VeriSiCC Seminar 2022

Verification and Generation of Side-Channel Countermeasures

September, 22nd 2022, Paris, France


VeriSiCC Seminar 2022 is a single-day seminar organized by all the partners of FUI25 VeriSiCC project and that will take place on Jussieu campus, Paris, France, on September, 22nd 2022.


Sincere thanks to LIP6 which graciously makes a room available for this event.

A few words

Cryptographic implementations are often vulnerable to side-channel attacks, which exploit the physical emanations of the underlying component to retrieve the manipulated secrets. The most widely used countermeasure today is masking, which aims to randomize the manipulated data. VeriSiCC project aims to build new methods to automatically verify and generate proven masked cryptographic implementations. This project relies on the multidisciplinarity of its consortium, ranging from researchers specializing in formal methods and side-channel attacks to end-users, to design innovative software tools with the support of SMEs. These tools will allow industrial people to develop safe and effective protected implementations by reaching a high level of certification and certification bodies (represented in the consortium by ANSSI) to quickly and accurately verify implementations submitted to evaluations.

This second seminar aims to bring together experts in the field of formal verification and side-channel countermeasures to get an overview of the state-of-the-art on this topic and to identify new challenges.

Registration is free but mandatory.


Registration

Register Here

Confirmed Speakers

Schedule

Presentation of the VeriSiCC project

Speaker: from CryptoExperts

Invited talk

Session chair: XXX

  • Computer-Aided Hardware Security Verification

    Pascal Sasdrich, Ruhr-Universität Bochum

    Abstract. Modern cryptography provides a variety of tools and methods to develop robust cryptographic techniques as the foundation of security architectures. Regardless of this, established cryptographic schemes often have weaknesses in their practical and physical implementation that can be exploited by attackers. In particular, by observing or influencing physical characteristics of the executing electronic device, attackers can gain valuable information about processed sensitive data and undermine security. In this context, the presentation discusses our research on computer-aided verification of hardware implementations against physical implementation attacks. More precisely, we will discuss concepts for information leakage verification (Side-Channel Analysis), information tampering verification (Fault-Injection Analysis), and combination of both approaches (Combined Attacks).

Coffee Break (30 min)

Presentation of a project partner

Session chair: XXX

  • Title

    Abdul Rahman Taleb, CryptoExperts and Sorbonne University

    Abstract.

Lunch Break (1h35)

Lunch is not provided but there are many restaurants next to the university

Invited Talk

Session chair: XXX

  • Title

    Speaker, Affiliation

    Abstract.

Presentation of a project partner

Session chair: XXX

  • Side-channel Masking with Pseudo-Random Generator

    Jean-Sébastien Coron, University of Luxembourg

    Abstract. High-order masking countermeasures against side-channel attacks usually require plenty of randomness during their execution. For security against t probes, the classical ISW countermeasure requires O(t^2 s) random bits, where s is the circuit size. However running a True Random Number Generator (TRNG) can be costly in practice and become a bottleneck on embedded devices. In [IKL+13] the authors introduced the notion of robust pseudo-random number generator (PRG), which must remain secure even against an adversary who can probe at most t wires. They showed that when embedding a robust PRG within a private circuit, the number of random bits can be reduced to O(t^4), that is independent of the circuit size s (up to a logarithmic factor). Using bipartite expander graphs, this can be further reduced to O(t^(3+eps)); however the resulting construction is unpractical.
    In this paper we describe a practical construction where the number of random bits is only O(t^2) for security against t probes, without expander graphs; moreover the running time of each pseudo-random generation goes down from O(t^4) to O(t). Our technique consists in using multiple independent PRGs instead of a single one. We show that for ISW circuits, the robustness property of the PRG is not required anymore, which leads to simple and efficient constructions. For example, for AES we only need 48 bytes of randomness to get second-order security (t=2), instead of 2880 in the original Rivain-Prouff countermeasure; when implemented on an ARM-based embedded device with a relatively slow TRNG, we obtain a 50% speed-up compared to Rivain-Prouff

Coffee Break (30 min)

Invited Talk

Session chair: XXX

  • Title

    Speaker, Affiliation

    Abstract.

Closing remarks

Venue

Workshop Will Be Held At

Sorbonne Université Campus Pierre et Marie Curie

Couloir 25 – 26, 1er étage - salle 105

4 Place Jussieu, 75005 Paris, France.