<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/dist/css/bootstrap.min.css" rel="stylesheet"> <title>Search results</title> <link rel="stylesheet" href="/css/eprint.css?v=10"> <style> input { background-color: #e8e8e8 !important; } mark { font-weight: 600; padding: .2em 0px .2em 0px; color: black; } span.term { font-weight: 700 !important; font-family: var(--bs-font-monospace), monospace !important; } form { background-color:#fff; } @media (min-width: 768px) { form { position:sticky;top:6rem; } } </style> <meta name="description" content="Search the Cryptology ePrint Archive"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="fixed-top" id="topNavbar"> <nav class="navbar navbar-custom navbar-expand-lg"> <div class="container px-0 justify-content-between justify-content-lg-evenly"> <div class="order-0 align-items-center d-flex"> <button class="navbar-toggler btnNoOutline" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false"> <span class="icon-bar top-bar"></span> <span class="icon-bar middle-bar"></span> <span class="icon-bar bottom-bar"></span> </button> <a class="d-none me-5 d-lg-inline" href="https://iacr.org/"><img class="iacrlogo" src="/img/iacrlogo_small.png" alt="IACR Logo" style="max-width:6rem;"></a> </div> <a class="ePrintname order-1" href="/"> <span class="longNavName">Cryptology ePrint Archive</span> </a> <div class="collapse navbar-collapse order-3" id="navbarContent"> <ul class="navbar-nav me-auto ms-2 mb-2 mb-lg-0 justify-content-end w-100"> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Papers </a> <ul class="dropdown-menu me-3" aria-labelledby="navbarDropdown"> <span class="text-dark mx-3" style="white-space:nowrap;">Updates from the last:</span> <li><a class="dropdown-item ps-custom" href="/days/7">7 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/31">31 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/183">6 months</a></li> <li><a class="dropdown-item ps-custom" href="/days/365">365 days</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/byyear">Listing by year</a></li> <li><a class="dropdown-item" href="/complete">All papers</a></li> <li><a class="dropdown-item" href="/complete/compact">Compact view</a></li> <li><a class="dropdown-item" href="https://www.iacr.org/news/subscribe">Subscribe</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/citation.html">How to cite</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/rss">Harvesting metadata</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="submissionsDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu me-3" aria-labelledby="submissionsDropdown"> <li><a class="dropdown-item" href="/submit">Submit a paper</a></li> <li><a class="dropdown-item" href="/revise">Revise or withdraw a paper</a></li> <li><a class="dropdown-item" href="/operations.html">Acceptance and publishing conditions</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="aboutDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> About </a> <ul class="dropdown-menu me-3" aria-labelledby="aboutDropdown"> <li><a class="dropdown-item" href="/about.html">Goals and history</a></li> <li><a class="dropdown-item" href="/news.html">News</a></li> <li><a class="dropdown-item" href="/stats">Statistics</a></li> <li><a class="dropdown-item" href="/contact.html">Contact</a></li> </ul> </li> </ul> </div> <div class="dropdown ps-md-2 text-right order-2 order-lg-last"> <button class="btn btnNoOutline" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="false"> <img src="/img/search.svg" class="searchIcon" alt="Search Button"/> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end p-0" aria-labelledby="dropdownMenuButton1"> <form action="/search" method="GET"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control" autocomplete="off"> <button class="btn btn-secondary border input-group-append ml-2"> Search </button> </div> </form> <div class="ms-2 p-1 d-none"><a href="/search">Advanced search</a></div> </div> </div> </div> </nav> </div> <main id="eprintContent" class="container px-3 py-4 p-md-4"> <div class="row"> <div class="col-12 col-lg-4"> <form class="p-2 pt-md-4 align-items-end needs-validation" novalidate onsubmit="return validateForm()" method="GET" action="/search"> <label for="anything" class="mt-2 form-label">Match anything</label> <input type="text" name="q" class="form-control form-control-sm" id="anything" aria-label="Match anything" value="ASIC"> <label for="title" class="mt-4 form-label">Match title</label> <input type="text" name="title" class="form-control form-control-sm" id="title" aria-label="Match title" value=""> <label for="authors" class="mt-4 form-label">Match authors</label> <input type="text" name="authors" class="form-control form-control-sm" id="authors" aria-label="Match authors" value=""> <label for="category" class="mt-4 form-label">Category</label><br> <select class="form-select form-select-sm" id="category" name="category" aria-label="Category"> <option value="">All categories</option> <option value="APPLICATIONS" >Applications</option> <option value="PROTOCOLS" >Cryptographic protocols</option> <option value="FOUNDATIONS" >Foundations</option> <option value="IMPLEMENTATION" >Implementation</option> <option value="SECRETKEY" >Secret-key cryptography</option> <option value="PUBLICKEY" >Public-key cryptography</option> <option value="ATTACKS" >Attacks and cryptanalysis</option> </select> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="submittedafter" class="mt-4 form-label">Submitted after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedafter" name="submittedafter" aria-label="Submitted after" value="None" placeholder="Enter a year"> </div> <div class="col-6"> <label for="submittedbefore" class="mt-4 form-label">Submitted before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedbefore" name="submittedbefore" aria-label="Submitted before" value="None" placeholder="Enter a year"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> </div> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="revisedafter" class="mt-4 form-label">Revised after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedafter" name="revisedafter" aria-label="Revised after" placeholder="Enter a year" value="None"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> <div class="col-6"> <label for="revisedbefore" class="mt-4 form-label">Revised before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedbefore" name="revisedbefore" aria-label="Revised before" value="None" placeholder="Enter a year"> </div> </div> <div class="d-none d-lg-flex mt-3"> <div class="form-check"> <input type="checkbox" id="relevance" name="relevance" > <label for="relevance" class="form-check-label ms-2">Sort by relevance</label> </div> </div> <div class="mt-3 d-flex"> <button class="btn btn-primary btn-sm" type="submit">Search</button> <button id="clearButton" class="btn btn-secondary btn-sm ms-2" type="button">Clear</button> <button id="helpButton" class="btn btn-info btn-sm ms-auto" type="button" data-bs-toggle="modal" data-bs-target="#helpModal">Help</button> </div> </form> <div class="modal" tabindex="-1" id="helpModal"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title">Search Help</h4> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <p> You can search for a phrase by enclosing it in double quotes, e.g., <span class="term text-nowrap"><a href="/search?q=%22differential%20privacy%22">"differential privacy"</a></span>. </p> <p> You can require or exclude specific terms using + and -. For example, to search for papers that contain the term elliptic but not the term factoring, use <span class="term text-nowrap"><a href="/search?q=%2Belliptic%20-factoring">+elliptic -factoring</a></span> </p> <p> To search in a title or for author name, use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20author%3Aboneh">title:isogeny author:boneh</a></span>. If you want to require both, you can use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20author%3Aboneh">title:isogeny AND author:boneh</a></span> because it recognizes logical operators <span class="term">AND</span> and <span class="term">OR</span>. This is equivalent to <a href="/search?title=isogeny&authors=boneh">using the individual fields</a> for author and title. You can also use NOT to negate a condition, as with <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20NOT%20author%3Aboneh">title:isogeny AND NOT author:boneh</a></span> to search for papers with an author other than Boneh. </p> <p> To find documents containing a term starting with the string <span class="term">differe</span>, use <span class="term"><a href="/search?q=differe%2A">differe*</a></span>. This will match the terms difference, different, and differential </p> <p> Note that search applies stemming, so that if you search for <span class="term">yield</span> it will also match terms <span class="term">yields</span> and <span class="term">yielding</span>. If you want to disable stemming, capitalize the term. A search for <span class="term">Adam</span> will not match the term 'Adams'. </p> <p> The system attempts to recognize possible misspellings. This is perhaps a source of amusement more than anything else. </p> <p> This currently searches the text in titles, authors, abstracts, and keywords, but does not search in the PDF or PS itself. </p> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <!-- Parsed query: Query((asic@1 AND_MAYBE PostingSource(Xapian::ValueWeightPostingSource(slot=2)))) --> </div> <div class="col-12 col-lg-8" style="min-height:80vh"> <h4 class="mt-3 ms-4">128 results sorted by ID</h5> <div class="alert alert-info ms-lg-4">Possible spell-corrected query: <a href="/search?q=basic">basic</a></div> <div class="ms-lg-4 mt-3 results"> <div class="mb-4"> <div class="d-flex"><a title="2025/497" class="paperlink" href="/2025/497">2025/497</a> <span class="ms-2"><a href="/2025/497.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fast Scloud+: A Fast Hardware Implementation for the Unstructured LWE-based KEM - Scloud+</strong> <div class="mt-1"><span class="fst-italic">Jing Tian, Yaodong Wei, Dejun Xu, Kai Wang, Anyu Wang, Zhiyuan Qiu, Fu Yao, Guang Zeng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Scloud+ is an unstructured LWE-based key encapsulation mechanism (KEM) with conservative quantum security, in which ternary secrets and lattice coding are incorporated for higher computational and communication efficiency. However, its efficiencies are still much inferior to those of the structured LWE-based KEM, like ML-KEM (standardized by NIST). In this paper, we present a configurable hardware architecture for Scloud+.KEM to improve the computational efficiency. Many algorithmic and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/252" class="paperlink" href="/2025/252">2025/252</a> <span class="ms-2"><a href="/2025/252.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Chiplet-Based Techniques for Scalable and Memory-Aware Multi-Scalar Multiplication</strong> <div class="mt-1"><span class="fst-italic">Florian Hirner, Florian Krieger, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents a high-performance architecture for accelerating Multi-Scalar Multiplication (MSM) on ASIC platforms, targeting cryptographic applications with high throughput demands. Unlike prior MSM accelerators that focus solely on efficient processing elements (PEs), our chiplet-based design optimally balances area, power, and computational throughput. We identify a mixed window configuration of 12- and 13-bit windows that enables an efficient multi-PE integration of 10 PEs per...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/086" class="paperlink" href="/2025/086">2025/086</a> <span class="ms-2"><a href="/2025/086.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Artificial Results From Hardware Synthesis</strong> <div class="mt-1"><span class="fst-italic">Ahmed Alharbi, Charles Bouillaguet</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we revisit venerable lower-bounds on the $AT$ or $AT^2$ performance metric of hardware circuits. A series of works started in the late 1970&#39;s has established that if a hardware circuit of area $A$ computes a function $f : \{0, 1\}^n \rightarrow \{0, 1\}^m$ in $T$ clock cycles, then $AT^2$ is asymptotically larger than (a form of) the communication complexity of $f$. These lower-bounds ignore the active component of the circuit such as the logic gates and only take into...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1919" class="paperlink" href="/2024/1919">2024/1919</a> <span class="ms-2"><a href="/2024/1919.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PASTA on Edge: Cryptoprocessor for Hybrid Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Aikata Aikata, Daniel Sanz Sobrino, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fully Homomorphic Encryption (FHE) enables privacy-preserving computation but imposes significant computational and communication overhead on the client for the public-key encryption. To alleviate this burden, previous works have introduced the Hybrid Homomorphic Encryption (HHE) paradigm, which combines symmetric encryption with homomorphic decryption to enhance performance for the FHE client. While early HHE schemes focused on binary data, modern versions now support integer prime fields,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1828" class="paperlink" href="/2024/1828">2024/1828</a> <span class="ms-2"><a href="/2024/1828.