Constructive Side-Channel Analysis and Secure Design: 14th International Workshop, COSADE 2023, Munich, Germany, April 3–4, 2023, Proceedings

Preface
Organization
Contents
Fault-Injection Analyses and Countermeasures
SAMVA: Static Analysis for Multi-fault Attack Paths Determination
1 Introduction
2 Threat Model
3 Method
3.1 Overview
3.2 Fault Effects Modeling
3.3 Attack Paths Finding
4 Experimentation
4.1 Experimental Setup
4.2 Experimental Results
5 Related Work
6 Conclusion
References
Efficient Attack-Surface Exploration for Electromagnetic Fault Injection
1 Introduction
2 State of the Art
2.1 EMFI on MCUs and FPGAs
2.2 EMFI on ASIC SoCs
2.3 Existing Methodologies
3 Methodology
3.1 Susceptible Surface Search
3.2 Coordinate Search
4 Experimental Validation
4.1 Trigger and Timing Synchronization
4.2 Surface Search
4.3 Coordinate Search
4.4 Testing a Fault Model
5 Conclusion and Future Work
References
A CCFI Verification Scheme Based on the RISC-V Trace Encoder
1 Introduction
2 Related Work
3 CCFI Methodology
3.1 Static Analysis
3.2 Metadata Generation
3.3 Trace Verifier
4 Proposed CCFI Solution
4.1 Trace Encoder
4.2 Trace Verifier Hardware Description
5 FIA on a Memcmp Application Code
6 Hardware Metrics
6.1 Target Core
6.2 Trace Encoder
6.3 Trace Verifier Components
7 Discussion
8 Conclusion
References
Side-Channel Analyses and Countermeasures
ASCA vs. SASCA
1 Introduction
2 Preliminaries
2.1 AES Key Schedule
2.2 2018 CHES CTF Challenge
2.3 Profiled Side-Channel Attacks
2.4 ASCA and SAT
2.5 SASCA and Belief Propagation
2.6 Leakage Model and Simulation
3 Results
3.1 Case Study: 2018 CHES CTF
3.2 Simulations
3.3 Dropouts and Early Break
4 Conclusion
References
Removing the Field Size Loss from Duc et al.'s Conjectured Bound for Masked Encodings
1 Introduction
2 Statement of the Problem
2.1 Notations and Background
2.2 Problem and Conjecture
3 A Proof Without Field Size Loss
3.1 Introducing Mrs. Gerber's Lemma
3.2 Application of Mrs. Gerber's Lemma to Masking
3.3 Comparison with Former Upper Bounds
3.4 The MGL: Tighter or Tight?
3.5 Linking the MI with the Success Rate
4 On the Dependence of the Group Structure
5 Conclusion and Perspectives
A Proof of Proposition 3
B Technical Statements and Proofs from Sect. 4
References
Improving Side-channel Leakage Assessment Using Pre-silicon Leakage Models
1 Introduction
2 Preliminaries
2.1 Side-channel Leakage Assessment Metrics
2.2 Target Platform for SLA
3 Traditional Side-Channel Vulnerability Analysis
3.1 Results Summary
3.2 Traditional SLA on Ascon
3.3 Traditional SLA on Xoodyak
4 Deep Learning Assisted Side Channel Analysis
4.1 Deep Learning SLA on Ascon
4.2 Deep Learning SLA on Xoodyak
5 Analysis of Results
6 Conclusion
References
Attacks on PQC and Countermeasures
Fast First-Order Masked NTTRU
1 Introduction
2 Preliminaries
2.1 Notation
2.2 The Number-Theoretic Transform
2.3 NTTRU
2.4 Symmetric Primitives
2.5 Sampling Algorithms
2.6 Side-Channel Attacks and Protection
3 Side-Channel Protection of NTTRU
3.1 Table-Based Masking of Modulus Conversion
3.2 Masked Packing
3.3 Protected SHA512 and AES256-CTR
3.4 Table-Based Masking of Coefficient Sampling
3.5 Masked Comparison
3.6 Keccak (SHA3) as a Speed-Up
4 Evaluation
4.1 Performance Evaluation
4.2 Side-Channel Evaluation
5 Conclusion
References
On the Feasibility of Single-Trace Attacks on the Gaussian Sampler Using a CDT
1 Introduction
2 Background
2.1 Lattices
2.2 Learning with Errors
2.3 Gaussian Sampler and CDTs
2.4 Description of FrodoKEM
3 Experimental Setup
3.1 Implementations of FrodoKEM
3.2 Experimental Workbench
4 Simple Side-Channel Analysis
4.1 Threat Model
4.2 Single-Trace Attack on the Gaussian Sampler
5 Description of the Attack and Error Tolerance
6 Machine-Learning Side-Channel Analysis
6.1 Profiling Phase
6.2 Attack Phase
7 Countermeasures and Conclusion
References
Punctured Syndrome Decoding Problem
1 Introduction
2 Message-Recovery Attacks on the Packed Matrix-Vector Multiplication
2.1 Classic McEliece Encapsulation
2.2 Packed Matrix-Vector Multiplication
2.3 Message Recovery Attack
3 Limitation of the CDCG Method
3.1 Side-Channel Analysis Error
3.2 ``Double-Cancellation'' Error
3.3 Dependent Error
3.4 Impact of the Error on the Score Computation
4 Error Propagation Limitation
4.1 Punctured Matrices
4.2 T-test Based Score
5 Experimental Validation
5.1 Punctured Matrices
5.2 Impact of the Side-Channel Distinguisher Accuracy
5.3 Impact of the Register Size
6 Conclusion
References
Analyses and Tools
Energy Consumption of Protected Cryptographic Hardware Cores*6pt
1 Introduction
2 Background
2.1 Design Architecture Effect on Energy Consumption
2.2 Masking
2.3 Wave Dynamic Differential Logic (WDDL)
2.4 Fault Attacks and Countermeasures
3 Measurement Methods
3.1 Measurement with Differential Oscilloscope Probe
3.2 Capacitor Discharge Measurement
4 Setup
4.1 Energy Reference
4.2 Static Power and Frequency Impact
4.3 Energy Measurement Using Differential Probe
4.4 Energy Measurement Using Capacitor
5 Results
5.1 Unrolled Implementations
5.2 Non-masked Round-Based Implementations
5.3 First-Order Secure Masked Implementations
5.4 Higher-Order Secure Masked Implementations
5.5 Fault Attack Countermeasure Implementations
6 Conclusions
A List of Links for Open-Source Designs
B Additional Postlayout Details
References
Whiteboxgrind – Automated Analysis of Whitebox Cryptography
1 Introduction
2 Related Work
3 Background
3.1 Advanced Encryption Standard
3.2 Whitebox Cryptography
3.3 Correlation Power Analysis
3.4 Program Tracing
4 Whiteboxgrind
4.1 Trace Acquisition
4.2 Trace Storage
4.3 Parallel Architecture
4.4 Sample Reduction
4.5 Visualization
4.6 Attack
5 Evaluation
6 Discussion
7 Conclusion
References
White-Box Cryptography with Global Device Binding from Message-Recoverable Signatures and Token-Based Obfuscation
1 Introduction
1.1 Our Contributions
1.2 Global White-Boxes
2 Preliminaries and Notation
3 Strong Global White-Boxes
4 Message-Recoverable Signatures for sGW-Schemes
References
Author Index