International Association
for Cryptologic Research

Recently introduced federated learning is an attractive framework for the distributed training of deep learning models with thousands of participants. However, it can potentially be used with malicious intent. For example, adversaries can use their smartphones to jointly train a classifier for extracting secret keys from the smartphones' SIM cards without sharing their side-channel measurements with each other. With federated learning, each participant might be able to create a strong model in the absence of sufficient training data. Furthermore, they preserve their anonymity. In this paper, we investigate this new attack vector in the context of side-channel attacks. We compare the federated learning, which aggregates model updates submitted by N participants, with two other aggregating approaches: (1) training on combined side-channel data from N devices, and (2) using an ensemble of N individually trained models. Our first experiments on 8-bit Atmel ATxmega128D4 microcontroller implementation of AES show that federated learning is capable of outperforming the other approaches.

In this short report, we present a simple yet effective inter-session replay attack against the Diffie-Hellman style private set intersection protocol (cf. [Mea86]). The attack is indistinguishable from ordinary protocol execution, and yet allows the attacker to learn the cardinality of the intersection of honest party's input sets. This kind of attack demonstrates the inadequacy of semi-honest security guarantee when facing more serious adversarial threats, and highlights the necessity for security augmentation of protocols derived from [Mea86].

Code-based public-key cryptosystems are promising candidates for standardisation as quantum-resistant public-key cryptographic algorithms. Their security is based on the hardness of the syndrome decoding problem. Computing the syndrome in a finite field, usually $\mathbb{F}_2$ , guarantees the security of the constructions. We show in this article that the problem becomes considerably easier to solve if the syndrome is computed in $\mathbb{N}$ instead. By means of laser fault injection, we illustrate how to force the matrix-vector product in $\mathbb{N}$ by corrupting specific instructions, and validate it experimentally. To solve the syndrome decoding problem in $\mathbb{N}$, we propose a reduction to an integer linear programming problem. We leverage the computational efficiency of linear programming solvers to obtain real time message recovery attacks against all the code-based proposals to the NIST Post-Quantum Cryptography standardisation challenge. We perform our attacks on worst-case scenarios, i.e. random binary codes, and retrieve the initial message within minutes on a desktop computer. When considering parameters of the code-based submissions to the NIST PQC standardisation challenge, all of them can be attacked in less than three minutes.

Event date: 17 December to 21 December 2020
Submission deadline: 24 July 2020
Notification: 25 September 2020

To support our growth and in order to strengthen our team, we are looking for an Embedded Cryptographic Software Engineer (M/F). You will be based in Singapore and participate in the development of the Secure-IC portfolio of secure solutions. Missions consist in:

• Ensuring the various phases of specifications for applications embedding cryptography
• C and C++ programming and testing
• Integration and validation on target embedded microprocessor. (knowledge of ARM processors is preferable)
• Developing non-regression tests along with benchmarking tests
• Bringing innovative ideas to improve our products, the quality of deliveries and development processes
• Delivery of customers projects (consulting and training)

Requirements:

• Embedded software development engineer with 5 years minimum experience in an equivalent position
• First experience in the field of automotive: CAN bus, automotive Ethernet
• Master’s degree (or higher) in Computer Science, Mathematics or similar field
• Proficiency in C/C++ language and assembly skills
• Knowledge of ARM processors, development for security and safety
• Proficiency in English
• Knowledge of cryptography
• Excellent communication skills
• Ability to work in a team
• Outstanding analytical and problem-solving skills

  Closing date for applications:

  Contact: Sylvain Guilley

The Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @Technical University of Darmstadt offers a full position for a Doctoral Researcher (Research Assistant/PhD Student) in Cryptography & Privacy Engineering, available immediately and for up to 3 years with the possibility of extension.

Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.

TU Darmstadt is a top research university for IT security, cryptography and computer science in Europe. The position is based in the City of Science Darmstadt, which is very international, livable and well-connected in the Rhine-Main area around Frankfurt. Initially, no knowledge of German is necessary and TU Darmstadt offers corresponding support.

Job description

As doctoral researcher @ENCRYPTO, you conduct research, build prototype implementations, and publish and present the results at top venues. You will also participate in teaching and supervise thesis students and student assistants. The position is co-funded by the ERC Starting Grant “Privacy-preserving Services on the Internet” (PSOTI), where we build privacy-preserving services on the Internet, which includes designing protocols for privately processing data among untrusted service providers using secure multi-party computation and implementing a scalable framework.

