- Cryptographic Engineering

June 29 – July 3, 2015                                     Deadline for registration: May 25, 2015                 registration

MONDAY, June 29

8:30-10:00 am Introduction to Block Ciphers; DES and AES Christof Paar
10:30-12:00 am Lightweight Block Ciphers for RFIDs Christof Paar
1:30-3:00 pm Modular Arithmetic Algorithms and Architectures Cetin K. Koc
3:30-5:00 pm Finite Fields algorithms and Architectures Cetin K. Koc

TUESDAY, June 30

8:30-10:00 am Specialized Hardware for Secret-Key Algorithms Ingrid Verbauwhede
10:30-12:00 am Introduction to PUFs (Physically Uncloneable Functions) Ingrid Verbauwhede
1:30-3:00 pm Public-Key Cryptography Algorithms and Protocols Cetin K. Koc
3:30-5:00 pm Public-Key Cryptography Software and Hardware Realizations Cetin K. Koc

WEDNESDAY, July 1

8:30-10:00 am Trusted Computing Architectures, SSL and IPSec Pankaj Rohatgi
10:30-12:00 am Recent Hot Topics in Cryptographic Engineering Invited Speaker
1:30-3:00 pm Introduction to Side-Channel Analysis Marc Joye
3:30-5:00 pm Electromagnetic Analysis and Advance Side-Channel Analysis Pankaj Rohatgi

THURSDAY, July 2

8:30-10:00 am RSA – Side Channel Attacks and Countermeasures Marc Joye
10:30-12:00 am ECC – Side Channel Attacks and Countermeasures Marc Joye
1:30-3:00 pm Side Channel Attacks to Block Ciphers: DES and AES F.-X. Standaert
3:30-5:00 pm Countermeasures for Block Ciphers F.-X. Standaer

FRIDAY, July 3

8:30-10:00 am Random Number Generators for Cryptographic Applications Werner Schindler
10:30-12:00 am Evaluation Criteria for Non-Deterministic Random Number Generators Werner Schindler
1:30-3:00 pm Random Number Generator Design Constraints and Challenges Viktor Fischer
registration

Abstracts

CRYPTOGRAPHIC ENGINEERING
June 29 – July 3, 2015
EPFL Premises, Lausanne, Switzerland

Introduction to Block Ciphers: DES and AES
Christof Paar, Ruhr-University Bochum

We will first give a brief introduction to AES, DES and 3DES, which are the most widely used symmetric ciphers. We will then develop method for efficiently implementing both AES and 3DES in software. For AES, algorithms for both 32 bit CPUs and 8 bit smart card CPUs, will be treated. We will then introduce the bit-slicing method, an advanced and very efficient approach for fast software implementation of block ciphers. We will use DES as an example for illustrating bit-slicing.

Lightweight Block Ciphers for RFIDs
Christof Paar, Ruhr-University Bochum

For extremely resources constrained environments such as RFIDs, sensor notes or other mobile applications, it is highly desirable to have ciphers which are extremely lightweight. We will introduce optimization techniques for low-area and low-power ciphers. PRESENT, which is an extremely compact block cipher, will be discussed as a case study.

Modular Arithmetic Algorithms and Architectures
Çetin K. Koç, UC Santa Barbara

Basic concepts, algorithms and architectures for integer arithmetic and modular arithmetic  in public-key cryptography. Addition, multiplication, exponentiation, gcd and multiplicative inversion algorithms. Montgomery arithmetic. Integer rings and Galois fields of p elements, GF(p).

Finite Fields Algorithms and Architectures
Çetin K. Koç, UC Santa Barbara

Representation of field elements in Galois fields of 2^k elements. Polynomial and normal bases. Addition and multiplication operations in GF(2^k). Properties of normal bases and optimal normal bases. Inversion of field elements.

Specialized Hardware for Secret-Key Algorithms
Ingrid Verbauwhede, KU Leuven

This lecture will introduce hardware implementation aspects of block ciphers and stream ciphers. The DES and AES algorithm will be discussed in detail. These ciphers are never used standalone but combined with modes of operation and integrated as IP blocks in larger systems. Very compact realizations and very high throughput realizations will also be discussed.

Introduction to PUFs (Physically Uncloneable Functions)
Ingrid Verbauwhede, KU Leuven

CMOS process variations are considered a burden to IC developers since they introduce undesirable random variability between equally designed ICs. Measuring this variability can also be profitable as a physically unclonable method of silicon device identification. This can be applied to generate strong cryptographic keys which are intrinsically bound to the embedding IC instance. In this lecture, we study and compare different proposed constructions.

Public-Key Cryptography Algorithms and Protocols
Çetin K. Koç, UC Santa Barbara

Public-key cryptographic algorithms that are standardized and in use today. Diffie-Hellman, RSA, ElGamal, and Digital Signature Algorithm. Elliptic Curve DSA, and Integrated Encryption Scheme. Partially homomorphic public-key functions. Co-processor architectures for implementing public-key cryptographic functions.

Public-Key Cryptography Software and Hardware Realizations
Çetin K. Koç, UC Santa Barbara

Basic operations used in public-key cryptographic algorithms, including exponentiation, scalar multiplication, field multiplication and inversion, and their software and hardware implementations. Dual-field arithmetic. Embedded software implementations of public-key cryptography.