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Classic McEliece Hardware Implementation with Enhanced Side-Channel and Fault Resistance</strong> <div class="mt-1"><span class="fst-italic">Peizhou Gan, Prasanna Ravi, Kamal Raj, Anubhab Baksi, Anupam Chattopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we propose the first hardware implementation of Classic McEliece protected with countermeasures against Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA). Classic Mceliece is one of the leading candidates for Key Encapsulation Mechanisms (KEMs) in the ongoing round 4 of the NIST standardization process for post-quantum cryptography. In particular, we implement a range of generic countermeasures against SCA and FIA, particularly protected the vulnerable operations...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1249" class="paperlink" href="/2024/1249">2024/1249</a> <span class="ms-2"><a href="/2024/1249.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-08-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Koala: A Low-Latency Pseudorandom Function</strong> <div class="mt-1"><span class="fst-italic">Parisa Amiri Eliasi, Yanis Belkheyar, Joan Daemen, Santosh Ghosh, Daniël Kuijsters, Alireza Mehrdad, Silvia Mella, Shahram Rasoolzadeh, Gilles Van Assche</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper introduces the Koala PRF, which maps a variable-length sequence of $64$-bit input blocks to a single $257$-bit output block. Its design focuses on achieving low latency in its implementation in ASIC. To construct Koala, we instantiate the recently introduced Kirby construction with the Koala-P permutation and add an input encoding layer. The Koala-P permutation is obtained as the $8$-fold iteration of a simple round function inspired by that of Subterranean. Based on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1246" class="paperlink" href="/2024/1246">2024/1246</a> <span class="ms-2"><a href="/2024/1246.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-08-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MSMAC: Accelerating Multi-Scalar Multiplication for Zero-Knowledge Proof</strong> <div class="mt-1"><span class="fst-italic">Pengcheng Qiu, Guiming Wu, Tingqiang Chu, Changzheng Wei, Runzhou Luo, Ying Yan, Wei Wang, Hui Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-scalar multiplication (MSM) is the most computation-intensive part in proof generation of Zero-knowledge proof (ZKP). In this paper, we propose MSMAC, an FPGA accelerator for large-scale MSM. MSMAC adopts a specially designed Instruction Set Architecture (ISA) for MSM and optimizes pipelined Point Addition Unit (PAU) with hybrid Karatsuba multiplier. Moreover, a runtime system is proposed to split MSM tasks with the optimal sub-task size and orchestrate execution of Processing Elements...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/984" class="paperlink" href="/2024/984">2024/984</a> <span class="ms-2"><a href="/2024/984.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-07-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Side-Channel and Fault Resistant ASCON Implementation: A Detailed Hardware Evaluation (Extended Version)</strong> <div class="mt-1"><span class="fst-italic">Aneesh Kandi, Anubhab Baksi, Peizhou Gan, Sylvain Guilley, Tomáš Gerlich, Jakub Breier, Anupam Chattopadhyay, Ritu Ranjan Shrivastwa, Zdeněk Martinásek, Shivam Bhasin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we present various hardware implementations for the lightweight cipher ASCON, which was recently selected as the winner of the NIST organized Lightweight Cryptography (LWC) competition. We cover encryption + tag generation and decryption + tag verification for the ASCON AEAD and also the ASCON hash function. On top of the usual (unprotected) implementation, we present side-channel protection (threshold countermeasure) and triplication/majority-based fault protection. To the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/891" class="paperlink" href="/2024/891">2024/891</a> <span class="ms-2"><a href="/2024/891.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Glitch-Stopping Circuits: Hardware Secure Masking without Registers</strong> <div class="mt-1"><span class="fst-italic">Zhenda Zhang, Svetla Nikova, Ventzislav Nikov</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Masking is one of the most popular countermeasures to protect implementations against power and electromagnetic side channel attacks, because it offers provable security. Masking has been shown secure against d-threshold probing adversaries by Ishai et al. at CRYPTO&#39;03, but this adversary&#39;s model doesn&#39;t consider any physical hardware defaults and thus such masking schemes were shown to be still vulnerable when implemented as hardware circuits. To addressed these limitations glitch-extended...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/289" class="paperlink" href="/2024/289">2024/289</a> <span class="ms-2"><a href="/2024/289.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SoK: Parameterization of Fault Adversary Models - Connecting Theory and Practice</strong> <div class="mt-1"><span class="fst-italic">Dilara Toprakhisar, Svetla Nikova, Ventzislav Nikov</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Since the first fault attack by Boneh et al. in 1997, various physical fault injection mechanisms have been explored to induce errors in electronic systems. Subsequent fault analysis methods of these errors have been studied, and successfully used to attack many cryptographic implementations. This poses a significant challenge to the secure implementation of cryptographic algorithms. To address this, numerous countermeasures have been proposed. Nevertheless, these countermeasures are...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/186" class="paperlink" href="/2024/186">2024/186</a> <span class="ms-2"><a href="/2024/186.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>RAD-FS: Remote Timing and Power SCA Security in DVFS-Augmented Ultra-Low-Power Embedded Systems</strong> <div class="mt-1"><span class="fst-italic">Daniel Dobkin, Nimrod Cever, Itamar Levi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">High-performance crypto-engines have become crucial components in modern System-On-Chip (SoC) architectures across platforms, from servers to edge-IoTs’. Alas, their secure operation faces a significant obstacle caused by information-leakage accessed through Side-Channel Analysis (SCA). Adversaries exploit statistical-analysis techniques on measured (e.g.,) power and timing signatures generated during (e.g.,) encryption, extracting secrets. Mathematical countermeasures against such attacks...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1889" class="paperlink" href="/2023/1889">2023/1889</a> <small class="ms-auto">Last updated: 2024-10-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Parallel, One-Cycle Random Shuffling for Efficient Countermeasure against Side Channel Attack and its Complexity Verification.</strong> <div class="mt-1"><span class="fst-italic">Jong-Yeon Park, Dongsoo Lee, Seonggyeom Kim, Wonil lee, Bo Gyeong Kang, Kouichi Sakurai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Hiding countermeasures are the most widely utilized techniques for thwarting side-channel attacks, and their significance has been further emphasized with the advent of Post Quantum Cryptography (PQC) algorithms, owing to the extensive use of vector operations. Commonly, the Fisher-Yates algorithm is adopted in hiding countermeasures with permuted operation for its security and efficiency in implementation, yet the inherently sequential nature of the algorithm imposes limitations on hardware...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1596" class="paperlink" href="/2023/1596">2023/1596</a> <span class="ms-2"><a href="/2023/1596.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-10-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Black Box Attack Using Side Channel Analysis and Hardware Trojans</strong> <div class="mt-1"><span class="fst-italic">Raja Adhithan Radhakrishnan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The emergence of hardware trojans as significant threats in various aspects of hardware design, including Firmware, open-source IP, and PCB design, has raised serious concerns. Simultaneously, AI technologies have been employed to simplify the complexity of Side Channel Analysis (SCA) attacks. Due to the increasing risk posed by these threats, it becomes essential to test hardware by considering all possible attack vectors. This paper aims to propose a black box attack using...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1396" class="paperlink" href="/2023/1396">2023/1396</a> <span class="ms-2"><a href="/2023/1396.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Accelerating Isogeny Walks for VDF Evaluation</strong> <div class="mt-1"><span class="fst-italic">David Jacquemin, Anisha Mukherjee, Ahmet Can Mert, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">VDFs are characterized by sequential function evaluation but an immediate output verification. In order to ensure secure use of VDFs in real-world applications, it is important to determine the fastest implementation. Considering the point of view of an attacker (say with unbounded resources), this paper aims to accelerate the isogeny-based VDF proposed by De Feo-Mason-Petit-Sanso in 2019. It is the first work that implements a hardware accelerator for the evaluation step of an isogeny VDF....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1267" class="paperlink" href="/2023/1267">2023/1267</a> <span class="ms-2"><a href="/2023/1267.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-08-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Whipping the MAYO Signature Scheme using Hardware Platforms</strong> <div class="mt-1"><span class="fst-italic">Florian Hirner, Michael Streibl, Florian Krieger, Ahmet Can Mert, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">NIST issued a new call in 2023 to diversify the portfolio of quantum-resistant digital signature schemes since the current portfolio relies on lattice problems. The MAYO scheme, which builds on the Unbalanced Oil and Vinegar (UOV) problem, is a promising candidate for this new call. MAYO introduces emulsifier maps and a novel &#39;whipping&#39; technique to significantly reduce the key sizes compared to previous UOV schemes. This paper provides a comprehensive analysis of the implementation...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1190" class="paperlink" href="/2023/1190">2023/1190</a> <span class="ms-2"><a href="/2023/1190.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>REED: Chiplet-Based Accelerator for Fully Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Aikata Aikata, Ahmet Can Mert, Sunmin Kwon, Maxim Deryabin, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fully Homomorphic Encryption (FHE) enables privacy-preserving computation and has many applications. However, its practical implementation faces massive computation and memory overheads. To address this bottleneck, several Application-Specific Integrated Circuit (ASIC) FHE accelerators have been proposed. All these prior works put every component needed for FHE onto one chip (monolithic), hence offering high performance. However, they encounter common challenges associated with large-scale...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1134" class="paperlink" href="/2023/1134">2023/1134</a> <span class="ms-2"><a href="/2023/1134.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Randomness Generation for Secure Hardware Masking - Unrolled Trivium to the Rescue</strong> <div class="mt-1"><span class="fst-italic">Gaëtan Cassiers, Loïc Masure, Charles Momin, Thorben Moos, Amir Moradi, François-Xavier Standaert</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Masking is a prominent strategy to protect cryptographic implementations against side-channel analysis. Its popularity arises from the exponential security gains that can be achieved for (approximately) quadratic resource utilization. Many variants of the countermeasure tailored for different optimization goals have been proposed. The common denominator among all of them is the implicit demand for robust and high entropy randomness. Simply assuming that uniformly distributed random bits are...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1129" class="paperlink" href="/2023/1129">2023/1129</a> <span class="ms-2"><a href="/2023/1129.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-11-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>All You Need Is Fault: Zero-Value Attacks on AES and a New $\lambda$-Detection M&amp;M</strong> <div class="mt-1"><span class="fst-italic">Haruka Hirata, Daiki Miyahara, Victor Arribas, Yang Li, Noriyuki Miura, Svetla Nikova, Kazuo Sakiyama</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Deploying cryptography on embedded systems requires security against physical attacks. At CHES 2019, M&amp;M was proposed as a combined countermeasure applying masking against SCAs and information-theoretic MAC tags against FAs. In this paper, we show that one of the protected AES implementations in the M&amp;M paper is vulnerable to a zero-value SIFA2-like attack. A practical attack is demonstrated on an ASIC board. We propose two versions of the attack: the first follows the SIFA approach to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/742" class="paperlink" href="/2023/742">2023/742</a> <span class="ms-2"><a href="/2023/742.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Finding Desirable Substitution Box with SASQUATCH</strong> <div class="mt-1"><span class="fst-italic">Manas Wadhwa, Anubhab Baksi, Kai Hu, Anupam Chattopadhyay, Takanori Isobe, Dhiman Saha</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents ``SASQUATCH&#39;&#39;, an open-source tool, that aids in finding an unknown substitution box (SBox) given its properties. The inspiration of our work can be directly attributed to the DCC 2022 paper by Lu, Mesnager, Cui, Fan and Wang. Taking their work as the foundation (i.e., converting the problem of SBox search to a satisfiability modulo theory instance and then invoking a solver), we extend in multiple directions (including -- but not limiting to -- coverage of more options,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/716" class="paperlink" href="/2023/716">2023/716</a> <span class="ms-2"><a href="/2023/716.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Towards High-speed ASIC Implementations of Post-Quantum Cryptography</strong> <div class="mt-1"><span class="fst-italic">Malik Imran, Aikata Aikata, Sujoy Sinha Roy, Samuel pagliarini</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this brief, we realize different architectural techniques towards improving the performance of post-quantum cryptography (PQC) algorithms when implemented as hardware accelerators on an application-specific integrated circuit (ASIC) platform. Having SABER as a case study, we designed a 256-bit wide architecture geared for high-speed cryptographic applications that incorporates smaller and distributed SRAM memory blocks. Moreover, we have adapted the building blocks of SABER to process...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/678" class="paperlink" href="/2023/678">2023/678</a> <span class="ms-2"><a href="/2023/678.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A 334µW 0.158mm2 ASIC for Post-Quantum Key-Encapsulation Mechanism Saber with Low-latency Striding Toom-Cook Multiplication Extended Version</strong> <div class="mt-1"><span class="fst-italic">Archisman Ghosh, Jose Maria Bermudo Mera, Angshuman Karmakar, Debayan Das, Santosh Ghosh, Ingrid Verbauwhede, Shreyas Sen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard \&amp;...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/521" class="paperlink" href="/2023/521">2023/521</a> <span class="ms-2"><a href="/2023/521.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-04-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>TREBUCHET: Fully Homomorphic Encryption Accelerator for Deep Computation</strong> <div class="mt-1"><span class="fst-italic">David Bruce Cousins, Yuriy Polyakov, Ahmad Al Badawi, Matthew French, Andrew Schmidt, Ajey Jacob, Benedict Reynwar, Kellie Canida, Akhilesh Jaiswal, Clynn Mathew, Homer Gamil, Negar Neda, Deepraj Soni, Michail Maniatakos, Brandon Reagen, Naifeng Zhang, Franz Franchetti, Patrick Brinich, Jeremy Johnson, Patrick Broderick, Mike Franusich, Bo Zhang, Zeming Cheng, Massoud Pedram</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure computation is of critical importance to not only the DoD, but across financial institutions, healthcare, and anywhere personally identifiable information (PII) is accessed. Traditional security techniques require data to be decrypted before performing any computation. When processed on untrusted systems the decrypted data is vulnerable to attacks to extract the sensitive information. To address these vulnerabilities Fully Homomorphic Encryption (FHE) keeps the data encrypted...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/212" class="paperlink" href="/2023/212">2023/212</a> <span class="ms-2"><a href="/2023/212.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Generating Secure Hardware using ChatGPT Resistant to CWEs</strong> <div class="mt-1"><span class="fst-italic">Madhav Nair, Rajat Sadhukhan, Debdeep Mukhopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The development of Artificial Intelligence (AI) based systems to automatically generate hardware systems has gained an impulse that aims to accelerate the hardware design cycle with no human intervention. Recently, the striking AI-based system ChatGPT from OpenAI has achieved a momentous headline and has gone viral within a short span of time since its launch. This chatbot has the capability to interactively communicate with the designers through a prompt to generate software and hardware...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/105" class="paperlink" href="/2023/105">2023/105</a> <span class="ms-2"><a href="/2023/105.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-01-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Gate-Level Masking of Streamlined NTRU Prime Decapsulation in Hardware</strong> <div class="mt-1"><span class="fst-italic">Georg Land, Adrian Marotzke, Jan Richter-Brockmann, Tim Güneysu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Streamlined NTRU Prime is a lattice-based Key Encapsulation Mechanism (KEM) that is, together with X25519, currently the default algorithm in OpenSSH 9. Being based on lattice assumptions, it is assumed to be secure also against attackers with access to large-scale quantum computers. While Post-Quantum Cryptography (PQC) schemes have been subject to extensive research in the recent years, challenges remain with respect to protection mechanisms against attackers that have additional...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/040" class="paperlink" href="/2023/040">2023/040</a> <span class="ms-2"><a href="/2023/040.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-04-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Closer Look at the Chaotic Ring Oscillators based TRNG Design</strong> <div class="mt-1"><span class="fst-italic">Shuqin Su, Bohan Yang, Vladimir Rožić, Mingyuan Yang, Min Zhu, Shaojun Wei, Leibo Liu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">TRNG is an essential component for security applications. A vulnerable TRNG could be exploited to facilitate potential attacks or be related to a reduced key space, and eventually results in a compromised cryptographic system. A digital FIRO-/GARO-based TRNG with high throughput and high entropy rate was introduced by Jovan Dj. Golić (TC’06). However, the fact that periodic oscillation is a main failure of FIRO-/GARO-based TRNGs is noticed in the paper (Markus Dichtl, ePrint’15). We verify...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1635" class="paperlink" href="/2022/1635">2022/1635</a> <span class="ms-2"><a href="/2022/1635.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-10-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FPT: a Fixed-Point Accelerator for Torus Fully Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Michiel Van Beirendonck, Jan-Pieter D&#39;Anvers, Furkan Turan, Ingrid Verbauwhede</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fully Homomorphic Encryption (FHE) is a technique that allows computation on encrypted data. It has the potential to drastically change privacy considerations in the cloud, but high computational and memory overheads are preventing its broad adoption. TFHE is a promising Torus-based FHE scheme that heavily relies on bootstrapping, the noise-removal tool invoked after each encrypted logical/arithmetical operation. We present FPT, a Fixed-Point FPGA accelerator for TFHE bootstrapping. FPT...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1086" class="paperlink" href="/2022/1086">2022/1086</a> <span class="ms-2"><a href="/2022/1086.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-03-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>KaLi: A Crystal for Post-Quantum Security using Kyber and Dilithium</strong> <div class="mt-1"><span class="fst-italic">Aikata Aikata, Ahmet Can Mert, Malik Imran, Samuel Pagliarini, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Quantum computers pose a threat to the security of communications over the internet. This imminent risk has led to the standardization of cryptographic schemes for protection in a post-quantum scenario. We present a design methodology for future implementations of such algorithms. This is manifested using the NIST selected digital signature scheme CRYSTALS-Dilithium and key encapsulation scheme CRYSTALS-Kyber. A unified architecture, \crystal, is proposed that can perform key generation,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/755" class="paperlink" href="/2022/755">2022/755</a> <span class="ms-2"><a href="/2022/755.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-06-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Low-latency Hardware Architecture for VDF Evaluation in Class Groups</strong> <div class="mt-1"><span class="fst-italic">Danyang Zhu, Jing Tian, Minghao Li, Zhongfeng Wang</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">The verifiable delay function (VDF), as a kind of cryptographic primitives, has recently been adopted quite often in decentralized systems. Highly correlated to the security of VDFs, the fastest implementation for VDF evaluation is generally desired to be publicly known. In this paper, for the first time, we propose a low-latency hardware implementation for the complete VDF evaluation in the class group by joint exploiting optimizations. On one side, we reduce the required computational...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/657" class="paperlink" href="/2022/657">2022/657</a> <span class="ms-2"><a href="/2022/657.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-09-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>BASALISC: Programmable Hardware Accelerator for BGV Fully Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Robin Geelen, Michiel Van Beirendonck, Hilder V. L. Pereira, Brian Huffman, Tynan McAuley, Ben Selfridge, Daniel Wagner, Georgios Dimou, Ingrid Verbauwhede, Frederik Vercauteren, David W. Archer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fully Homomorphic Encryption (FHE) allows for secure computation on encrypted data. Unfortunately, huge memory size, computational cost and bandwidth requirements limit its practicality. We present BASALISC, an architecture family of hardware accelerators that aims to substantially accelerate FHE computations in the cloud. BASALISC is the first to implement the BGV scheme with fully-packed bootstrapping – the noise removal capability necessary for arbitrary-depth computation. It supports a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/538" class="paperlink" href="/2022/538">2022/538</a> <span class="ms-2"><a href="/2022/538.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-03-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Post-Quantum Signatures on RISC-V with Hardware Acceleration</strong> <div class="mt-1"><span class="fst-italic">Patrick Karl, Jonas Schupp, Tim Fritzmann, Georg Sigl</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">CRYSTALS-Dilithium and Falcon are digital signature algorithms based on cryptographic lattices, that are considered secure even if large-scale quantum computers will be able to break conventional public-key cryptography. Both schemes have been selected for standardization in the NIST post-quantum competition. In this work, we present a RISC-V HW/SW odesign that aims to combine the advantages of software- and hardware implementations, i.e. flexibility and performance. It shows the use of ...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/530" class="paperlink" href="/2022/530">2022/530</a> <span class="ms-2"><a href="/2022/530.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-05-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>High-speed SABER Key Encapsulation Mechanism in 65nm CMOS</strong> <div class="mt-1"><span class="fst-italic">Malik Imran, Felipe Almeida, Andrea Basso, Sujoy Sinha Roy, Samuel Pagliarini</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Quantum computers will break cryptographic primitives that are based on integer factorization and discrete logarithm problems. SABER is a key agreement scheme based on the Learning With Rounding problem that is quantum-safe, i.e., resistant to quantum computer attacks. This article presents a high-speed silicon implementation of SABER in a 65nm technology as an Application Specific Integrated Circuit. The chip measures 1$mm^2$ in size and can operate at a maximum frequency of 715$MHz$ at a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/496" class="paperlink" href="/2022/496">2022/496</a> <span class="ms-2"><a href="/2022/496.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-04-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Lightweight Hardware Accelerator for Post-Quantum Digital Signature CRYSTALS-Dilithium</strong> <div class="mt-1"><span class="fst-italic">Naina Gupta, Arpan Jati, Anupam Chattopadhyay, Gautam Jha</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The looming threat of an adversary with Quantum computing capability led to a worldwide research effort towards identifying and standardizing novel post-quantum cryptographic primitives. Post-standardization, all existing security protocols will need to support efficient implementation of these primitives. In this work, we contribute to these efforts by reporting the smallest implementation of CRYSTALS-Dilithium, a finalist candidate for post-quantum digital signature. By invoking multiple...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/469" class="paperlink" href="/2022/469">2022/469</a> <span class="ms-2"><a href="/2022/469.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-04-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient ASIC Architectures for Low Latency Niederreiter Decryption</strong> <div class="mt-1"><span class="fst-italic">Daniel Fallnich, Shutao Zhang, Tobias Gemmeke</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Post-quantum cryptography addresses the increasing threat that quantum computing poses to modern communication systems. Among the available &#34;quantum-resistant&#34; systems, the Niederreiter cryptosystem is positioned as a conservative choice with strong security guarantees. As a code-based cryptosystem, the Niederreiter system enables high performance operations and is thus ideally suited for applications such as the acceleration of server workloads. However, until now, no ASIC architecture is...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/049" class="paperlink" href="/2022/049">2022/049</a> <span class="ms-2"><a href="/2022/049.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-01-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Small MACs from Small Permutations</strong> <div class="mt-1"><span class="fst-italic">Maria Eichlseder, Ahmet Can Mert, Christian Rechberger, Markus Schofnegger</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The concept of lightweight cryptography has gained in popularity recently, also due to various competitions and standardization efforts specifically targeting more efficient algorithms, which are also easier to implement. One of the important properties of lightweight constructions is the area of a hardware implementation, or in other words, the size of the implementation in a particular environment. Reducing the area usually has multiple advantages like decreased production cost or lower...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1560" class="paperlink" href="/2021/1560">2021/1560</a> <span class="ms-2"><a href="/2021/1560.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-11-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SAND: an AND-RX Feistel lightweight block cipher supporting S-box-based security evaluations</strong> <div class="mt-1"><span class="fst-italic">Shiyao Chen, Yanhong Fan, Ling Sun, Yong Fu, Haibo Zhou, Yongqing Li, Meiqin Wang, Weijia Wang, Chun Guo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We revisit designing AND-RX block ciphers, that is, the designs assembled with the most fundamental binary operations---AND, Rotation and XOR operations and do not rely on existing units. Likely, the most popular representative is the NSA cipher \texttt{SIMON}, which remains one of the most efficient designs, but suffers from difficulty in security evaluation. As our main contribution, we propose \texttt{SAND}, a new family of lightweight AND-RX block ciphers. To overcome the difficulty...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1523" class="paperlink" href="/2021/1523">2021/1523</a> <span class="ms-2"><a href="/2021/1523.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-11-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Perfect Trees: Designing Energy-Optimal Symmetric Encryption Primitives</strong> <div class="mt-1"><span class="fst-italic">Andrea Caforio, Subhadeep Banik, Yosuke Todo, Willi Meier, Takanori Isobe, Fukang Liu, Bin Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Energy efficiency is critical in battery-driven devices, and designing energy- optimal symmetric-key ciphers is one of the goals for the use of ciphers in such environments. In the paper by Banik et al. (IACR ToSC 2018), stream ciphers were identified as ideal candidates for low-energy solutions. One of the main conclusions of this paper was that Trivium, when implemented in an unrolled fashion, was by far the most energy-efficient way of encrypting larger quantity of data. In fact, it was...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1461" class="paperlink" href="/2021/1461">2021/1461</a> <span class="ms-2"><a href="/2021/1461.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-10-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Unified Cryptoprocessor for Lattice-based Signature and Key-exchange</strong> <div class="mt-1"><span class="fst-italic">Aikata Aikata, Ahmet Can Mert, David Jacquemin, Amitabh Das, Donald Matthews, Santosh Ghosh, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose design methodologies for building a compact, unified and programmable cryptoprocessor architecture that computes post-quantum key agreement and digital signature. Synergies in the two types of cryptographic primitives are used to make the cryptoprocessor compact. As a case study, the cryptoprocessor architecture has been optimized targeting the signature scheme &#39;CRYSTALS-Dilithium&#39; and the key encapsulation mechanism (KEM) &#39;Saber&#39;, both finalists in the NIST’s post-quantum...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1292" class="paperlink" href="/2021/1292">2021/1292</a> <span class="ms-2"><a href="/2021/1292.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-09-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion</strong> <div class="mt-1"><span class="fst-italic">Kavya Sreedhar, Mark Horowitz, Christopher Torng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The extended GCD (XGCD) calculation, which computes Bézout coefficients b_a, b_b such that b_a ∗ a_0 + b_b ∗ b_0 = GCD(a_0, b_0), is a critical operation in many cryptographic applications. In particular, large-integer XGCD is computationally dominant for two applications of increasing interest: verifiable delay functions that square binary quadratic forms within a class group and constant-time modular inversion for elliptic curve cryptography. Most prior work has focused on fast software...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1284" class="paperlink" href="/2021/1284">2021/1284</a> <span class="ms-2"><a href="/2021/1284.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-09-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>APAS: Application-Specific Accelerators for RLWE-based Homomorphic Linear Transformations</strong> <div class="mt-1"><span class="fst-italic">Song Bian, Dur E Shahwar Kundi, Kazuma Hirozawa, Weiqiang Liu, Takashi Sato</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Recently, the application of multi-party secure computing schemes based on homomorphic encryption in the field of machine learning attracts attentions across the research fields. Previous studies have demonstrated that secure protocols adopting packed additive homomorphic encryption (PAHE) schemes based on the ring learning with errors (RLWE) problem exhibit significant practical merits, and are particularly promising in enabling efficient secure inference in machine-learning-as-a-service...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1202" class="paperlink" href="/2021/1202">2021/1202</a> <span class="ms-2"><a href="/2021/1202.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-09-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Design Space Exploration of SABER in 65nm ASIC</strong> <div class="mt-1"><span class="fst-italic">Malik Imran, Felipe Almeida, Jaan Raik, Andrea Basso, Sujoy Sinha Roy, Samuel Pagliarini</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents a design space exploration for SABER, one of the finalists in NIST’s quantum-resistant public-key cryptographic standardization effort. Our design space exploration targets a 65nmASIC platform and has resulted in the evaluation of 6 different architectures. Our exploration is initiated by setting a baseline architecture which is ported from FPGA. In order to improve the clock frequency (the primary goal in our exploration), we have employed several optimizations: (i) use...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/886" class="paperlink" href="/2021/886">2021/886</a> <span class="ms-2"><a href="/2021/886.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-06-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Computational Records with Aging Hardware: Controlling Half the Output of SHA-256</strong> <div class="mt-1"><span class="fst-italic">Mellila Bouam, Charles Bouillaguet, Claire Delaplace, Camille Noûs</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">SHA-256 is a secure cryptographic hash function. As such, its output should not have any detectable property. This paper describes three bit strings whose hashes by SHA-256 are nevertheless correlated in a non-trivial way: the first half of their hashes XORs to zero. They were found by “brute-force”, without exploiting any cryptographic weakness in the hash function itself. This does not threaten the security of the hash function and does not have any cryptographic implication. This is an...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/659" class="paperlink" href="/2021/659">2021/659</a> <span class="ms-2"><a href="/2021/659.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-05-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Technical report: CoPHEE: Co-processor forPartially Homomorphic Encrypted Execution</strong> <div class="mt-1"><span class="fst-italic">Mohammed Nabeel, Mohammed Ashraf, Eduardo Chielle, Nektarios G. Tsoutsos, Michail Maniatakos</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This technical report provides extensive information for designing, implementing, fabricating, and validating CoPHEE: A Co-Processor for Partially Homomorphic Encrypted Execution, complementing the publication appearing in the 2019 IEEE Hardware-Oriented Security and Trust symposium.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/364" class="paperlink" href="/2021/364">2021/364</a> <span class="ms-2"><a href="/2021/364.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-03-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>RAGHAV: A new low power S-P network encryption design for resource constrained environment</strong> <div class="mt-1"><span class="fst-italic">GAURAV BANSOD</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper proposes a new ultra lightweight cipher RAGHAV. RAGHAV is a Substitution-Permutation (SP) network, which operates on 64 bit plaintext and supports a 128/80 bit key scheduling. It needs only 994.25 GEs by using 0.13µm ASIC technology for a 128 bit key scheduling. It also needs less memory i.e. 2204 bytes of FLASH memory , which is less as compared to all existing S-P network lightweight ciphers. This paper presents a complete security analysis of RAGHAV, which includes basic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/049" class="paperlink" href="/2021/049">2021/049</a> <span class="ms-2"><a href="/2021/049.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-02-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ASIC Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process</strong> <div class="mt-1"><span class="fst-italic">Mark D. Aagaard, Nusa Zidaric</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This report presents area, throughput, and energy results for synthesizing the NIST Lightweight Cryptography Round 2 candidates on five ASIC cell libraries using two different synthesis tool suites.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/037" class="paperlink" href="/2021/037">2021/037</a> <span class="ms-2"><a href="/2021/037.