Your profile

• Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, applied mathematics, electrical engineering, or a similar area.
• Extensive knowledge in applied cryptography/IT security and excellent software development skills.
• Additional knowledge in cryptographic protocols (ideally secure computation) is a plus.
• You are self-motivated, reliable, creative, can work independently, and want to do excellent research on challenging scientific problems with practical relevance.
• The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English, whereas German is not required.

no application deadline

Closing date for applications:

Contact: Thomas Schneider (schneider@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/PHD-STUDENT

The Institute of Distributed Systems at Ulm University is searching for enthusiastic PostDoc and Ph.D.-level researchers who are expected to support and strengthen our research activities in the area of security and privacy in vehicular networking and automotive systems. You will contribute to ongoing projects, as well as new project proposals. As PostDoc, you will also be involved in project management and support the supervision of PhD candidates.

The ideal candidate for the PostDoc position has a Ph.D. degree in computer science, or a closely related discipline, from an internationally-renowned university, a strong background in system security with focus on vehicular security and privacy, documented by high-quality publications, and a strong motivation to become part of our team.
For Ph.D.-level researchers, we require a M.Sc. degree in computer science, or a closely related discipline, from an internationally-renowned university with a visible focus in system security.
Proficient knowledge of written and spoken English is required for both positions. Conversational German skills are a substantial advantage.
We are one of the leading research groups in vehicular security and privacy. Our group and university offer a unique environment for automotive-related research with excellent facilities and highly competitive salary. Automotive technologies are a priority area at Ulm University, and many research groups are active in fields like vehicle-driver interaction and automated driving. Being situated in Southern Germany between Stuttgart and Munich, we are located in the right heart of German car industry in one of the strongest economic regions in Europe. We have strong ties with companies like Daimler, Audi, BMW, and Bosch and many of those companies have research or development labs at our campus.

For more information visit:
https://www.uni-ulm.de/in/vs/inst/offene-stellen/postdoc-and-phd-level-researchers-vehicular-security-privacy/

Closing date for applications:

Contact: Prof. Dr. Frank Kargl (vs-jobs@uni-ulm.de)

More information: https://www.uni-ulm.de/in/vs/inst/offene-stellen/postdoc-and-phd-level-researchers-vehicular-security-privacy/

Guessing entropy is a common choice for a side-channel analysis metric, and it represents the average rank position of a key candidate among all possible key guesses. In the profiled side-channel analysis, the guessing entropy behavior can be very informative about the trained or profiled model. However, to achieve reliable conclusions about the profiled model's performance, guessing entropy behavior should be stable to avoid misleading conclusions in the attack phase.

In this work, we investigate this problem of misleading conclusions from the entropy behavior, and we define two new concepts, simple and generalized guessing entropy. We demonstrate that the first one needs only a limited amount of attack traces but can lead to wrong interpretations about leakage detection. The second concept requires a large (sometimes unavailable) amount of attack traces, but it represents the optimal way of calculating guessing entropy. To quantify the profiled model's learnability, we first define a leakage distribution metric to estimate the underlying leakage model. This metric, together with the generalized guessing entropy results for all key candidates, can estimate the leakage learning or detection when a necessary amount of attack traces are available in the attack phase. By doing so, we provide a tight estimation of profiled side-channel analysis model learnability. We confirm our observations with a number of experimental results.

Event date: 21 October to 23 October 2020
Submission deadline: 11 August 2020
Notification: 17 September 2020

The Applied Crypto Group of the University of Luxembourg has multiple post-doc positions, funded by the H2020 ERC programme.

Possible topics of interests are:

• fully homomorphic encryption and multilinear maps
• public-key cryptanalysis
• side channel attacks and countermeasures
• white-box cryptography
• blockchain applications

Candidates must have a Ph.D. degree in cryptography or related field. The duration of the positions is 2.5 years. The post-docs will be members of the Security and Trust (SnT) research center from the University of Luxembourg (>200 researchers in all aspects of IT security). We offer a competitive salary (about 60,000 euro/year).

Deadline for application: September 15th, 2020.

