scholarly journals Second-Order Masked Lookup Table Compression Scheme

2020 ◽  
pp. 129-153
Author(s):  
Annapurna Valiveti ◽  
Srinivas Vivek
Keyword(s):  
Second Order ◽  
Lookup Table ◽  
Side Channel ◽  
Compression Scheme ◽  
Trade Off ◽  
Leakage Model ◽  
Compression Parameter ◽  
Order Scheme ◽  
Software Implementations ◽  
Iot Devices

Masking by lookup table randomisation is a well-known technique used to achieve side-channel attack resistance for software implementations, particularly, against DPA attacks. The randomised table technique for first- and second-order security requires about m•2n bits of RAM to store an (n,m)-bit masked S-box lookup table. Table compression helps in reducing the amount of memory required, and this is useful for highly resource-constrained IoT devices. Recently, Vadnala (CT-RSA 2017) proposed a randomised table compression scheme for first- and second-order security in the probing leakage model. This scheme reduces the RAM memory required by about a factor of 2l, where l is a compression parameter. Vivek (Indocrypt 2017) demonstrated an attack against the second-order scheme of Vadnala. Hence achieving table compression at second and higher orders is an open problem.In this work, we propose a second-order secure randomised table compression scheme which works for any (n,m)-bit S-box. Our proposal is a variant of Vadnala’s scheme that is not only secure but also significantly improves the time-memory trade-off. Specifically, we improve the online execution time by a factor of 2n−l. Our proposed scheme is proved 2-SNI secure in the probing leakage model. We have implemented our method for AES-128 on a 32-bit ARM Cortex processor. We are able to reduce the memory required to store a randomised S-box table for second-order AES-128 implementation to 59 bytes.

scholarly journals Online Template Attacks: Revisited

2021 ◽  
pp. 28-59
Author(s):  
Alejandro Cabrera Aldaya ◽  
Billy Bob Brumley
Keyword(s):  
Power Consumption ◽  
Elliptic Curve ◽  
Side Channel ◽  
Powerful Technique ◽  
Leakage Model ◽  
On Demand ◽  
Side Channels ◽  
Generic Framework ◽  
Template Attacks ◽  
Elliptic Curve Scalar Multiplication

An online template attack (OTA) is a powerful technique previously used to attack elliptic curve scalar multiplication algorithms. This attack has only been analyzed in the realm of power consumption and EM side channels, where the signals leak related to the value being processed. However, microarchitecture signals have no such feature, invalidating some assumptions from previous OTA works.In this paper, we revisit previous OTA descriptions, proposing a generic framework and evaluation metrics for any side-channel signal. Our analysis reveals OTA features not previously considered, increasing its application scenarios and requiring a fresh countermeasure analysis to prevent it.In this regard, we demonstrate that OTAs can work in the backward direction, allowing to mount an augmented projective coordinates attack with respect to the proposal by Naccache, Smart and Stern (Eurocrypt 2004). This demonstrates that randomizing the initial targeted algorithm state does not prevent the attack as believed in previous works.We analyze three libraries libgcrypt, mbedTLS, and wolfSSL using two microarchitecture side channels. For the libgcrypt case, we target its EdDSA implementation using Curve25519 twist curve. We obtain similar results for mbedTLS and wolfSSL with curve secp256r1. For each library, we execute extensive attack instances that are able to recover the complete scalar in all cases using a single trace.This work demonstrates that microarchitecture online template attacks are also very powerful in this scenario, recovering secret information without knowing a leakage model. This highlights the importance of developing secure-by-default implementations, instead of fix-on-demand ones.

scholarly journals Semi-Automatic Locating of Cryptographic Operations in Side-Channel Traces

2021 ◽  
pp. 345-366
Author(s):  
Jens Trautmann ◽  
Arthur Beckers ◽  
Lennert Wouters ◽  
Stefan Wildermann ◽  
Ingrid Verbauwhede ◽  
...  
Keyword(s):  
Fault Injection ◽  
Side Channel ◽  
Leakage Detection ◽  
Clock Frequency ◽  
Detection Techniques ◽  
Effective Time ◽  
Meta Information ◽  
Software Implementations ◽  
Single Data ◽  
The Time Domain