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-02-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>New First-Order Secure AES Performance Records</strong> <div class="mt-1"><span class="fst-italic">Aein Rezaei Shahmirzadi, Dušan Božilov, Amir Moradi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Being based on a sound theoretical basis, masking schemes are commonly applied to protect cryptographic implementations against Side-Channel Analysis (SCA) attacks. Constructing SCA-protected AES, as the most widely deployed block cipher, has been naturally the focus of several research projects, with a direct application in industry. The majority of SCA-secure AES implementations introduced to the community opted for low area and latency overheads considering Application-Specific Integrated...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1457" class="paperlink" href="/2020/1457">2020/1457</a> <span class="ms-2"><a href="/2020/1457.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-10-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3</strong> <div class="mt-1"><span class="fst-italic">Patrick Longa, Wen Wang, Jakub Szefer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work presents a detailed study of the classical security of the post-quantum supersingular isogeny key encapsulation (SIKE) protocol using a realistic budget-based cost model that considers the actual computing and memory costs that are needed for cryptanalysis. In this effort, we design especially-tailored hardware accelerators for the time-critical multiplication and isogeny computations that we use to model an ASIC-powered instance of the van Oorschot-Wiener (vOW) parallel collision...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1148" class="paperlink" href="/2020/1148">2020/1148</a> <span class="ms-2"><a href="/2020/1148.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-03-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An Area Aware Accelerator for Elliptic Curve Point Multiplication</strong> <div class="mt-1"><span class="fst-italic">Malik Imran, Samuel Pagliarini, Muhammad Rashid</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work presents a hardware accelerator, for the optimization of latency and area at the same time, to improve the performance of point multiplication process in Elliptic Curve Cryptography. In order to reduce the overall computation time in the proposed 2-stage pipelined architecture, a rescheduling of point addition and point doubling instructions is performed along with an efficient use of required memory locations. Furthermore, a 41-bit multiplier is also proposed. Consequently, the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/804" class="paperlink" href="/2020/804">2020/804</a> <span class="ms-2"><a href="/2020/804.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-06-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Lightweight Ciphers on a 65 nm ASIC - A Comparative Study on Energy Consumption</strong> <div class="mt-1"><span class="fst-italic">Bastian Richter, Amir Moradi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Low energy consumption is an important factor in today&#39;s technologies as many devices run on a battery and there are new applications which require long runtimes with very small batteries. As many of these devices are connected to some kind of network, they require encryption/decryption to securely transmit data. Hence, the energy consumption of the cipher is an important factor for the battery life. We evaluate the energy consumption of lightweight ciphers implemented on a custom 65nm ASIC....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/795" class="paperlink" href="/2020/795">2020/795</a> <span class="ms-2"><a href="/2020/795.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-10-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Implementation and Benchmarking of Round 2 Candidates in the NIST Post-Quantum Cryptography Standardization Process Using Hardware and Software/Hardware Co-design Approaches</strong> <div class="mt-1"><span class="fst-italic">Viet Ba Dang, Farnoud Farahmand, Michal Andrzejczak, Kamyar Mohajerani, Duc Tri Nguyen, Kris Gaj</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Performance in hardware has typically played a major role in differentiating among leading candidates in cryptographic standardization efforts. Winners of two past NIST cryptographic contests (Rijndael in case of AES and Keccak in case of SHA-3) were ranked consistently among the two fastest candidates when implemented using FPGAs and ASICs. Hardware implementations of cryptographic operations may quite easily outperform software implementations for at least a subset of major performance...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/791" class="paperlink" href="/2020/791">2020/791</a> <span class="ms-2"><a href="/2020/791.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-06-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Virtual ASICs: Generalized Proof-of-Stake Mining in Cryptocurrencies</strong> <div class="mt-1"><span class="fst-italic">Chaya Ganesh, Claudio Orlandi, Daniel Tschudi, Aviv Zohar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In proof-of-work based cryptocurrencies, miners invest computing power to maintain a distributed ledger. The drawback of such a consensus protocol is its immense energy consumption. Bitcoin, for example consumes as much energy as a small nation state. To prevent this waste of energy various consensus mechanism such as proof-of-space or proof-of-stake have been proposed. In proof-of-stake, block creators are selected based on the amounts of money they stake instead of their expanded...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/751" class="paperlink" href="/2020/751">2020/751</a> <span class="ms-2"><a href="/2020/751.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-05-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>DANA - Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering</strong> <div class="mt-1"><span class="fst-italic">Nils Albartus, Max Hoffmann, Sebastian Temme, Leonid Azriel, Christof Paar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Reverse engineering of integrated circuits, i.e., understanding the internals of IC, is required for many benign and malicious applications. Examples of the former are detection of patent infringements, hardware Trojans or IP-theft, as well as interface recovery and defect analysis, while malicious applications include IP-theft and finding insertion points for hardware Trojans. However, regardless of the application, the reverse engineer initially starts with a large unstructured netlist,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/480" class="paperlink" href="/2020/480">2020/480</a> <span class="ms-2"><a href="/2020/480.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-09-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Low-Latency ASIC Algorithms of Modular Squaring of Large Integers for VDF Evaluation</strong> <div class="mt-1"><span class="fst-italic">Ahmet Can Mert, Erdinc Ozturk, Erkay Savas</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This study is an attempt in quest of the fastest hardware algorithms for the computation of the evaluation component of verifiable delay functions (VDFs), $a^{2^T} \bmod N$, proposed for use in various distributed protocols, in which no party is assumed to compute it significantly faster than other participants. To this end, we propose a class of modular squaring algorithms suitable for low-latency ASIC implementations. The proposed algorithms aim to achieve highest levels of parallelization...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/446" class="paperlink" href="/2020/446">2020/446</a> <span class="ms-2"><a href="/2020/446.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-09-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>RISQ-V: Tightly Coupled RISC-V Accelerators for Post-Quantum Cryptography</strong> <div class="mt-1"><span class="fst-italic">Tim Fritzmann, Georg Sigl, Johanna Sepúlveda</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Empowering electronic devices to support Post-Quantum Cryptography (PQC) is a challenging task. PQC introduces new mathematical elements and operations which are usually not easy to implement on standard processors. Especially for low cost and resource constraint devices, hardware acceleration is usually required. In addition, as the standardization process of PQC is still ongoing, a focus on maintaining flexibility is mandatory. To cope with such requirements, hardware/software co-design...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/435" class="paperlink" href="/2020/435">2020/435</a> <span class="ms-2"><a href="/2020/435.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-04-15</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>WAGE: An Authenticated Encryption with a Twist</strong> <div class="mt-1"><span class="fst-italic">Riham AlTawy, Guang Gong, Kalikinkar Mandal, Raghvendra Rohit</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents WAGE, a new lightweight sponge-based authenticated cipher whose underlying permutation is based on a 37-stage Galois NLFSR over $\mathbb{F}_{2^7}$. At its core, the round function of the permutation consists of the well-analyzed Welch-Gong permutation (WGP), primitive feedback polynomial, a newly designed 7-bit SB sbox and partial word-wise XORs. The construction of the permutation is carried out such that the design of individual components is highly coupled with...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/369" class="paperlink" href="/2020/369">2020/369</a> <span class="ms-2"><a href="/2020/369.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-04-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The Risk of Outsourcing: Hidden SCA Trojans in Third-Party IP-Cores Threaten Cryptographic ICs</strong> <div class="mt-1"><span class="fst-italic">David Knichel, Thorben Moos, Amir Moradi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Side-channel analysis (SCA) attacks – especially power analysis – are powerful ways to extract the secrets stored in and processed by cryptographic devices. In recent years, researchers have shown interest in utilizing on-chip measurement facilities to perform such SCA attacks remotely. It was shown that simple voltage-monitoring sensors can be constructed from digital elements and put on multi-tenant FPGAs to perform remote attacks on neighbouring cryptographic co-processors. A similar...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/739" class="paperlink" href="/2019/739">2019/739</a> <span class="ms-2"><a href="/2019/739.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-06-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Survey on Authenticated Encryption -- ASIC Designer&#39;s Perspective</strong> <div class="mt-1"><span class="fst-italic">Elif Bilge Kavun, Hristina Mihajloska, Tolga Yalcin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the Internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/505" class="paperlink" href="/2019/505">2019/505</a> <span class="ms-2"><a href="/2019/505.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-04-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>DL-LA: Deep Learning Leakage Assessment: A modern roadmap for SCA evaluations</strong> <div class="mt-1"><span class="fst-italic">Thorben Moos, Felix Wegener, Amir Moradi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In recent years, deep learning has become an attractive ingredient to side-channel analysis (SCA) due to its potential to improve the success probability or enhance the performance of certain frequently executed tasks. One task that is commonly assisted by machine learning techniques is the profiling of a device&#39;s leakage behavior in order to carry out a template attack. At CHES 2019, deep learning has also been applied to non-profiled scenarios for the first time, extending its reach within...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/047" class="paperlink" href="/2019/047">2019/047</a> <span class="ms-2"><a href="/2019/047.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-05-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>NIST Post-Quantum Cryptography- A Hardware Evaluation Study</strong> <div class="mt-1"><span class="fst-italic">Kanad Basu, Deepraj Soni, Mohammed Nabeel, Ramesh Karri</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Experts forecast that quantum computers can break classical cryptographic algorithms. Scientists are developing post quantum cryptographic (PQC) algorithms, that are invulnerable to quantum computer attacks. The National Institute of Standards and Technology (NIST) started a public evaluation process to standardize quantum-resistant public key algorithms. The objective of our study is to provide a hardware comparison of the NIST PQC competition candidates. For this, we use a High-Level...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/832" class="paperlink" href="/2018/832">2018/832</a> <span class="ms-2"><a href="/2018/832.