Closing date for applications:

Contact: Jean-Sebastien Coron: jean-sebastien.coron@uni.lu

More information: http://www.crypto-uni.lu/vacancies.html

This work presents new speed records for XMSS (RFC 8391) signature verification on embedded devices. For this we make use of a probabilistic method recently proposed by Perin, Zambonin, Martins, Custodio, and Martina (PZMCM) at ISCC 2018, that changes the XMSS signing algorithm to search for fast verifiable signatures. We improve the method, ensuring that the added signing cost for the search is independent of the message length. We provide a statistical analysis of the resulting verification speed and support it by experiments. We present a record setting RFC compliant implementation of XMSS verification on the ARM Cortex-M4. At a signing time of about one minute on a general purpose CPU, we create signatures that are verified about $1.44$ times faster than traditionally generated signatures. Adding further implementation optimizations to the verification algorithm we reduce verification time by over a factor two from $13.85$ million to $6.56$ million cycles.

In contrast to previous works, we provide a detailed security analysis of the resulting signature scheme under classical and quantum attacks that justifies our selection of parameters. On the way, we fill a gap in the security analysis of XMSS as described in RFC 8391 proving that the modified message hashing in the RFC does indeed mitigate multi-target attacks. This was not shown before and might be of independent interest.

In our daily lives we constantly use and trust Public-Key Cryptography to exchange keys over insecure communication channels. With the development and progress in the research field of quantum computers, well established schemes like RSA and ECC are more and more threatened. The urgent demand to find and standardize new schemes – which are secure in a post-quantum world – was also realized by the National Institute of Standards and Technology which announced a Post-Quantum Cryptography Standardization Project in 2017. Currently, this project is in the third round and one of the submitted candidates is the Key Encapsulation Mechanism scheme BIKE.

In this work we investigate different strategies to efficiently implement the BIKE algorithm on FPGAs. To this extend, we improve already existing polynomial multipliers, propose efficient strategies to realize polynomial inversions, and implement the Black-Gray-Flip decoder for the first time. Additionally, our implementation is designed to be scalable and generic with the BIKE specific parameters. All together, the fastest designs achieve latencies of 2.69 ms for the key generation, 0.1 ms for the encapsulation, and 104.04 ms for the decapsulation considering the first security level.

Fault Injection (FI) attacks have become a practical threat to modern cryptographic implementations. Such attacks have recently focused more on exploitation of implementation-centric and device-specific properties of the faults. In this paper, we consider the parallel between SCA attacks and FI attacks; specifically, that many FI attacks rely on the data-dependency of activation and propagation of a fault, and SCA attacks similarly rely on data-dependent power usage. In fact, these are so closely related that we show that existing SCA attacks can be directly applied in a purely FI setting, by translating power FI results to generate FI 'probability traces' as an analogue of power traces. We impose only the requirements of the equivalent SCA attack (e.g., knowledge of the input plaintext for CPA on the first round), along with a way to observe the status of the target (whether or not it has failed and been "muted" after a fault). We also analyse existing attacks such as Fault Template Analysis in the light of this parallel, and discuss the limitations of our methodology.

To demonstrate that our attacks are practical, we first show that SPA can be used to recover RSA private exponents using FI attacks. Subsequently, we show the generic nature of our attacks by performing DPA on AES after applying FI attacks to several different targets (with AVR, 32-bit ARM and RISC-V CPUs), using different software on each target, and do so with a low-cost (i.e., less than $50) power fault injection setup. We call this technique Fault Correlation Analysis (FCA), since we perform CPA on fault probability traces. To show that this technique is not limited to software, we also present FCA results against the hardware AES engine supported by one of our targets. Our results show that even without access to the ciphertext (e.g., where an FI redundancy countermeasure is in place, or where ciphertext is simply not exposed to an attacker in any circumstance) and in the presence of jitter, FCA attacks can successfully recover keys on each of these targets.

This paper extends an abstract formal model of UTxO-based and account-based transactions to allow the creation and use of multiple cryptocurrencies on a single ledger. The new model also includes a general framework to establish and enforce monetary policies for created currencies. In contrast to alternative approaches, all currencies in this model exist natively on the ledger and do not necessarily depend on a main currency. In comparison to non-native approaches based on scripts and smart contracts, native currencies allow smaller transactions that can be more efficiently processed and can be moved between chains through a sidechain approach.