Locating a cryptographic operation in a side-channel trace, i.e. finding out where it is in the time domain, without having a template, can be a tedious task even for unprotected implementations. The sheer amount of data can be overwhelming. In a simple call to OpenSSL for AES-128 ECB encryption of a single data block, only 0.00028% of the trace relate to the actual AES-128 encryption. The rest is overhead. We introduce the (to our best knowledge) first method to locate a cryptographic operation in a side-channel trace in a largely automated fashion. The method exploits meta information about the cryptographic operation and requires an estimate of its implementation’s execution time.The method lends itself to parallelization and our implementation in a tool greatly benefits from GPU acceleration. The tool can be used offline for trace segmentation and for generating a template which can then be used online in real-time waveformmatching based triggering systems for trace acquisition or fault injection. We evaluate it in six scenarios involving hardware and software implementations of different cryptographic operations executed on diverse platforms. Two of these scenarios cover realistic protocol level use-cases and demonstrate the real-world applicability of our tool in scenarios where classical leakage-detection techniques would not work. The results highlight the usefulness of the tool because it reliably and efficiently automates the task and therefore frees up time of the analyst.The method does not work on traces of implementations protected by effective time randomization countermeasures, e.g. random delays and unstable clock frequency, but is not affected by masking, shuffling and similar countermeasures.

ANALOG HARDWARE IMPLEMENTATIONS OF ARTIFICIAL NEURAL NETWORKS

2011 ◽  
Vol 20 (03) ◽  
pp. 349-373 ◽  
Author(s):  
NADIA NEDJAH ◽  
RODRIGO MARTINS DA SILVA ◽  
LUIZA DE MACEDO MOURELLE
Keyword(s):  
Computing System ◽  
Activation Function ◽  
Lookup Table ◽  
Training Process ◽  
Systems Software ◽  
Hardware Implementations ◽  
Intrinsic Parallelism ◽  
Software Implementations ◽  
Analog Implementation ◽  
Artificial Neural

There are several possible implementations of artificial neural network that are based either on software or hardware systems. Software implementations are rather inefficient due to the fact that the intrinsic parallelism of the underlying computation is usually not taken advantage of in a mono-processor kind of computing system. Existing hardware implementations of ANNs are efficient as the dedicated datapath used is optimized and the hardware is usually parallel. Hardware implementations of ANNs may be either digital, analog, or even hybrid. Digital implementations of ANNs tend to be of high complexity, thus of high cost, and somehow imprecise due to the use of lookup table for the activation function. On the other hand, analog implementation of ANNs are generally very simple and much more precise. In this paper, we focus on possible analog implementations of ANNs. The neuron is based on a simple operational amplifier. The reviewed implementations allow for the use of both negative and positive synaptic weights. An alternative implementation permits the realization of the training process.

scholarly journals Beyond second-order convergence in simulations of magnetized binary neutron stars with realistic microphysics

2019 ◽  
Vol 490 (3) ◽  
pp. 3588-3600 ◽  
Author(s):  
E R Most ◽  
L Jens Papenfort ◽  
L Rezzolla
Keyword(s):  
Neutron Stars ◽  
Fourth Order ◽  
Finite Temperature ◽  
Equations Of State ◽  
Magnetic Energy ◽  
Second Order ◽  
Conservative Finite Difference Scheme ◽  
Order Scheme ◽  
Convergence Orders ◽  
The Impact

ABSTRACT We investigate the impact of using high-order numerical methods to study the merger of magnetized neutron stars with finite-temperature microphysics and neutrino cooling in full general relativity. By implementing a fourth-order accurate conservative finite-difference scheme we model the inspiral together with the early post-merger and highlight the differences to traditional second-order approaches at the various stages of the simulation. We find that even for finite-temperature equations of state, convergence orders higher than second order can be achieved in the inspiral and post-merger for the gravitational-wave phase. We further demonstrate that the second-order scheme overestimates the amount of proton-rich shock-heated ejecta, which can have an impact on the modelling of the dynamical part of the kilonova emission. Finally, we show that already at low resolution the growth rate of the magnetic energy is consistently resolved by using a fourth-order scheme.

Sign in / Sign up

Export Citation Format

Share Document