International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

20 November 2024

Stevens Institute of Technology
Job Posting Job Posting
The Department of Computer Science (CS) in the Charles V. Schaefer, Jr. School of Engineering and Science (SES) at Stevens Institute of Technology (Stevens) invites applications for non-tenure track, teaching faculty positions to begin in September 2025. The rank of the appointment will depend on experience and qualifications.

Responsibilities: Successful candidates are expected to have a strong commitment to excellence in teaching at both the graduate and undergraduate level. They are also expected to advise students, supervise them in research, and contribute to the intellectually vibrant, highly interdisciplinary, collaborative, diverse, innovative, and entrepreneurial culture at Stevens.

Required Education and Experience: Applicants must have earned a Ph.D. in computer science or a related discipline. The department especially seeks candidates with a strong background in systems and security but will consider applications in all areas of computer science.

Closing date for applications:

Contact: Sandeep Bhatt (Sandeep.Bhatt@stevens.edu)

More information: https://academicjobsonline.org/ajo/jobs/29085

Expand

18 November 2024

TU Wien, Department of Computer Science, Vienna
Job Posting Job Posting
The TU Wien Cybersecurity Center is excited to announce a public call for applicants to join a collaborative proposal effort for the 16th Vienna Research Groups for Young Investigators call 2025, titled “Transforming Science with AI/ML”. This prestigious opportunity is part of the WWTF’s Information and Communication Technologies programme and provides funding of up to €1.8 million per research group over six to eight years, with a goal to drive transformative AI/ML research.

Selected applicants will partner with us to develop and submit a joint proposal to the WWTF Funding Portal. This is a two-step selection process, with an initial evaluation at the Vienna Cybersecurity Center to assess the applicants’ suitability, followed by the formal proposal preparation for WWTF submission.

In a Nutshell: Successful candidates will receive a tenure-track position at TU Wien along with €1.8 million in personal funding to establish and lead their own research group. Up to three positions will be awarded, empowering selected young researchers to conduct groundbreaking AI/ML research that transforms their chosen discipline.

Potential Research Topics in IT Security with AI/ML Focus:

Applicants are encouraged to propose innovative ideas in IT security that align with the WWTF call’s focus on advancing AI/ML concepts and their transformative impact. Suggested topics include (selection!):

Privacy-Preserving Machine Learning Creating methods to enhance privacy in AI/ML, such as differential privacy or federated learning, applied to secure systems.

Cryptographic Protocols Enhanced by AI Leveraging AI/ML to optimize cryptographic protocols, potentially enhancing performance and security in encryption, authentication, or blockchain-based applications.

Application Materials:
- Curriculum Vitae (CV)
- List of Publications
- 1-Page Outline of the Main Idea of the Proposal

Closing date for applications:

Contact: Prof. Dr. Dominique Schröder

More information: https://cysec.wien/calls/call_wwtf_collaboration/

Expand
Shanghai Jiao Tong University, John Hopcroft Center for Computer Science; Shanghai, China
Job Posting Job Posting

The John Hopcroft Center for Computer Science at Shanghai Jiao Tong University (SJTU) is seeking to fill several tenure-track positions in computer science at the rank of Assistant Professor and Associate Professor starting on a mutually agreed date. Faculty duties include research, teaching at the undergraduate and graduate levels, and supervision of student research. Candidates should hold a Ph.D. in computer science or a related field by the start of employment.

Shanghai Jiao Tong University is one of the oldest and most prestigious universities in China, which enjoys a long history and a world-renowned reputation. The John Hopcroft Center for Computer Science at SJTU was established in January 2017 and is named after John Hopcroft, a Turing Award winner, Foreign Member of the Chinese Academy of Sciences. The center is led by him as the director. The mission of the center is to create a relaxed and free international academic environment, recruit promising young scholars, and help them grow into world-class scholars in the field of computer science. For more information about our center, please visit our website at https://jhc.sjtu.edu.cn/.

Strong candidates in all areas will be considered with special consideration given (but not limited) to Cryptography and Cyber Security, Artificial Intelligence, Quantum Computing, Computer Architecture, Database, Operating System, Software Engineering etc. An internationally competitive package for salary and benefits will be offered by the Center. SJTU makes a great effort to provide a startup research grant.