Broadcast (BC) is a crucial ingredient for many protocols in distributed computing and cryptography. In this paper we study its communication complexity against an adversary that controls a majority of the parties. In this setting, all known protocols either exhibit a communication complexity of more than $O(n^3)$ bits (where $n$ is the number of parties) or crucially rely on a trusted party to generate cryptographic keys before the execution of the protocol. We give the first protocol for BC that achieves $\tilde O(n^2 \cdot \kappa)$ bits of communication (where $\kappa$ is the security parameter) under a dishonest majority and minimal cryptographic setup assumptions, i.e., where no trusted setup is required and parties just need to generate their own cryptographic keys. Our protocol is randomized and combines the classic Dolev-Strong protocol with network gossiping techniques to minimize communication. Our analysis of the main random process employs Chernoff bounds for negatively-associated variables and might be of independent interest.

This article presents a proposal for an asymmetric white-box scheme. While symmetric white-box is a well studied topic (in particular for AES white-box) with a rich literature, there is almost no public article on the topic of asymmetric white-box. However, asymmetric white-box designs are used in practice by the industry and are a real challenge. Proprietary implementations can be found in the wild but are usually heavily obfuscated and their design is not public, which makes their study impractical. The lack of public research on that topic makes it hard to assess the security of those implementations and can cause serious security issues. Our main contribution is to bring a public proposal for an asymmetric white-box scheme. Our proposal is a lattice-based cryptographic scheme that combines classical white-box techniques and arithmetic techniques to offer resilience to the white-box context. In addition, thanks to some homomorphic properties of our scheme, we use homomorphic encoding techniques to increase the security of our proposal in a white-box setting. The resulting scheme successfully performs a decryption function without exposing its secret key while its weight remains under 20 MB. While some of our techniques are designed around specific characteristics of our proposal, some of them may be adapted to other asymmetric cryptosystems. Moreover, those techniques can be used and improved in a less restrictive model than the white-box one: the grey-box model. This proposal aims to raise awareness from the research community on the study of asymmetric white-box cryptography.

Fault Template Attack (FTA) is a recently proposed class of fault attacks, which exploits the fact that activation and propagation of a fault through combinational logic is data-dependent. Even at the presence of masking and state-of-the-art fault countermeasures, FTA can perform key recovery even at the middle rounds of block ciphers without any access to the ciphertexts. The templates can combine information from different fault locations and cipher executions. This capability of templates is quite powerful and may lead to stronger attacks. In this paper, we enhance the FTA attacks by considering side-channel in- formation during fault injection. Some of the recently proposed combined countermeasures against Statistical Ineffective Fault Analysis (SIFA) and Side-Channel Attack (SCA) fall prey against FTA after this enhance- ment. The success of the proposed attacks stem from some non-trivial fault propagation properties of S-Boxes, which remained unexplored in the original FTA proposal. We also relax the fault model to some extent from that of the original FTA. The proposed attacks are validated on the hardware implementation of a masked χ 3 S-Box through gate-level power trace simulation, establishing its practicality and efficacy.

To mitigate side-channel attacks, real-world implementations of public-key cryptosystems adopt state-of-the-art countermeasures based on randomization of the private or ephemeral keys. Usually, for each private key operation, a "scalar blinding" is performed using 32 or 64 randomly generated bits. Nevertheless, horizontal attacks based on a single trace still pose serious threats to protected ECC or RSA implementations. If the secrets learned through a single-trace attack contain too many wrong (or noisy) bits, the cryptanalysis methods for recovering remaining bits become impractical due to time and computational constraints. This paper proposes a deep learning-based framework to iteratively correct partially correct secret keys resulting from a clustering-based horizontal attack. By testing the trained network on scalar multiplication (or exponentiation) traces, we demonstrate that a deep neural network can significantly reduce the number of error bits from randomized scalars (or exponents). When a simple horizontal attack can recover around 52% of private key bits, the proposed iterative framework improves the private key correctness to 100%. Our attack model remains fully unsupervised and excludes the need to know where the error or noisy bits are located in each separate randomized private key.

Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads as well as the amount of fresh randomness required to fulfill the security properties of the resulting design. There are already techniques applicable in hardware platforms which consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness. Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions including the Sbox of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.

An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).

In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.

As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation.