-Key Cryptography

Session chair: Emmanuel Prouff

  1. Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation slides ] video ]
    Daniel Genkin (Technion and Tel-Aviv University); Lev Pachmanov (Tel-Aviv University); Itamar Pipman (Tel-Aviv University); Eran Tromer (Tel-Aviv University)
  2. Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA slides ] video ]
    Werner Schindler (Bundesamt für Sicherheit in der Informationstechnik (BSI))
  3. Who watches the watchmen? : Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms slides ] video ]
    Sarani Bhattacharya, Debdeep Mukhopadhyay (Indian Institute of Technology Kharagpur)

Coffee Break (30min)

Poster session #1: list of accepted posters

10:45 - 12:25

S5: Cipher Design and Cryptanalysis

Session chair: Bart Preneel

  1. Improved Cryptanalysis of the DECT Standard Cipher slides ] video ]
    Iwen Coisel, Ignacio Sanchez (European Commission - Joint Research Centre)
  2. Practical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits slides ]
    Aurélie Bauer (ANSSI); Damien Vergnaud (Ecole Normale Supérieure)
  3. The Simeck Family of Lightweight Block Ciphers slides ] video ]
    Gangqiang Yang, Bo Zhu, Valentin Suder, Mark Aagaard, Guang Gong (Department of Electrical and Computer Engineering, University of Waterloo)
  4. TriviA: A Fast and Secure Authenticated Encryption Scheme slides ] video ]
    Avik Chakraborti (Indian Statistical Institute Kolkata); Anupam Chattopadhyay (School of Computer Engineering, NTU Singapore); Muhammad Hassan (RWTH Aachen University); Mridul Nandi (Indian Statistical Institute Kolkata)

Lunch Break (1h 35min)

14:00 - 14:50

S6: TRNGs and Entropy Estimations

Session chair: Jean-Sébastien Coron

  1. A Physical Approach for Stochastic Modeling of TERO-based TRNG slides ]
    Patrick Haddad (STMicroelectronics); Viktor Fischer (Hubert Curien Laboratory, Jean Monnet University, St.-Etienne); Florent Bernard (Hubert Curien Laboratory, Jean Monnet University, St.-Etienne); Jean Nicolai (STMicroelectronics)
  2. Predictive Models for Min-Entropy Estimation slides ] video ]
    John Kelsey (NIST); Kerry A. McKay (NIST); Meltem Sonmez Turan (NIST and Dakota Consulting)

14:50 - 15:50

Invited Talk

Secure protocols in a hostile world slides ] video ]
Matthew D. Green (Johns Hopkins University)

Coffee Break (30min)

16:20 - 17:35

S7: Side-Channel Analysis and Fault Injection Attacks

Session chair: Naofumi Homma

  1. Improved Side-Channel Analysis of Finite-Field Multiplication slides ] video ]
    Sonia Belaïd (École Normale Supérieure and Thales Communications & Security); Jean-Sébastien Coron (University of Luxembourg); Pierre-Alain Fouque (IRISA, Université de Rennes 1); Benoît Gérard (DGA.MI and IRISA, Université de Rennes 1); Jean-Gabriel Kammerer (DGA.MI and IRMAR, Université de Rennes 1); Emmanuel Prouff (ANSSI)
  2. Evaluation and Improvement of Generic-Emulating DPA Attacks slides ] video ]
    Weijia Wang (Shanghai Jiao Tong University), Yu Yu (Shanghai Jiao Tong University), Junrong Liu (Shanghai Jiao Tong University), Zheng Guo (Shanghai Jiao Tong University), François-Xavier Standaert (UCL Crypto Group), Dawu Gu (Shanghai Jiao Tong University), Sen Xu (Shanghai Jiao Tong University), Rong Fu (Tsinghua University)
  3. Transient-Steady Effect Attack on Block Ciphers slides ]
    Yanting Ren, An Wang, Liji Wu (Institute of Microelectronics, Tsinghua University)

19:30 - 23:00: Rump session & cocktail dinner

CHES Day 3


9:00 - 10:15

S8: Higher-Order Side-Channel Attacks

Session chair: Matthieu Rivain

  1. Assessment of Hiding the Higher-Order Leakages in Hardware, what are the achievements versus overheads? slides ] video ]
    Amir Moradi, Alexander Wild (Ruhr-Universität Bochum)
  2. Multi-variate High-Order Attacks of Shuffled Tables Recomputation slides ] video ]
    Nicolas Bruneau (Telecom-ParisTech & STMicroelectronics); Sylvain Guilley (Telecom-ParisTech & Secure-IC S.A.S.); Zakaria Najm (Telecom-ParisTech); Yannick Teglia (STMicroelectronics)
  3. Leakage Assessment Methodology - a clear roadmap for side-channel evaluations slides ] video ]
    Tobias Schneider, Amir Moradi (Ruhr-Universität Bochum)

Coffee Break (30min)

Poster session #2: list of accepted posters

10:45 - 12:25

S9: Physically Unclonable Functions and Hardware Trojans

Session chair: Ulrich Rührmair

  1. Secure Key Generation from Biased PUFs slides ] video ]
    Roel Maes (Intrinsic-ID); Frans Willems (Universiteit Eindhoven); Vincent van der Leest (Intrinsic-ID); Erik van der Sluis (Intrinsic-ID)
  2. The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs slides ]
    Georg T. Becker (Ruhr-Universität Bochum)
  3. End-to-end Design of a PUF based Privacy Preserving Authentication Protocol slides ] video ]
    Aydin Aysu (Virginia Tech); Ege Gulcan (Virginia Tech); Daisuke Moriyama (NICT); Patrick Schaumont (Virginia Tech); Moti Yung (Google and Columbia University)
  4. Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and Boolean Satisfiability slides ] video ]
    Sayandeep Saha, Rajat Subhra Chakraborty, Srinivasa Shashank Nuthakki, Anshul, Debdeep Mukhopadhyay (Indian Institute of Technology Kharagpur)

Lunch Break (1h 35min)

14:00 - 15:15

S10: Side-Channel Attacks in Practice

Session chair: Amir Moradi

  1. DPA, Bitslicing and Masking at 1 GHz slides ] video ]
    Josep Balasch, Benedikt Gierlichs, Oscar Reparaz and Ingrid Verbauwhede (KU Leuven and iMinds)
  2. SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip slides ]
    Jake Longo (University of Bristol); Elke De Mulder (Cryptography Research Inc.); Dan Page (University of Bristol); Michael Tunstall (Cryptography Research Inc.)
  3. Finding the AES Bits in the Haystack: Reverse Engineering and SCA Using Voltage Contrast slides ] video ]
    Christian Kison (Ruhr-Universität Bochum); Jürgen Frinken (Bundeskriminalamt); Christof Paar (Ruhr-Universität Bochum)

Coffee Break (30min)

15:45 - 16:35

S11: Lattice-Based Implementations

Session chair: Bo-Yin Yang

  1. Efficient Ring-LWE Encryption on 8-bit AVR Processors slides ] video ]
    Zhe Liu (University of Luxembourg); Hwajeong Seo (Pusan National University); Sujoy Sinha Roy (K.U. Leuven); Johann Großschädl (University of Luxembourg); Howon Kim (Pusan National University); Ingrid Verbauwhede (K.U. Leuven)
  2. A masked ring-LWE implementation slides ] video ]
    Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede (KU Leuven/COSIC)

16:35 - 16:45: Closing Remarks