Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007)

Vienna, Austria
Monday September 10th - Thursday 13th, 2007

[Monday, September 10] [Tuesday, September 11] [Wednesday, September 12] [Thursday, September 13]


Authors: If you like to share your presentation slides with the CHES community, please e-mail .

Monday, September 10
18:00 -      Registration
19:00 -      Reception

Tuesday, September 11
08:00 -       Registration
08:45 - 09:00Welcome
09:00 - 10:15 Session 1:
Differential and higher order attacks

Chair: Louis Goubin
Josh Jaffe A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter
Kerstin Lemke-Rust, Christof Paar Gaussian Mixture Models for Higher-Order Side Channel Analysis
Jean-Sébastien Coron, Emmanuel Prouff, Matthieu Rivain Side Channel Cryptanalysis of a Higher Order Masking Scheme
10:15 - 10:45Break
10:45 - 11:45 Invited Talk I

Chair: Ingrid Verbauwhede
Pankaj Rohatgi Trustworthy Hardware
11:45 - 12:00Short Break
12:00 - 12:50 Session 2:
Random number and device identification

Chair: Werner Schindler
Markus Dichtl, Jovan Golic High-Speed True Random Number Generation with Logic Gates Only
Jorge Guajardo, Sandeep Kumar, Geert-Jan Schrijen, Pim Tuyls FPGA intrinsic PUFs and their use for IP protection
13:00 - 14:30Lunch (Buffet)
14:30 - 15:45 Session 3:
Logic styles: masking and routing

Chair: M. Matsui
Thomas Popp, Mario Kirschbaum, Thomas Zefferer, Stefan Mangard Evaluation of the Masked Logic Style MDPL on a Prototype Chip
Patrick Schaumont, Kris Tiri Masking and Dual-rail Logic Don't Add Up
Benedikt Gierlichs DPA-Resistance Without Routing Constraints? A cautionary note about MDPL security
15:45 - 16:15Break
16:15 - 17:30 Session 4:
Efficient algorithms for embedded processors

Chair: Elena Trichina
Mitsuru Matsui, Junko Nakajima On the Power of Bitslice Implementation on Intel Core2 Processor
Marc Joye Highly Regular Right-to-Left Algorithms for Scalar Multiplication
Hirotaka Yoshida, Dai Watanabe, Katsuyuki Okeya, Jun Kitahara, Hongjun Wu, Ozgul Kucuk, Bart Preneel MAME: A compression function with reduced hardware requirements
19:00 -      Rump Session

Wednesday, September 12
08:30 -       Registration
09:00 - 10:15 Session 5:
Collision attacks and fault analysis

Chair: David Naccache
Alex Biryukov, Andrey Bogdanov, Dmitry Khovratovich, Timo Kasper Collision Attacks on AES-based MAC: Alpha-MAC
Christophe Clavier Secret external encoding do not prevent transient fault analysis
Alex Biryukov, Dmitry Khovratovich Two New Techniques of Side-Channel Cryptanalysis
10:15 - 10:45Break
10:45 - 11:45 Invited Talk II

Chair: Pascal Paillier
Kim Nguyen Contactless authentication protocols for MRTDs
11:45 - 12:00Short Break
12:00 - 12:50 Session 6:
high speed AES

Chair: Guido Bertoni
Owen Harrison, John Waldron AES Encryption Implementation and Analysis on Commodity Graphics Processing Units
Stefan Lemsitzer, Johannes Wolkerstorfer, Norbert Felber, Matthias Braendli Multi-Gigabit GCM-AES Architecture Optimized for FPGAs
13:00 - 14:30Lunch (Buffet)
14:30 - 15:45 Session 7:
Public key

Chair: Tanja Lange
Jean-Luc Beuchat, Nicolas Brisebarre, Jérémie Detrey, Eiji Okamoto Arithmetic Operators for Pairing-Based Cryptography
Kimmo Järvinen, Juha Forsten, Jorma Skyttä FPGA Design of Self-Certified Signature Verification on Koblitz Curves
Daisuke Suzuki How to Maximize the Potential of FPGA Resources for Modular Exponentiation
15:45 - 16:15Break
16:15 - 17:05 Session 8:
Implementation cost of countermeasures

Chair: Catherine Gebotys
Reouven Elbaz, David Champagne, Ruby B. Lee, Pierre Guillemin, Lionel Torres, Gilles Sassatelli TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense against Memory Replay Attacks
Stefan Tillich, Johann Groszschaedl Power Analysis Resistant AES Implementation with Instruction Set Extensions
19:30 -      CHES dinner in Orangerie Schönbrunn

Thursday, September 13
08:30 -       Registration
09:30 - 10:45 Session 9:
Security issues for RF and RFID
Michael Hutter, Stefan Mangard, Martin Feldhofer Power and EM Attacks on Passive 13.56 MHz RFID Devices
O. Savry, F. Pebay-Peroula, F. Dehmas, G. Robert, J. Reverdy RFID Noisy Reader How to Prevent from Eavesdropping on the Communication?
Darko Kirovski, Gerald DeJean RF-DNA: Radio-Frequency Certificates of Authenticity
10:45 - 11:15Break
11:15 - 12:30 Session 10:
Special purpose hardware for cryptanalysis

Chair: Kris Gaj
Tetsuya Izu, Jun Kogure, Takeshi Shimoyama CAIRN2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
Guerric Meurice de Dormale, Philippe Bulens, Jean-Jacques Quisquater Collision Search for Elliptic Curve Discrete Logarithm over GF(2m) with FPGA
Andrey Bogdanov, Thomas Eisenbarth, Andy Rupp Hardware-Assisted Realtime Attack on A5/2 without Precomputations
12:30 - 14:00Lunch (Buffet)
14:00 - 14:50 Session 11:
Side channel Analysis

Chair: Lejla Batina
Pascal Manet, Bruno Robisson Differential Behavioral Analysis
F. Mace, F.-X. Standaert, J.-J. Quisquater Information Theoretic Evaluation of Side-Channel Resistant Logic Styles
14:50 - 15:10Break
15:10 - 16:00 Session 12:
Problems and solutions for lightweight devices

Chair: Patrick Schaumont
Christophe Clavier and Jean-Sébastien Coron On the Implementation of a Fast Prime Generation Algorithm
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, C. Vikkelsoe PRESENT: An Ultra-Lightweight Block Cipher
16:00 - 16:15Good Bye