Apply: To apply, please submit a curriculum vita (CV) to Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn. To ensure full consideration, please apply by June 30 2025, although applications will be accepted until all positions are filled.

Closing date for applications:

Contact: Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn

More information: https://jhc.sjtu.edu.cn/

Expand
Xiamen University Malaysia, Sepang, Malaysia
Job Posting Job Posting
Xiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.

Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess their first (Bachelor's) degree in computing and PhD in a related discipline.

Applicants with specific teaching and research interests in one or more of the following areas from each group are encouraged to apply:

Cybersecurity

  • Malware Analysis
  • Cryptanalysis
  • Biometrics
  • Blockchain Technology
  • Cyber Security Laws and Regulations

Computing

  • Data Structure
  • Design and Analysis of Algorithms
  • Computer Networks and Communication
  • Principles of Operating Systems
  • Big Data Analytics

HOW TO APPLY
Applicants are invited to submit a digital application packet to: recruit_academic@xmu.edu.my and iftekhar.salam@xmu.edu.my

The subject line of your email must include: your name, relevant academic discipline, and the specific position for which you are applying for. All application packets must include the following attachments:

  1. Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
  2. Cover letter;
  3. List of courses from the above that the candidate can support;
  4. Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
  5. 3-5 Full-Text publications (if applicable);
  6. Teaching evaluation (if applicable);
  7. Two academic references (at least one of them is the applicant’s current/most recent employer).
The positions will remain open until filled, but priority will be given to applications received by 13 December 2024.

Closing date for applications:

Contact: Iftekhar Salam

Expand
Nanjing, China, 29 October - 31 October 2025
Event Calendar Event Calendar
Event date: 29 October to 31 October 2025
Expand
Isla Vista, USA, 17 August - 21 August 2025
CRYPTO CRYPTO
Event date: 17 August to 21 August 2025
Submission deadline: 13 February 2025
Notification: 3 May 2025
Expand
Andreas Ellison, Karen Klein
ePrint Report ePrint Report
The Messaging Layer Security (MLS) protocol, recently standardized in RFC 9420, aims to provide efficient asynchronous group key establishment with strong security guarantees. The main component of MLS, which is the source of its important efficiency and security properties, is a protocol called TreeKEM. Given that a major vision for the MLS protocol is for it to become the new standard for messaging applications like WhatsApp, Facebook Messenger, Signal, etc., it has the potential to be used by a huge number of users. Thus, it is important to better understand the security of MLS and hence also of TreeKEM. In a previous work by Klein et. al, TreeKEM was proven adaptively secure in the Random Oracle Model (ROM) with a polynomial loss in security by proving a result about the security of an arbitrary IND-CPA secure public-key encryption scheme in a public-key version of the Generalized Selective Decryption (GSD) security game.

In this work, we prove a tighter bound for the security of TreeKEM. We follow the approach in the aforementioned work and first introduce a modified version of the public-key GSD game better suited for analyzing TreeKEM. We then provide a simple and detailed proof of security for a specific encryption scheme, the DHIES scheme (currently the only standardized scheme in MLS), in this game in the ROM and achieve a tighter bound compared to the result from Klein et. al. We also define and describe the syntax and security of TreeKEM-like schemes and state a result linking the security of TreeKEM with security in our GSD game in the ROM.
Expand
Mohammad Hajiabadi, Roman Langrehr, Adam O'Neill, Mingyuan Wang
ePrint Report ePrint Report
We initiate the study of the black-box complexity of private-key functional encryption (FE). Of central importance in the private-key setting is the inner-product functionality, which is currently only known from assumptions that imply public-key encryption, such as Decisional Diffie-Hellman or Learning-with-Errors. As our main result, we rule out black-box constructions of private-key inner-product FE from random oracles. This implies a black-box separation between private-key inner-product FE from all symmetric-key primitives implied by random oracles (e.g., symmetric-key encryption and collision-resistant hash functions).