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-09-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Lightweight and Side-channel Secure 4x4 S-Boxes from Cellular Automata Rules</strong> <div class="mt-1"><span class="fst-italic">Ashrujit Ghoshal, Rajat Sadhukhan, Sikhar Patranabis, Nilanjan Datta, Stjepan Picek, Debdeep Mukhopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work focuses on side-channel resilient design strategies for symmetric-key cryptographic primitives targeting lightweight applications. In light of NIST&#39;s lightweight cryptography project, design choices for block ciphers must consider not only security against traditional cryptanalysis, but also side-channel security, while adhering to low area and power requirements. In this paper, we explore design strategies for substitution-permutation network (SPN)-based block ciphers that make...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/724" class="paperlink" href="/2018/724">2018/724</a> <span class="ms-2"><a href="/2018/724.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-08-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Rethinking Secure FPGAs: Towards a Cryptography-friendly Configurable Cell Architecture and its Automated Design Flow</strong> <div class="mt-1"><span class="fst-italic">Nele Mentens, Edoardo Charbon, Francesco Regazzoni</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work proposes the first fine-grained configurable cell array specifically tailored for cryptographic implementations. The proposed architecture can be added to future FPGAs as an application-specific configurable building block, or to an ASIC as an embedded FPGA (eFPGA). The goal is to map cryptographic ciphers on combinatorial cells that are more efficient than general purpose lookup tables in terms of silicon area, configuration memory and combinatorial delay. As a first step in this...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/676" class="paperlink" href="/2018/676">2018/676</a> <span class="ms-2"><a href="/2018/676.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-10-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Static Power Side-Channel Analysis - An Investigation of Measurement Factors</strong> <div class="mt-1"><span class="fst-italic">Thorben Moos, Amir Moradi, Bastian Richter</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. Its continuous growth in nanometer-scaled technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. Additionally, it has to be noted that several of the numerous sources of static power dissipation in CMOS circuits exhibit an exponential dependency on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/667" class="paperlink" href="/2018/667">2018/667</a> <span class="ms-2"><a href="/2018/667.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-07-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On Hardware Implementation of Tang-Maitra Boolean Functions</strong> <div class="mt-1"><span class="fst-italic">Mustafa Khairallah, Anupam Chattopadhyay, Bimal Mandal, Subhamoy Maitra</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we investigate the hardware circuit complexity of the class of Boolean functions recently introduced by Tang and Maitra (IEEE-TIT 64(1): 393 402, 2018). While this class of functions has very good cryptographic properties, the exact hardware requirement is an immediate concern as noted in the paper itself. In this direction, we consider different circuit architectures based on finite field arithmetic and Boolean optimization. An estimation of the circuit complexity is provided...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/431" class="paperlink" href="/2018/431">2018/431</a> <small class="ms-auto">Last updated: 2018-05-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Lightweight ASIC Implementation of AEGIS-128</strong> <div class="mt-1"><span class="fst-italic">Anubhab Baksi, Vikramkumar Pudi, Swagata Mandal, Anupam Chattopadhyay</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we study the problem of implementing the AEAD scheme, AEGIS-128, which is a finalist in the recently concluded competition, CAESAR. In order to achieve lightweight (least area) implementation, we first look into one round of AES encryption, which is a building block in this cipher. In this regard, we make use of the state-of-the-art implementation of AES in ASIC. We benchmark one round AES encryption (which is done for the first time) and later use it with AEGIS-128 to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/1261" class="paperlink" href="/2017/1261">2017/1261</a> <span class="ms-2"><a href="/2017/1261.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-05-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Comprehensive Performance Analysis of Hardware Implementations of CAESAR Candidates</strong> <div class="mt-1"><span class="fst-italic">Sachin Kumar, Jawad Haj-Yahya, Mustafa Khairallah, Mahmoud A. Elmohr, Anupam Chattopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Authenticated encryption with Associated Data (AEAD) plays a significant role in cryptography because of its ability to provide integrity, confidentiality and authenticity at the same time. Due to the emergence of security at the edge of computing fabric, such as, sensors and smartphone devices, there is a growing need of lightweight AEAD ciphers. Currently, a worldwide contest, titled CAESAR, is being held to decide on a set of AEAD ciphers, which are distinguished by their security,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/1019" class="paperlink" href="/2017/1019">2017/1019</a> <span class="ms-2"><a href="/2017/1019.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-10-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Looting the LUTs : FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption</strong> <div class="mt-1"><span class="fst-italic">Mustafa Khairallah, Anupam Chattopadhyay, Thomas Peyrin</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we investigate the efficiency of FPGA implementations of AES and AES-like ciphers, specially in the context of authenticated encryption. We consider the encryption/decryption and the authentication/verification structures of OCB-like modes (like OTR or SCT modes). Their main advantage is that they are fully parallelisable. While this feature has already been used to increase the throughput/performance of hardware implementations, it is usually overlooked while comparing...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/992" class="paperlink" href="/2017/992">2017/992</a> <span class="ms-2"><a href="/2017/992.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-10-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Leakage Bounds for Gaussian Side Channels</strong> <div class="mt-1"><span class="fst-italic">Thomas Unterluggauer, Thomas Korak, Stefan Mangard, Robert Schilling, Luca Benini, Frank Gürkaynak, Michael Muehlberghuber</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In recent years, many leakage-resilient schemes have been published. These schemes guarantee security against side-channel attacks given bounded leakage of the underlying primitive. However, it is a challenging task to reliably determine these leakage bounds from physical properties. In this work, we present a novel approach to find reliable leakage bounds for side channels of cryptographic implementations when the input data complexity is limited such as in leakage-resilient schemes. By...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/865" class="paperlink" href="/2017/865">2017/865</a> <span class="ms-2"><a href="/2017/865.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-09-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The First Thorough Side-Channel Hardware Trojan</strong> <div class="mt-1"><span class="fst-italic">Maik Ender, Samaneh Ghandali, Amir Moradi, Christof Paar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/747" class="paperlink" href="/2017/747">2017/747</a> <span class="ms-2"><a href="/2017/747.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-09-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>sLiSCP: Simeck-based Permutations for Lightweight Sponge Cryptographic Primitives</strong> <div class="mt-1"><span class="fst-italic">Riham AlTawy, Raghvendra Rohit, Morgan He, Kalikinkar Mandal, Gangqiang Yang, Guang Gong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we propose a family of lightweight cryptographic permutations called sLiSCP, with the sole aim to provide a realistic minimal design}that suits a variety of lightweight device applications. More precisely, we argue that for such devices the chip area dedicated for security purposes should, not only be consumed by an encryption or hashing algorithm, but also provide as many cryptographic functionalities as possible. Our main contribution is the design of a lightweight...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/630" class="paperlink" href="/2017/630">2017/630</a> <span class="ms-2"><a href="/2017/630.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-06-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Gimli: a cross-platform permutation</strong> <div class="mt-1"><span class="fst-italic">Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, Benoît Viguier</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32-bit ARM smartphone CPUs, 32-bit ARM microcontrollers, 8-bit AVR microcontrollers, FPGAs, ASICs without side-channel protection, and ASICs with side-channel protection.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/600" class="paperlink" href="/2017/600">2017/600</a> <span class="ms-2"><a href="/2017/600.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-06-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Bit-Sliding: A Generic Technique for Bit-Serial Implementations of SPN-based Primitives -- Applications to AES, PRESENT and SKINNY</strong> <div class="mt-1"><span class="fst-italic">Jeremy Jean, Amir Moradi, Thomas Peyrin, Pascal Sasdrich</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Area minimization is one of the main efficiency criterion for lightweight encryption primitives. While reducing the implementation data path is a natural strategy for achieving this goal, Substitution-Permutation Network (SPN) ciphers are usually hard to implement in a bit-serial way (1-bit data path). More generally, this is hard for any data path smaller than its Sbox size, since many scan flip-flops would be required for storage, which are more area-expensive than regular flip-flops. In...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/283" class="paperlink" href="/2017/283">2017/283</a> <span class="ms-2"><a href="/2017/283.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-03-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the Easiness of Turning Higher-Order Leakages into First-Order</strong> <div class="mt-1"><span class="fst-italic">Thorben Moos, Amir Moradi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Applying random and uniform masks to the processed intermediate values of cryptographic algorithms is arguably the most common countermeasure to thwart side-channel analysis attacks. So-called masking schemes exist in various shapes but are mostly used to prevent side-channel leakages up to a certain statistical order. Thus, to learn any information about the key-involving computations a side-channel adversary has to estimate the higher-order statistical moments of the leakage distributions....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/230" class="paperlink" href="/2017/230">2017/230</a> <span class="ms-2"><a href="/2017/230.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-03-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Smart Contracts Make Bitcoin Mining Pools Vulnerable</strong> <div class="mt-1"><span class="fst-italic">Yaron Velner, Jason Teutsch, Loi Luu</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Despite their incentive structure flaws, mining pools account for more than 95% of Bitcoin&#39;s computation power. This paper introduces an attack against mining pools in which a malicious party pays pool members to withhold their solutions from their pool operator. We show that an adversary with a tiny amount of computing power and capital can execute this attack. Smart contracts enforce the malicious party&#39;s payments, and therefore miners need neither trust the attacker&#39;s intentions nor his...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/225" class="paperlink" href="/2017/225">2017/225</a> <span class="ms-2"><a href="/2017/225.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-09-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Bandwidth Hard Functions for ASIC Resistance</strong> <div class="mt-1"><span class="fst-italic">Ling Ren, Srinivas Devadas</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Cryptographic hash functions have wide applications including password hashing, pricing functions for spam and denial-of-service countermeasures and proof of work in cryptocurrencies. Recent progress on ASIC (Application Specific Integrated Circuit) hash engines raise concerns about the security of the above applications. This leads to a growing interest in ASIC resistant hash function and ASIC resistant proof of work schemes, i.e., those that do not give ASICs a huge advantage....