Trusted Computing Architectures, SSL and IPSec
Pankaj Rohatgi, Cryptography Research

Businesses, governments and individuals are increasingly reliant on complex, highly-interconnected computing platforms, mobile end-points and network centric applications to conduct much of their business. Maintaining and validating the trustworthiness of this infrastructure has therefore become critical. However, as the complexity and value of the infrastructure has increased, the number of software vulnerabilities discovered and attacks mounted against applications, platforms, end-points, identities and sensitive data within this infrastructure have grown at an even faster pace. There is a realization that given this complexity, software-only security mechanisms may not be sufficient to defend against these attacks or to evaluate the trustworthiness of a system.

Trusted computing is an effort to use trusted hardware to assist software in improving and evaluating the security for platforms, end-points, applications, identities and data. In this lecture, I will describe the Trusted Platform Module (TPM), which provides the hardware foundations for Trusted Computing and describe several ways in which the TPM could be used as a building block to improve or validate the security of platforms, end-points, applications, data and identities.

Recent Hot Topics in Cryptographic Engineering
Invited Speaker

Every year a researcher is invited to give an in-depth review of a particular hot topic in cryptographic engineering. Topics range from efficient architectures for cryptography, hardware and software implementations, hardware security, and developments in embedded systems security and cryptography.

Introduction to Side-Channel Analysis
Marc Joye, Technicolor

Side-channel analysis is a powerful technique re-discovered by Kocher in 1996. The principle consists in monitoring some side-channel information like the running time, the power consumption or the electromagnetic radiation. Next, from the monitored data, the adversary tries to deduce the inner-workings of the algorithm and thereby to retrieve some secret information. This talk reviews the basics of side-channel analysis on various cryptographic algorithms. It is illustrated with practical examples and several side-channel attacks are mounted against several naive, unprotected implementations of cryptosystems.

Electromagnetic Attacks and Countermeasures
Pankaj Rohatgi, Cryptography Research

This lecture will provide an introduction to the electromagnetic emanation (EM) side-channel. We will describe the various types of compromising EM emanations and the equipment needed to capture them. We will illustrate how compromising EM emanations can be captured from a variety of cryptographic devices and how multiple signals can be captured from each device. Next we will illustrate a variety of EM attacks on cryptographic implementations. Although the attack techniques are similar to power analysis, many EM attacks are not feasible using the power side channel, either because they exploit additional leakages present in EM channels or the power side-channel is inaccessible. Finally we will describe how one can design countermeasures against EM attacks.

RSA – Side-Channel Attacks and Countermeasures
Marc Joye, Technicolor

RSA is the most widely used public key cryptosystem. It can be used for both encryption and signature. While the security of (black-box) RSA is well understood its secure implementation remains challenging. Basically, two classes of side-channel attacks can be distinguished: SPA-like attacks and DPA-like attacks. An SPA-like analysis is a process with a single measurement of some side-channel information; when there are several measurements handled with statistical tools, the process is referred to as a DPA-like analysis. This talk teaches how to prevent those two classes of attacks. General guidelines are provided along with concrete implementations.

ECC – Side Channel Attacks & Countermeasures
Marc Joye, Technicolor

Elliptic curve cryptography (ECC) shows an increasing impact in our everyday lives where the use of memory-constrained devices such as smart cards and other embedded systems is ubiquitous. Its main advantage resides in a smaller key size for a conjectured equivalent security level. In this talk, we survey different known techniques to get efficient ECC implementations that resist against a variety of implementation attacks.

Side Channel Attacks to Block Ciphers: DES & AES
François-Xavier Standaert, UCL Crypto Group

Abstract to come.

Countermeasures for Block Ciphers
François-Xavier Standaert, UCL Crypto Group

Abstract to come.

Random Number Generators for Cryptographic Applications
Werner Schindler, BSI

Many cryptographic mechanisms require random numbers, e.g. as challenges, session keys or signature parameters. Inappropriate random number generators may weaken cryptographic mechanisms decisively, even if these mechanisms are principally strong. Generic requirements are derived, which appropriate random number generators should fulfil. These requirements are illustrated by several examples. Commonalities and the main differences between deterministic and true (physical and non-physical) random number generators are explained.

Evaluation Criteria for Non-Deterministic Random Number Generators
Werner Schindler, BSI

This lecture mainly focuses on the evaluation of physical random number generators. Fundamental concepts and evaluation criteria are worked out. Application and relevance are demonstrated by several examples and counterexamples. National and international evaluation guidelines and standards are addressed. The lecture closes with advice for the evaluation of non-physical true random number generators.

Random Number Generators Design Constraints and Challenges
Viktor Fischer, University of St-Etienne

In this lecture, we will first analyze the main characteristics of random number generators (RNGs): quality related issues such as sources of randomness, entropy extraction principles, post-processing, output bit-rate and its stability; security related issues such as existence of a mathematical model, inner testability and robustness against attacks; design related issues such as resource usage, power consumption, feasibility in logic devices and design automation. Next, we will critically analyze and compare the main existing RNG principles. Based on this analysis, we will point out pitfalls that can exist in a practical RNG design and challenges that are usually faced when designing secure RNGs according to recommendations AIS 20/AIS 31.