Proving lower bounds for private-key functional encryption schemes introduces challenges that were absent in prior works. In particular, the combinatorial techniques developed by prior works for proving black-box lower bounds are only useful in the public-key setting and predicate encryption settings, which all fail for the private-key FE case. Our work develops novel combinatorial techniques based on Fourier analysis to overcome these barriers. We expect these techniques to be widely useful in future research in this area.
Expand
Alper Çakan, Vipul Goyal
ePrint Report ePrint Report
Given the devastating security compromises caused by side-channel attacks on existing classical systems, can we store our private data encoded as a quantum state so that they can be kept private in the face of arbitrary side-channel attacks?

The unclonable nature of quantum information allows us to build various quantum protection schemes for cryptographic information such as secret keys. Examples of quantum protection notions include copy-protection, secure leasing, and finally, unbounded leakage-resilience, which was recently introduced by Çakan, Goyal, Liu-Zhang and Ribeiro (TCC'24). Çakan et al show that secrets of various cryptographic schemes (such as cryptographic keys or secret shares) can be protected by storing them as quantum states so that they satisfy LOCC (local operation and classical communication) leakage-resilience: the scheme can tolerate any unbounded amount of adaptive leakage over unbounded rounds. As a special case (dubbed $1$-round leakage), this also means that those quantum states cannot be converted to classical strings (without completely losing their functionality).

In this work, we continue the study of unbounded/LOCC leakage-resilience and consider several new primitive. In more details, we build ciphertexts, signatures and non-interactive zero-knowledge proofs with unbounded leakage-resilience. We show the following results.

- Assuming the existence of a classical $X \in \{\text{secret-key encryption}, \text{public-key encryption}\}$ scheme, we construct an $X$ scheme with LOCC leakage-resilient ciphertexts. This guarantees that an adversary who obtains LOCC-leakage on ciphertexts cannot learn anything about their contents, even if they obtain the secret key later on.

- Assuming the existence of a classical signature scheme and indistinguishability obfuscation (iO), we construct a signature scheme with LOCC leakage-resilient signatures. This guarantees that an adversary who obtains LOCC-leakage on various signatures cannot produce any valid signatures at all other than the ones it obtained honestly!

- Assuming the existence of one-way functions and indistinguishability obfuscation (iO), we construct a NIZK proof system with LOCC leakage-resilient proofs. This guarantees that an adversary who obtains LOCC-leakage on a NIZK proof of an hard instance cannot produce a valid proof!
Expand
Suparna Kundu, Quinten Norga, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede
ePrint Report ePrint Report
The National Institute for Standards and Technology (NIST) initiated a standardization procedure for additional digital signatures and recently announced round-2 candidates for the PQ additional digital signature schemes. The multivariate digital signature scheme Unbalanced Oil and Vinegar (UOV) is one of the oldest post-quantum schemes and has been selected by NIST for Round 2. Although UOV is mathematically secure, several side-channel attacks (SCA) have been shown on the UOV or UOV-based digital signatures. We carefully analyze the sensitivity of variables and operations in the UOV scheme from the side-channel perspective and show which require protection. To mitigate implementation-based SCA, we integrate a provably secure arbitrary-order masking technique with the key generation and signature generation algorithms of UOV. We propose efficient techniques for the masked dot-product and matrix-vector operations, which are both critical in multivariate DS schemes. We also implemented and demonstrate the practical feasibility of our masking algorithms for UOV-Ip on the ARM Cortex-M4 microcontroller. Our first-order masked UOV implementations have $2.7\times$ and $3.6\times$ performance overhead compared to the unmasked scheme for key generation and signature generation algorithms. Our first-order masked UOV implementations use $1.3\times$ and $1.9\times$ stack memory rather than the unmasked version of the key generation and signature generation algorithms.
Expand
Andrea Flamini, Eysa Lee, Anna Lysyanskaya
ePrint Report ePrint Report
The eIDAS 2.0 regulation aims to develop interoperable digital identities for European citizens, and it has recently become law. One of its requirements is that credentials be unlinkable. Anonymous credentials (AC) allow holders to prove statements about their identity in a way that does not require to reveal their identity and does not enable linking different usages of the same credential. As a result, they are likely to become the technology that provides digital identity for Europeans.

