scholarly journals Guessing Bits: Improved Lattice Attacks on (EC)DSA with Nonce Leakage

2021 ◽  
pp. 391-413
Author(s):  
Chao Sun ◽  
Thomas Espitau ◽  
Mehdi Tibouchi ◽  
Masayuki Abe
Keyword(s):  
State Of The Art ◽  
Lattice Reduction ◽  
Side Channel ◽  
Secret Key ◽  
Signature Schemes ◽  
The Core ◽  
The Past ◽  
Bounded Distance ◽  
Parameter Ranges ◽  
Lattice Construction

The lattice reduction attack on (EC)DSA (and other Schnorr-like signature schemes) with partially known nonces, originally due to Howgrave-Graham and Smart, has been at the core of many concrete cryptanalytic works, side-channel based or otherwise, in the past 20 years. The attack itself has seen limited development, however: improved analyses have been carried out, and the use of stronger lattice reduction algorithms has pushed the range of practically vulnerable parameters further, but the lattice construction based on the signatures and known nonce bits remain the same.In this paper, we propose a new idea to improve the attack based on the same data in exchange for additional computation: carry out an exhaustive search on some bits of the secret key. This turns the problem from a single bounded distance decoding (BDD) instance in a certain lattice to multiple BDD instances in a fixed lattice of larger volume but with the same bound (making the BDD problem substantially easier). Furthermore, the fact that the lattice is fixed lets us use batch/preprocessing variants of BDD solvers that are far more efficient than repeated lattice reductions on non-preprocessed lattices of the same size. As a result, our analysis suggests that our technique is competitive or outperforms the state of the art for parameter ranges corresponding to the limit of what is achievable using lattice attacks so far (around 2-bit leakage on 160-bit groups, or 3-bit leakage on 256-bit groups).We also show that variants of this idea can also be applied to bits of the nonces (leading to a similar improvement) or to filtering signature data (leading to a data-time trade-off for the lattice attack). Finally, we use our technique to obtain an improved exploitation of the TPM–FAIL dataset similar to what was achieved in the Minerva attack.

scholarly journals Cache vs. Key-Dependency: Side Channeling an Implementation of Pilsung

2019 ◽  
pp. 231-255
Author(s):  
Daniel Genkin ◽  
Romain Poussier ◽  
Rui Qi Sim ◽  
Yuval Yarom ◽  
Yuanjing Zhao
Keyword(s):  
Internal Structure ◽  
State Of The Art ◽  
The State ◽  
Side Channel ◽  
Secret Key ◽  
Laptop Computer ◽  
Side Channel Attacks ◽  
The Past ◽  
The North ◽  
Cache Attacks

Over the past two decades, cache attacks have been identified as a threat to the security of cipher implementations. These attacks recover secret information by combining observations of the victim cache accesses with the knowledge of the internal structure of the cipher. So far, cache attacks have been applied to ciphers that have fixed state transformations, leaving open the question of whether using secret, key-dependent transformations enhances the security against such attacks. In this paper we investigate this question. We look at an implementation of the North Korean cipher Pilsung, as reverse-engineered by Kryptos Logic. Like AES, Pilsung is a permutation-substitution cipher, but unlike AES, both the substitution and the permutation steps in Pilsung depend on the key, and are not known to the attacker. We analyze Pilsung and design a cache-based attack. We improve the state of the art by developing techniques for reversing secret-dependent transformations. Our attack, which requires an average of eight minutes on a typical laptop computer, demonstrates that secret transformations do not necessarily protect ciphers against side channel attacks.

A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack

2019 ◽  
Vol 13 (1) ◽  
pp. 1-26 ◽  
Author(s):  
Thomas Wunderer
Keyword(s):  
Detailed Analysis ◽  
Runtime Analysis ◽  
Lattice Reduction ◽  
Signature Schemes ◽  
The Past ◽  
Encryption Schemes ◽  
Simplifying Assumptions ◽  
Security Levels

Abstract Over the past decade, the hybrid lattice-reduction and meet-in-the middle attack (called hybrid attack) has been used to evaluate the security of many lattice-based cryptographic schemes such as NTRU, NTRU Prime, BLISS and more. However, unfortunately, none of the previous analyses of the hybrid attack is entirely satisfactory: They are based on simplifying assumptions that may distort the security estimates. Such simplifying assumptions include setting probabilities equal to 1, which, for the parameter sets we analyze in this work, are in fact as small as 2^{-80} . Many of these assumptions lead to underestimating the scheme’s security. However, some lead to security overestimates, and without further analysis, it is not clear which is the case. Therefore, the current security estimates against the hybrid attack are not reliable, and the actual security levels of many lattice-based schemes are unclear. In this work, we present an improved runtime analysis of the hybrid attack that is based on more reasonable assumptions. In addition, we reevaluate the security against the hybrid attack for the NTRU, NTRU Prime and R-BinLWEEnc encryption schemes as well as for the BLISS and GLP signature schemes. Our results show that there exist both security over- and underestimates in the literature.