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/101" class="paperlink" href="/2017/101">2017/101</a> <span class="ms-2"><a href="/2017/101.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-11-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Optimizing Implementations of Lightweight Building Blocks</strong> <div class="mt-1"><span class="fst-italic">Jeremy Jean, Thomas Peyrin, Siang Meng Sim, Jade Tourteaux</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We study the synthesis of small functions used as building blocks in lightweight cryptographic designs in terms of hardware implementations. This phase most notably appears during the ASIC implementation of cryptographic primitives. The quality of this step directly affects the output circuit, and while general tools exist to carry out this task, most of them belong to proprietary software suites and apply heuristics to any size of functions. In this work, we focus on small functions (4- and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/1135" class="paperlink" href="/2016/1135">2016/1135</a> <span class="ms-2"><a href="/2016/1135.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-12-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Static Power Side-Channel Analysis of a Threshold Implementation Prototype Chip</strong> <div class="mt-1"><span class="fst-italic">Thorben Moos, Amir Moradi, Bastian Richter</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/783" class="paperlink" href="/2016/783">2016/783</a> <span class="ms-2"><a href="/2016/783.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-08-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the Memory-Hardness of Data-Independent Password-Hashing Functions</strong> <div class="mt-1"><span class="fst-italic">Joël Alwen, Peter Gaži, Chethan Kamath, Karen Klein, Georg Osang, Krzysztof Pietrzak, Leonid Reyzin, Michal Rolínek, Michal Rybár</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We show attacks on five data-independent memory-hard functions (iMHF) that were submitted to the password hashing competition. Informally, an MHF is a function which cannot be evaluated on dedicated hardware, like ASICs, at significantly lower energy and/or hardware cost than evaluating a single instance on a standard single-core architecture. Data-independent means the memory access pattern of the function is independent of the input; this makes iMHFs harder to construct than...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/752" class="paperlink" href="/2016/752">2016/752</a> <span class="ms-2"><a href="/2016/752.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-08-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ELiF : An Extremely Lightweight &amp; Flexible Block Cipher Family and Its Experimental Security</strong> <div class="mt-1"><span class="fst-italic">Adnan Baysal, Ünal Kocabaş</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we analyzed an extreme case of lightweight block cipher design in terms of security and efficiency. To do this, we proposed ELiF block cipher family which has one of the smallest hardware area in a fully serial design. We also defined ELiF to be flexible and scalable so that it can be implemented for real life applications with different scenarios such as fixed key implementations. We also gave hardware implementation results for different implementation settings to show its...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/660" class="paperlink" href="/2016/660">2016/660</a> <span class="ms-2"><a href="/2016/660.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-10-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS</strong> <div class="mt-1"><span class="fst-italic">Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, Siang Meng Sim</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present a new tweakable block cipher family SKINNY , whose goal is to compete with NSA recent design SIMON in terms of hardware/software performances, while proving in addition much stronger security guarantees with regards to differential/linear attacks. In particular, unlike SIMON, we are able to provide strong bounds for all versions, and not only in the single-key model, but also in the related-key or related-tweak model. SKINNY has flexible block/key/tweak sizes and can also benefit...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/330" class="paperlink" href="/2016/330">2016/330</a> <span class="ms-2"><a href="/2016/330.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-03-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>NaCl&#39;s Crypto_Box in Hardware</strong> <div class="mt-1"><span class="fst-italic">Michael Hutter, Jürgen Schilling, Peter Schwabe, Wolfgang Wieser</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents a low-resource hardware implementation of the widely used crypto_box function of the Networking and Cryptography library (NaCl). It supports the X25519 Diffie-Hellman key exchange using Curve25519, the Salsa20 stream cipher, and the Poly1305 message authenticator. Our targeted application is a secure communication between devices in the Internet of Things (IoT) and Internet servers. Such devices are highly resource-constrained and require carefully optimized hardware...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/294" class="paperlink" href="/2016/294">2016/294</a> <span class="ms-2"><a href="/2016/294.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-03-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Evaluation and Improvement of Generic-Emulating DPA Attacks</strong> <div class="mt-1"><span class="fst-italic">Weijia Wang, Yu Yu, Junrong Liu, Zheng Guo, François-Xavier Standaert, Dawu Gu, Sen Xu, Rong Fu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">At CT-RSA 2014, Whitnall, Oswald and Standaert gave the impossibility result that no generic DPA strategies (i.e., without any \emph{a priori} knowledge about the leakage characteristics) can recover secret information from a physical device by considering an injective target function (e.g., AES and PRESENT S-boxes), and as a remedy, they proposed a slightly relaxed strategy ``generic-emulating DPAs&#39;&#39; free from the non-injectivity constraint. However, as we show in this paper, the only...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/115" class="paperlink" href="/2016/115">2016/115</a> <span class="ms-2"><a href="/2016/115.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-03-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficiently Computing Data-Independent Memory-Hard Functions</strong> <div class="mt-1"><span class="fst-italic">Joel Alwen, Jeremiah Blocki</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">A memory-hard function (MHF) $f$ is equipped with a {\em space cost} $\sigma$ and {\em time cost} $\tau$ parameter such that repeatedly computing $f_{\sigma,\tau}$ on an application specific integrated circuit (ASIC) is not economically advantageous relative to a general purpose computer. Technically we would like that any (generalized) circuit for evaluating an iMHF $f_{\sigma,\tau}$ has area $\times$ time (AT) complexity at $\Theta(\sigma^2 * \tau)$. A data-independent MHF (iMHF) has the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/104" class="paperlink" href="/2016/104">2016/104</a> <span class="ms-2"><a href="/2016/104.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-02-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Open Sesame: The Password Hashing Competition and Argon2</strong> <div class="mt-1"><span class="fst-italic">Jos Wetzels</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this document we present an overview of the background to and goals of the Password Hashing Competition (PHC) as well as the design of its winner, Argon2, and its security requirements and properties.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/1243" class="paperlink" href="/2015/1243">2015/1243</a> <span class="ms-2"><a href="/2015/1243.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-05-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Verifiable ASICs</strong> <div class="mt-1"><span class="fst-italic">Riad S. Wahby, Max Howald, Siddharth Garg, abhi shelat, Michael Walfish</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/1218" class="paperlink" href="/2015/1218">2015/1218</a> <small class="ms-auto">Last updated: 2017-04-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>$Area-Time$ Efficient Hardware Implementation of Elliptic Curve Cryptosystem</strong> <div class="mt-1"><span class="fst-italic">Anissa Sghaier, Medien Zeghid, Belgacem Bouallegue, Adel Baganne, Mohsen Machhout</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">The strength of ECC lies in the hardness of elliptic curve discrete logarithm problem (ECDLP) and the high level security with significantly smaller keys. Thus, using smaller key sizes is a gain in term of speed, power, bandwidth, and storage. Point multiplication is the most common operation in ECC and the most used method to compute it is Montgomery Algorithm. This paper describes an area-efficient hardware implementation of Elliptic Curve Cryptography (ECC) over $GF(2^m)$. We used the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/1109" class="paperlink" href="/2015/1109">2015/1109</a> <span class="ms-2"><a href="/2015/1109.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-11-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient and Low-complexity Hardware Architecture of Gaussian Normal Basis Multiplication over GF(2m) for Elliptic Curve Cryptosystems</strong> <div class="mt-1"><span class="fst-italic">Bahram Rashidi, Sayed Masoud Sayedi, Reza Rezaeian Farashahi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper an efficient high-speed architecture of Gaussian normal basis multiplier over binary finite field GF(2m) is presented. The structure is constructed by using regular modules for computation of exponentiation by powers of 2 and low-cost blocks for multiplication by normal elements of the binary field. Since the exponents are powers of 2, the modules are implemented by some simple cyclic shifts in the normal basis representation. As a result, the multiplier has a simple structure...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/946" class="paperlink" href="/2015/946">2015/946</a> <span class="ms-2"><a href="/2015/946.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-10-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem</strong> <div class="mt-1"><span class="fst-italic">Alex Biryukov, Dmitry Khovratovich</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Proof-of-work is a central concept in modern cryptocurrencies and denial-of-service protection tools, but the requirement for fast verification so far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on memory-intensive computations in order to remedy the disparity between architectures have resulted in slow or broken schemes. In this paper we solve this open problem and show how to construct an asymmetric proof-of-work (PoW) based on a computationally...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/789" class="paperlink" href="/2015/789">2015/789</a> <span class="ms-2"><a href="/2015/789.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-08-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Hardware Implementations of the Warbler Pseudorandom Number Generator</strong> <div class="mt-1"><span class="fst-italic">Gangqiang Yang, Mark D. Aagaard, Guang Gong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Pseudorandom number generators (PRNGs) are very important for EPC Class 1 Generation 2 (EPC C1 G2) Radio Frequency Identification (RFID) systems. A PRNG is able to provide a 16-bit random number that is used in many commands of the EPC C1 G2 standard, and it can also be used in future security extensions of the EPC C1 G2 standard, such as mutual authentication protocols between the readers and tags. In this paper, we investigate efficient ASIC hardware implementations of Warbler (a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/612" class="paperlink" href="/2015/612">2015/612</a> <span class="ms-2"><a href="/2015/612.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-06-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The Simeck Family of Lightweight Block Ciphers</strong> <div class="mt-1"><span class="fst-italic">Gangqiang Yang, Bo Zhu, Valentin Suder, Mark D. Aagaard, Guang Gong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Two lightweight block cipher families, SIMON and SPECK, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both SIMON and SPECK, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 $\mu W$ in...