Any digital credential system, including anonymous credentials, needs to be secured against identity theft and fraud. In this work, we introduce the notion of a multi-holder anonymous credential scheme that allows issuing shares of credentials to different authentication factors (or ``holders''). To present the credential, the user's authentication factors jointly run a threshold presentation protocol. Our definition of security requires that the scheme provide unforgeability: the adversary cannot succeed in presenting a credential with identity attributes that do not correspond to an identity for which the adversary controls at least $t$ shares; this is true even if the adversary can obtain credentials of its choice and cause concurrent executions of the presentation protocol. Further, our definition requires that the presentation protocol provide security with identifiable abort. Finally, presentations generated by all honest holders must be unlinkable and must not reveal the user's secret identity attributes even to an adversary that controls some of the user's authentication factors.

We design and prove the (concurrent) security of a multi-holder version of the BBS anonymous credential scheme. In our construction, each holder is issued a secret share of a BBS credential. Using these shares, the holders jointly compute a credential presentation that is identical to (and therefore compatible with) the traditional, single-holder variant (due to Tessaro and Zhu, Eurocrypt'23) of a BBS credential presentation.
Expand
Wenhao Wang, Fangyan Shi, Dani Vilardell, Fan Zhang
ePrint Report ePrint Report
As Succinct Non-interactive Arguments of Knowledge (SNARKs) gain traction for large-scale applications, distributed proof generation is a promising technique to horizontally scale up the performance. In such protocols, the workload to generate SNARK proofs is distributed among a set of workers, potentially with the help of a coordinator. Desiderata include linear worker time (in the size of their sub-tasks), low coordination overhead, low communication complexity, and accountability (the coordinator can identify malicious workers). State-of-the-art schemes, however, do not achieve these properties.

In this paper, we introduced $\mathsf{Cirrus}$, the first accountable distributed proof generation protocol with linear computation complexity for all parties. $\mathsf{Cirrus}$ is based on HyperPlonk (EUROCRYPT'23) and therefore supports a universal trusted setup. $\mathsf{Cirrus}$ is horizontally scalable: proving statements about a circuit of size $O(MT)$ takes $O(T)$ time with $M$ workers. The per-machine communication cost of $\mathsf{Cirrus}$ is low, which is only logarithmic in the size of each sub-circuit. $\mathsf{Cirrus}$ is also accountable, and the verification overhead of the coordinator is efficient. We further devised a load balancing technique to make the workload of the coordinator independent of the size of each sub-circuit.

We implemented an end-to-end prototype of $\mathsf{Cirrus}$ and evaluated its performance on modestly powerful machines. Our results confirm the horizontal scalability of $\mathsf{Cirrus}$, and the proof generation time for circuits with $2^{25}$ gates is roughly $40$s using $32$ $8$-core machines. We also compared $\mathsf{Cirrus}$ with Hekaton (CCS'24), and $\mathsf{Cirrus}$ is faster when proving PLONK-friendly circuits such as Pedersen hash.
Expand
David Inyangson, Sarah Radway, Tushar M. Jois, Nelly Fazio, James Mickens
ePrint Report ePrint Report
In large-scale protests, a repressive government will often disable the Internet to thwart communication between protesters. Smartphone mesh networks, which route messages over short range, possibly ephemeral, radio connections between nearby phones, allow protesters to communicate without relying on centralized Internet infrastructure. Unfortunately, prior work on mesh networks does not efficiently support cryptographically secure group messaging (a crucial requirement for protests); prior networks were also evaluated in unrealistically benign network environments which fail to accurately capture the link churn and physical spectrum contention found in realistic protest environments. In this paper, we introduce Amigo, an anonymous mesh messaging system which supports group communication through continuous key agreement, and forwards messages using a novel routing protocol designed to handle the challenges of ad-hoc routing scenarios. Our extensive simulations reveal the poor scalability of prior approaches, the benefits of Amigo's protest-specific optimizations, and the challenges that still must be solved to scale secure mesh networks to protests with thousands of participants.
Expand
Alexander R. Block, Zhiyong Fang, Jonathan Katz, Justin Thaler, Hendrik Waldner, Yupeng Zhang
ePrint Report ePrint Report
Efficient realizations of succinct non-interactive arguments of knowledge (SNARKs) have gained popularity due to their practical applications in various domains. Among existing schemes, those based on error-correcting codes are of particular interest because of their good concrete efficiency, transparent setup, and plausible post-quantum security. However, many existing code-based SNARKs suffer from the disadvantage that they only work over specific finite fields.