scholarly journals Strategizing the Design and Implementation of a Language Center for the Twenty-first Century

2003 ◽  
Vol 35 (1) ◽  
pp. 47-74
Author(s):  
Jane D. Tchaïcha
Keyword(s):  
Call Center ◽  
State Of The Art ◽  
First Century ◽  
Specific Strategy ◽  
Strategic Framework ◽  
Media Center ◽  
Design And Implementation ◽  
The Core ◽  
The Past

The language center, (a.k.a.language laboratory) has undergonetremendous transformation in the past fifty years, but the generalmission of the center has remained constant. Whether called aresource center, media center, or CALL center, the facility providesa place for students who are studying a language other than their own(L2) to practice and learn. What has changed inside the languagecenter over the years is the variety of resources and delivery formatsthat can be used to bring language to the learner. For institutions thatare planning to update or construct a state-of-the art languagefacility, the amount of resources and the expense of putting togetheran infrastructure to support these resources can be daunting. Inorder to meet this challenge, language practitioners andadministrators at these institutions can benefit fromknowingwhatkinds of questions and issues need to be raised before and during theconstruction process. This paper presents a five-phase plan used atBentley College (USA) for its Center for Languages and InternationalCollaboration (CLIC) thatopenedinJanuary2001. In each of the fivephases, a specific strategy is outlined to meet the challenges ofupdatingordesigningthe new language center. Some of the topicsaddressed include building a team of players, balancing pedagogicalvalue and investment costs, and making technical, pedagogical,managerial, and design recommendations. The case study illustratesthat at the core of the success of the strategic framework is thecollaborative integration of expertise among administrators,technologists, and faculty.

scholarly journals Side-Channel Attacks on Post-Quantum Signature Schemes based on Multivariate Quadratic Equations

2018 ◽  
pp. 500-523 ◽  
Author(s):  
Aesun Park ◽  
Kyung-Ah Shim ◽  
Namhun Koo ◽  
Dong-Guk Han
Keyword(s):  
Simple Structure ◽  
Single Layer ◽  
Quantum Signature ◽  
Side Channel ◽  
Secret Key ◽  
Key Recovery ◽  
Signature Schemes ◽  
Quadratic Equations ◽  
Affine Maps ◽  
Equivalent Keys

In this paper, we investigate the security of Rainbow and Unbalanced Oil-and-Vinegar (UOV) signature schemes based on multivariate quadratic equations, which is one of the most promising alternatives for post-quantum signature schemes, against side-channel attacks. We describe correlation power analysis (CPA) on the schemes that yield full secret key recoveries. First, we identify a secret leakage of secret affine maps S and T during matrix-vector products in signing when Rainbow is implemented with equivalent keys rather than random affine maps for optimal implementations. In this case, the simple structure of the equivalent keys leads to the retrieval of the entire secret affine map T. Next, we extend the full secret key recovery to the general case using random affine maps via a hybrid attack: after recovering S by performing CPA, we recover T by mounting algebraic key recovery attacks. We demonstrate how this leakage on Rainbow can be practically exploited on an 8-bit AVR microcontroller using CPA. Consequently, our CPA can be applied to Rainbow-like multi-layered schemes regardless of the use of the simple-structured equivalent keys and UOV-like single layer schemes with the implementations using the equivalent keys of the simple structure. This is the first result on the security of multivariate quadratic equations-based signature schemes using only CPA. Our result can be applied to Rainbow-like multi-layered schemes and UOV-like single layer schemes submitted to NIST for Post-Quantum Cryptography Standardization.

scholarly journals SITM: See-In-The-Middle Side-Channel Assisted Middle Round Differential Cryptanalysis on SPN Block Ciphers

2019 ◽  
pp. 95-122
Author(s):  
Shivam Bhasin ◽  
Jakub Breier ◽  
Xiaolu Hou ◽  
Dirmanto Jap ◽  
Romain Poussier ◽  
...  
Keyword(s):  
Block Cipher ◽  
State Of The Art ◽  
Block Ciphers ◽  
Differential Cryptanalysis ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Cryptographic Algorithms ◽  
Channel Analysis ◽  
Symmetric Block

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

scholarly journals Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Cryptography ◽  
2020 ◽  
Vol 4 (4) ◽  
pp. 30
Author(s):  
Debayan Das ◽  
Shreyas Sen
Keyword(s):  
Deep Learning ◽  
State Of The Art ◽  
Side Channel ◽  
Secret Key ◽  
Embedded Devices ◽  
Side Channel Analysis ◽  
Root Cause ◽  
Channel Analysis ◽  
Metal Layers ◽  
A Current

Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to ∼10K for the unprotected AES. Overall, the presented countermeasure achieved a 100× improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations.