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/593" class="paperlink" href="/2015/593">2015/593</a> <span class="ms-2"><a href="/2015/593.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-06-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Physical Approach for Stochastic Modeling of TERO-based TRNG</strong> <div class="mt-1"><span class="fst-italic">Patrick HADDAD, Viktor FISCHER, Florent BERNARD, Jean NICOLAI</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO) based true random number generator (TRNG) proposed by Varchola and Drutarovsky in 2010. The advantage and originality of this model is that it is derived from a physical model based on a detailed study...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/427" class="paperlink" href="/2015/427">2015/427</a> <span class="ms-2"><a href="/2015/427.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-05-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A High Reliability PUF Using Hot Carrier Injection Based Response Reinforcement</strong> <div class="mt-1"><span class="fst-italic">Mudit Bhargava, Ken Mai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Achieving high reliability across environmental variations and over aging in physical unclonable functions (PUFs) remains a challenge for PUF designers. The conventional method to improve PUF reliability is to use powerful error correction codes (ECC) to correct the errors in the raw response from the PUF core. Unfortunately, these ECC blocks generally have high VLSI overheads, which scale up quickly with the error correction capability. Alternately, researchers have proposed techniques to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/348" class="paperlink" href="/2015/348">2015/348</a> <span class="ms-2"><a href="/2015/348.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-04-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Hardware-based Countermeasure to Reduce Side-Channel Leakage - Design, Implementation, and Evaluation</strong> <div class="mt-1"><span class="fst-italic">An­dre­as Gor­nik, Amir Mo­ra­di, Jür­gen Oehm, Chris­tof Paar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Side-channel attacks are one of the major concerns for security-enabled applications as they make use of information leaked by the physical implementation of the underlying cryptographic algorithm. Hence, reducing the side-channel leakage of the circuits realizing the cryptographic primitives is amongst the main goals of circuit designers. In this work we present a novel circuit concept, which decouples the main power supply from an internal power supply that is used to drive a single logic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/200" class="paperlink" href="/2015/200">2015/200</a> <span class="ms-2"><a href="/2015/200.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-03-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs</strong> <div class="mt-1"><span class="fst-italic">Alexander Wild, Amir Moradi, Tim Güneysu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Power-equalization schemes for digital circuits aim to harden cryptographic designs against power analysis attacks. With respect to dual-rail logics most of these schemes have originally been designed for ASIC platforms, but much efforts have been spent to map them to FPGAs as well. A particular challenge is here to apply those schemes to the predefined logic structures of FPGAs (i.e., slices, LUTs, FFs, and routing switch boxes) for which special tools are required. Due to the absence of...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/065" class="paperlink" href="/2015/065">2015/065</a> <span class="ms-2"><a href="/2015/065.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-01-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A lightweight-friendly modifcation of GOST block cipher</strong> <div class="mt-1"><span class="fst-italic">Andrey Dmukh, Denis Dygin, Grigory Marshalko</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We study the possibility of GOST block cipher modifcation in such way, that it would resist Isobe and Dinur-Dunkelman-Shamir attacks, and, at the same time, would be still lightweight-friendly.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/912" class="paperlink" href="/2014/912">2014/912</a> <span class="ms-2"><a href="/2014/912.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-11-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Low-Cost Concurrent Error Detection for GCM and CCM</strong> <div class="mt-1"><span class="fst-italic">Xiaofei Guo, Ramesh Karri</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/862" class="paperlink" href="/2014/862">2014/862</a> <span class="ms-2"><a href="/2014/862.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-10-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Low-Latency ECDSA Signature Verification - A Road Towards Safer Traffic -</strong> <div class="mt-1"><span class="fst-italic">Miroslav Knezevic, Ventzislav Nikov, Peter Rombouts</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Car-to-car and Car-to-Infrastructure messages exchanged in Intelligent Transportation Systems can reach reception rates up to and over 1000 messages per second. As these messages contain ECDSA signatures this puts a very heavy load onto the verification hardware. In fact the load is so high that currently it can only be achieved by implementations running on high end CPUs and FPGAs. These implementations are far from cost-effective nor energy efficient. In this paper we present an ASIC...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/783" class="paperlink" href="/2014/783">2014/783</a> <span class="ms-2"><a href="/2014/783.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-10-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Parametric Trojans for Fault-Injection Attacks on Cryptographic Hardware</strong> <div class="mt-1"><span class="fst-italic">Raghavan Kumar, Philipp Jovanovic, Wayne Burleson, Ilia Polian</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose two extremely stealthy hardware Trojans that facilitate fault-injection attacks in cryptographic blocks. The Trojans are carefully inserted to modify the electrical characteristics of predetermined transistors in a circuit by altering parameters such as doping concentration and dopant area. These Trojans are activated with very low probability under the presence of a slightly reduced supply voltage (0.001 for 20\% $V_{dd}$ reduction). We demonstrate the effectiveness of the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/782" class="paperlink" href="/2014/782">2014/782</a> <span class="ms-2"><a href="/2014/782.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-10-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Precise Fault-Injections using Voltage and Temperature Manipulation for Differential Cryptanalysis</strong> <div class="mt-1"><span class="fst-italic">Raghavan Kumar, Philipp Jovanovic, Ilia Polian</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">State-of-the-art fault-based cryptanalysis methods are capable of breaking most recent ciphers after only a few fault injections. However, they require temporal and spatial accuracies of fault injection that were believed to rule out low-cost injection techniques such as voltage, frequency or temperature manipulation. We investigate selection of supply-voltage and temperature values that are suitable for high-precision fault injection even up to a single bit. The object of our studies is an...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/734" class="paperlink" href="/2014/734">2014/734</a> <span class="ms-2"><a href="/2014/734.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-09-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>S-box pipelining using genetic algorithms for high-throughput AES implementations: How fast can we go?</strong> <div class="mt-1"><span class="fst-italic">Lejla Batina, Domagoj Jakobovic, Nele Mentens, Stjepan Picek, Antonio de la Piedra, Dominik Sisejkovic</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In the last few years, several practitioners have proposed a wide range of approaches for reducing the implementation area of the AES in hardware. However, an area-throughput trade-off that undermines high-speed is not realistic for real-time cryptographic applications. In this manuscript, we explore how Genetic Algorithms (GAs) can be used for pipelining the AES substitution box based on composite field arithmetic. We implemented a framework that parses and analyzes a Verilog netlist,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/497" class="paperlink" href="/2014/497">2014/497</a> <span class="ms-2"><a href="/2014/497.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-09-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>NREPO:Normal Basis Recomputing with Permuted Operands</strong> <div class="mt-1"><span class="fst-italic">Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, Ramesh Karri</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Hardware implementations of cryptographic algorithms are vulnerable to natural and malicious faults. Concurrent Error Detection (CED) can be used to detect these faults. We present NREPO, a CED which does not require redundant computational resources in the design. Therefore, one can integrate it when computational resources are scarce or when the redundant resources are difficult to harness for CED. We integrate NREPO in a low-cost Advanced Encryption Standard (AES) implementation with...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/454" class="paperlink" href="/2014/454">2014/454</a> <span class="ms-2"><a href="/2014/454.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-04-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Early Propagation and Imbalanced Routing, How to Diminish in FPGAs</strong> <div class="mt-1"><span class="fst-italic">Amir Moradi, Vincent Immler</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work deals with DPA-resistant logic styles, i.e., cell-level countermeasures against power analysis attacks that are known as a serious threat to cryptographic devices. Early propagation and imbalanced routings are amongst the well-known issues of such countermeasures, that - if not considered during the design process - can cause the underlying cryptographic device to be vulnerable to certain attacks. Although most of the DPA-resistant logic styles target an ASIC design process, there...</p> </div> </div> <div class="w-75 mx-auto"> <ul class="pagination mt-5 mb-5"> <li class="page-item active"><span class="page-link">1</span></li> <li class="page-item"><a rel="nofollow" class="page-link" href="/search?q=ASIC&amp;offset=100">2</a></li> <li class="page-item"> <a rel="nofollow" class="page-link" href="/search?q=ASIC&amp;offset=100">Next »</a> </li> </ul> </div> </div> </div> </div> <script> document.getElementById('clearButton').addEventListener('click', function(ev) { document.querySelectorAll('input').forEach(el => { el.value = ''; }); document.getElementById('category').selectedIndex = "0"; }); function validateForm() { // check that dates are compatible. let submittedAfter = document.getElementById('submittedafter'); let submittedBefore = document.getElementById('submittedbefore'); let revisedAfter = document.getElementById('revisedafter'); let revisedBefore = document.getElementById('revisedbefore'); if (submittedAfter.value && submittedBefore.value && submittedAfter.value > submittedBefore.value) { submittedAfter.classList.add('is-invalid'); submittedBefore.classList.add('is-invalid'); return false; } if (revisedAfter.value && revisedBefore.value && revisedAfter.value > revisedBefore.value) { revisedAfter.classList.add('is-invalid'); revisedBefore.classList.add('is-invalid'); return false; } if (revisedBefore.value && submittedAfter.value && revisedBefore.value < submittedAfter.value) { revisedBefore.classList.add('is-invalid'); submittedAfter.classList.add('is-invalid'); return false; } return true; } </script> <script src="/js/mark.min.js"></script> <script> var instance = new Mark("div.results"); let urlParams = new URLSearchParams(window.location.search); if (urlParams.get('q')) { instance.mark(urlParams.get('q')); } if (urlParams.get('title')) { instance.mark(urlParams.get('title')); } if (urlParams.get('authors')) { instance.mark(urlParams.get('authors')); } </script> <!-- --> </main> <div class="container-fluid mt-auto" id="eprintFooter"> <a href="https://iacr.org/"> <img id="iacrlogo" src="/img/iacrlogo_small.png" class="img-fluid d-block mx-auto" alt="IACR Logo"> </a> <div class="colorDiv"></div> <div class="alert alert-success w-75 mx-auto"> Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content. </div> </div> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <script> var topNavbar = document.getElementById('topNavbar'); if (topNavbar) { document.addEventListener('scroll', function(e) { if (window.scrollY > 100) { topNavbar.classList.add('scrolled'); } else { topNavbar.classList.remove('scrolled'); } }) } </script> </body> </html>