In this work, we construct a code-based SNARK that does not rely on any specific underlying field; i.e., it is field-agnostic. Our construction follows the framework of Brakedown (CRYPTO '23) and builds a polynomial commitment scheme (and hence a SNARK) based on recently introduced expand-accumulate codes. Our work generalizes these codes to arbitrary finite fields; our main technical contribution is showing that, with high probability, these codes have constant rate and constant relative distance (crucial properties for building efficient SNARKs), solving an open problem from prior work.

As a result of our work we obtain a SNARK where, for a statement of size $M$ , the prover time is $O(M \log M )$ and the proof size is $O(\sqrt{M} )$. We demonstrate the concrete efficiency of our scheme empirically via experiments. Proving ECDSA verification on the secp256k1 curve requires only 0.23s for proof generation, 2 orders of magnitude faster than SNARKs that are not field-agnostic. Compared to the original Brakedown result (which is also field-agnostic), we obtain proofs that are 1.9–2.8$\times$ smaller due to the good concrete distance of our underlying error-correcting code, while introducing only a small overhead of 1.2$\times$ in the prover time.
Expand
Benoit Coqueret, Mathieu Carbone, Olivier Sentieys, Gabriel Zaid
ePrint Report ePrint Report
During the past decade, Deep Neural Networks (DNNs) proved their value on a large variety of subjects. However despite their high value and public accessibility, the protection of the intellectual property of DNNs is still an issue and an emerging research field. Recent works have successfully extracted fully-connected DNNs using cryptanalytic methods in hard-label settings, proving that it was possible to copy a DNN with high fidelity, i.e., high similitude in the output predictions. However, the current cryptanalytic attacks cannot target complex, i.e., not fully connected, DNNs and are limited to special cases of neurons present in deep networks.

In this work, we introduce a new end-to-end attack framework designed for model extraction of embedded DNNs with high fidelity. We describe a new black-box side-channel attack which splits the DNN in several linear parts for which we can perform cryptanalytic extraction and retrieve the weights in hard-label settings. With this method, we are able to adapt cryptanalytic extraction, for the first time, to non-fully connected DNNs, while maintaining a high fidelity. We validate our contributions by targeting several architectures implemented on a microcontroller unit, including a Multi-Layer Perceptron (MLP) of 1.7 million parameters and a shortened MobileNetv1. Our framework successfully extracts all of these DNNs with high fidelity (88.4% for the MobileNetv1 and 93.2% for the MLP). Furthermore, we use the stolen model to generate adversarial examples and achieve close to white-box performance on the victim's model (95.8% and 96.7% transfer rate).
Expand
Diane Leblanc-Albarel, Bart Preneel
ePrint Report ePrint Report
Perceptual hash functions map multimedia content that is perceptually close to outputs strings that are identical or similar. They are widely used for the identification of protected copyright and illegal content in information sharing services: a list of undesirable files is hashed with a perceptual hash function and compared, server side, to the hash of the content that is uploaded. Unlike cryptographic hash functions, the design details of perceptual hash functions are typically kept secret. Several governments envisage to extend this detection to end-to-end encrypted services by using Client Side Scanning and local matching against a hashed database. In August 2021, Apple hash published a concrete design for Client Side Scanning based on the NeuralHash perceptual hash function that uses deep learning. There has been a wide criticism of Client Side Scanning based on its disproportionate impact on human rights and risks for function creep and abuse. In addition, several authors have demonstrated that perceptual hash functions are vulnerable to cryptanalysis: it is easy to create false positives and false negatives once the design is known. This paper demonstrates that these designs are vulnerable in a weaker black-box attack model. It is demonstrated that the effective security level of NeuralHash for a realistic set of images is 32 bits rather than 96 bits, implying that finding a collision requires $2^{16}$ steps rather than $2^{48}$. As a consequence, the large scale deployment of NeuralHash would lead to a huge number of false positives, making the system unworkable. It is likely that most current perceptual hash function designs exhibit similar vulnerabilities.
Expand
Oleksandr Kurbatov, Lasha Antadze, Ameen Soleimani, Kyrylo Riabov, Artem Sdobnov
ePrint Report ePrint Report
This article proposes an extension for privacy-preserving applications to introduce sanctions or prohibition lists. When initiating a particular action, the user can prove, in addition to the application logic, that they are not part of the sanctions lists (one or more) without compromising sensitive data. We will show how this solution can be integrated into applications, using the example of extending Freedom Tool (a voting solution based on biometric passports). We will also consider ways to manage these lists, versioning principles, configuring the filter data set, combining different lists, and using the described method in other privacy-preserving applications.
Expand