A Macintosh Interface for the Cameca Camebax-Micro Electron Microprobe

1990 ◽  
Vol 48 (1) ◽  
pp. 438-439
Author(s):  
Carl E. Henderson
Keyword(s):  
Electron Microprobe ◽  
Processing Speed ◽  
Word Processing ◽  
State Of The Art ◽  
Computer Control ◽  
Third Party ◽  
Disk Storage ◽  
The Past ◽  
User Facility ◽  
Instrument Control

Over the past few years it has become apparent in our multi-user facility that the computer system and software supplied in 1985 with our CAMECA CAMEBAX-MICRO electron microprobe analyzer has the greatest potential for improvement and updating of any component of the instrument. While the standard CAMECA software running on a DEC PDP-11/23+ computer under the RSX-11M operating system can perform almost any task required of the instrument, the commands are not always intuitive and can be difficult to remember for the casual user (of which our laboratory has many). Given the widespread and growing use of other microcomputers (such as PC’s and Macintoshes) by users of the microprobe, the PDP has become the “oddball” and has also fallen behind the state-of-the-art in terms of processing speed and disk storage capabilities. Upgrade paths within products available from DEC are considered to be too expensive for the benefits received. After using a Macintosh for other tasks in the laboratory, such as instrument use and billing records, word processing, and graphics display, its unique and “friendly” user interface suggested an easier-to-use system for computer control of the electron microprobe automation. Specifically a Macintosh IIx was chosen for its capacity for third-party add-on cards used in instrument control.

Soziale Disziplinierung im flexiblen Kapitalismus

2004 ◽  
Vol 34 (136) ◽  
pp. 339-356
Author(s):  
Tobias Wölfle ◽  
Oliver Schöller
Keyword(s):  
Social Welfare ◽  
Second Step ◽  
Social Rights ◽  
Federal Law ◽  
Capitalist Development ◽  
The Core ◽  
The Past ◽  
The Impact ◽  
Municipal Level

Under the term “Hilfe zur Arbeit” (aid for work) the federal law of social welfare subsumes all kinds of labour disciplining instruments. First, the paper shows the historical connection of welfare and labour disciplining mechanisms in the context of different periods within capitalist development. In a second step, against the background of historical experiences, we will analyse the trends of “Hilfe zur Arbeit” during the past two decades. It will be shown that by the rise of unemployment, the impact of labour disciplining aspects of “Hilfe zur Arbeit” has increased both on the federal and on the municipal level. For this reason the leverage of the liberal paradigm would take place even in the core of social rights.

Adaptations of Time Travel Narratives in Japanese Multimedia: Nurturing Eudaimonia across Time and Space

2014 ◽  
Vol 7 (2) ◽  
pp. 136-151 ◽  
Author(s):  
Sung-Ae Lee
Keyword(s):  
Travel Narratives ◽  
Time Travel ◽  
Cultural Knowledge ◽  
Human Beings ◽  
The Core ◽  
The Past ◽  
Life Styles ◽  
Concern For Others ◽  
The Future ◽  
Live Action

To displace a character in time is to depict a character who becomes acutely conscious of his or her status as other, as she or he strives to comprehend and interact with a culture whose mentality is both familiar and different in obvious and subtle ways. Two main types of time travel pose a philosophical distinction between visiting the past with knowledge of the future and trying to inhabit the future with past cultural knowledge, but in either case the unpredictable impact a time traveller may have on another society is always a prominent theme. At the core of Japanese time travel narratives is a contrast between self-interested and eudaimonic life styles as these are reflected by the time traveller's activities. Eudaimonia is a ‘flourishing life’, a life focused on what is valuable for human beings and the grounding of that value in altruistic concern for others. In a study of multimodal narratives belonging to two sets – adaptations of Tsutsui Yasutaka's young adult novella The Girl Who Leapt Through Time and Yamazaki Mari's manga series Thermae Romae – this article examines how time travel narratives in anime and live action film affirm that eudaimonic living is always a core value to be nurtured.

PRACTICAL BASE OF FORMULATING RETRAINING PROGRAMS ON ETHNIC MINORITY AFFAIRS KNOWLEDGE FOR CADRES, CIVIL SERVANTS UP TO 2030

2018 ◽  
Author(s):  
Nguyen Van Dung ◽  
Giang Khac Binh
Keyword(s):  
Ethnic Minority ◽  
Training Program ◽  
Political System ◽  
Prime Minister ◽  
Training Programs ◽  
Civil Servants ◽  
The Political ◽  
Target Groups ◽  
The Core ◽  
The Past

As developing programs is the core in fostering knowledge on ethnic work for cadres and civil servants under Decision No. 402/QD-TTg dated 14/3/2016 of the Prime Minister, it is urgent to build training program on ethnic minority affairs for 04 target groups in the political system from central to local by 2020 with a vision to 2030. The article highlighted basic issues of practical basis to design training program of ethnic minority affairs in the past years; suggested solutions to build the training programs in integration and globalization period.

Sign in / Sign up

Export Citation Format

Share Document