15 November 2024

Oxford University, Department of Computer Science
Job Posting Job Posting
Oxford University’s Computer Science Department (together with St John's College at Oxford) is hiring a senior Professor in Computer Science. We are looking for somebody with a world-leading research reputation with broad academic leadership.

Closing date for applications:

Contact: Head of Department, Professor Leslie Ann Goldberg (head-of-dept@cs.ox.ac.uk).

More information: https://my.corehr.com/pls/uoxrecruit/erq_jobspec_details_form.jobspec?p_id=173846

Expand
Hao Lei, Raghvendra Rohit, Guoxiao Liu, Jiahui He, Mohamed Rachidi, Keting Jia, Kai Hu, Meiqin Wang
ePrint Report ePrint Report
The circulant twin column parity mixer (TCPM) is a type of mixing layer for the round function of cryptographic permutations designed by Hirch et al. at CRYPTO 2023. It has a bitwise differential branch number of 12 and a bitwise linear branch number of 4, which makes it competitive in applications where differential security is required. Hirch et al. gave a concrete instantiation of a permutation using such a mixing layer, named Gaston, and showed the best 3-round differential and linear trails of Gaston have much higher weights than those of ASCON. In this paper, we first prove why the TCPM has linear branch number 4 and then show that Gaston's linear behavior is worse than ASCON for more than 3 rounds. Motivated by these facts, we aim to enhance the linear security of the TCPM. We show that adding a specific set of row cyclic shifts to the TCPM can make its differential and linear branch numbers both 12. Notably, by setting a special relationship between the row shift parameters of the modified TCPM, we obtain a special kind of mixlayer called the symmetric circulant twin column parity mixer. The symmetric TCPM has a unique design property that its differential and linear branch histograms are the same, which makes the parameter selection process and the security analysis convenient. Using the symmetric TCPM, we present two new 320-bit cryptographic permutations, namely (1) Gaston-S where we replace the mixing layer in Gaston with the symmetric TCPM and (2) SBD which uses a low-latency degree-4 S-box as the non-linear layer and the symmetric TCPM as the mixing layer. We evaluate the security of these permutations considering differential, linear and algebraic analysis, and then provide the performance comparison with Gaston in both hardware and software. Our results indicate that Gaston-S and SBD are competitive with Gaston in both security and performance.
Expand
Asmita Adhikary, Abraham J. Basurto Becerra, Lejla Batina, Ileana Buhan, Durba Chatterjee, Senna van Hoek, Eloi Sanfelix Gonzalez
ePrint Report ePrint Report
Side-channel attacks pose a serious risk to cryptographic implementations, particularly in embedded systems. While current methods, such as test vector leakage assessment (TVLA), can identify leakage points, they do not provide insights into their root causes. We propose ARCHER, an architecture-level tool designed to perform side-channel analysis and root cause identification for software cryptographic implementations on RISC-V processors. ARCHER has two main components: (1) Side-Channel Analysis to identify leakage using TVLA and its variants, and (2) Data Flow Analysis to track intermediate values across instructions, explaining observed leaks.

Taking the binary file of the target implementation as input, ARCHER generates interactive visualizations and a detailed report highlighting execution statistics, leakage points, and their causes. It is the first architecture-level tool tailored for the RISC-V architecture to guide the implementation of cryptographic algorithms resistant to power side-channel attacks. ARCHER is algorithm-agnostic, supports pre-silicon analysis for both high-level and assembly code, and enables efficient root cause identification. We demonstrate ARCHER’s effectiveness through case studies on AES and ASCON implementations, where it accurately traces the source of side-channel leaks.
Expand
◄ Previous Next ►