Quo vadis cryptology ?

Threat of Side-Channel Attacks

5th International Workshop on the state of the art in cryptology and new challenges ahead

Warsaw, Poland

Monday, May 28th, 2007

LORD Hotel (near the Warsaw Airport)
Street: Al. Krakowska 218
Warsaw, POLAND
 

Program:

  8:00 - 9:00

 - 

Registration 

  9:00 - 9:05

 - 

Welcome and the introduction of the speakers

 9:05 - 10:20

 - 

 Overview of side-channel analysis
 Marc Joye
 Thomson R&D France, Security Lab

10:20 -10:45

 - 

 Coffee break 

10:45 -12:00

 - 

 Side-channel attacks and countermeasures for curve based cryptography
 Tanja Lange
 Technische Universiteit Eindhoven, the Netherlands

 12:00 - 13:30  -   Lunch
 13:30 - 14:45  -   Cache-based side channel attacks and their implications
  Eran Tromer
  Massachusetts Institute of Technology, USA
  14:45 -15:05    -   Coffee break 

 15:05-16:20

 - 

 The impact of side-channel attacks on the design of cryptosystems
 Daniel J. Bernstein
 University of Illinois at Chicago, USA

  16:20-16:30     Short break
  16:30-18:00     Panel discussion with the participation of all speakers
    moderators:
    Kris Gaj, George Mason University, USA,
    Josef Pieprzyk, Macquarie University, Sydney, Australia
    Arkadiusz Orlowski, Instytut Fizyki PAN & Katedra Informatyki SGGW, Warsaw, Poland
     

Location & fees:

Location:
LORD Hotel (near the Warsaw Airport)
Street: Al. Krakowska 218
WARSAW, POLAND

Workshop fee (including lecture notes):
640 PLN +22% VAT = 781 PLN
(approx. 185 Euro (incl. VAT), $244 US (incl. VAT))

Payment method:
by cash (only Polish currency accepted) at the workshop

Pre-registration
in order to pre-register, please send an e-mail including your
first name, last name, and affiliation to kgaj@gmu.edu

Accommodation:
Please contact hotel LORD
tel: (48 22) 574 20 20,
fax: (48 22) 574 21 21,
e-mail: okecie@hotellord.com.pl

Approximate prices and on-line reservation

You can also consider other hotels in the Warsaw airport area.

Visas:
Citizens of the following countries may travel to Poland for tourism and business purposes without a visa if the planned stay in Poland does not exceed 90 days:

Andorra, Argentina, Austria, Australia, Belgium, Bolivia, Brazil, Brunei, Bulgaria, Canada, Chile, Costa, Rica, Croatia, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Greece, Germany, Guatemala, Honduras, Hong Kong, Hungary, Iceland, Ireland, Israel, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Macao, Malaysia, Malta, Mexico, Monaco, Netherlands, Nicaragua, Norway, New Zealand, Panama, Portugal, Romania, Salvador, San Marino, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, United Kingdom, United States of America, Uruguay, Vatican, Venezuela.

Citizens from other countries not enumerated on the list above need to have a visa when visiting Poland.

Organizer:
ENIGMA Information Security Systems Sp. z o.o.
Cietrzewia Street, No. 8,
02-492 Warsaw, POLAND
http://www.enigma.com.pl  (in Polish)
phone: (+48 22) 863 62 65, fax: (+48 22) 863 62 65 ext. 25 

Program Committee:

Kris Gaj, George Mason University, U.S.A.
Karol Gorski, ENIGMA ISS Sp. z o.o., Warsaw, Poland
Arkadiusz Orlowski, Instytut Fizyki PAN & Katedra Informatyki SGGW, Warsaw, Poland
Jozef Pieprzyk, Macquarie University, Sydney, Australia


Abstracts: 

Overview of side-channel analysis
Marc Joye
Thomson R&D France, Security Lab

In this talk, we will give an overview of side-channel attacks. Side-channel analysis is a powerful technique introduced by Paul Kocher. The principle consists in collecting some extra information from one or several side channels (e.g., running time, power consumption, or electromagnetic radiation) and then in recovering secrets (or part thereof) from the collected data. Several examples on a variety of cryptographic algorithms will be presented.

Side Channel Attacks and Countermeasures for Curve Based Cryptography
Tanja Lange
Technische Universiteit Eindhoven, the Netherlands


Since curve based cryptography is very attractive for embedded systems, particular care has to be taken in the implementation to avoid side channel leakages. We give an overview of the different types of countermeasures introduced against simple and differential side-channel attacks and show which of these are secure against Goubin type attacks and which counteract fault attacks. Most of the ideas apply to elliptic and hyperelliptic curves. One approach - which so far is only explored for elliptic curves - is to thwart simple side-channel attacks is to use unified group operations, i.e. one schedules the field operations needed to compute an addition or a doubling so that the order is the same for both cases. We recently introduced a new way of representing elliptic curves which leads to the fastest unified group operations and which is also very attractive for computing multi-scalar multiplications. Finally we briefly comment on side-channel attacks and countermeasures for pairing based cryptography.

Cache-based side channel attacks and their implications
Eran Tromer
Weizmann Institute of Science, Israel
Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, USA

Modern processors employ virtualization and access control mechanisms to protect the content of processes' memory. However, information about the memory addresses being accessed is leaking through a shared resource, namely the CPU memory cache. This talk will show how this ubiquitous phenomenon can be practically exploited as a side channel, and describe cryptanalytic applications to widely deployed ciphers and systems. Consequences include violations of security boundaries in many multi-user, sandboxed and virtualized systems.

The impact of side-channel attacks on the design of cryptosystems
Daniel J. Bernstein
University of Illinois at Chicago, USA

Authors of cryptographic software have to go to extra effort to protect themselves against cache-timing attacks, branch-prediction attacks, and other side-channel attacks. The extra effort depends on the cryptosystem; side-channel resistance often makes an otherwise attractive cryptosystem end up consuming far more resources than the system designer had originally expected. This talk will explain how to write cryptographic software that keeps secret information safely away from all known software side channels, and how to design cryptosystems that remain efficient when they are implemented in this way. Examples will be drawn from several areas of secret-key and public-key cryptography.


Speaker bios: 

Marc Joye
Thomson R&D France, Security Lab

Dr. Marc Joye is with the Security Laboratory, Thomson R&D, France. Before joining Thomson, he was a post-doctoral fellow of the National Science Council, Republic of China, and a researcher in the Card Security Group of Gemplus. His research interests include cryptography, computer security, computational number theory, and smart-card implementations. He is author and co-author of 70+ scientific papers and holds several patents. He served in numerous program committees and was program chair of CT-RSA 2003 and CHES 2004. He is a member of the IACR and co-founder of the UCL Crypto Group.

Tanja Lange
Technische Universiteit Eindhoven, the Netherlands


Tanja Lange is professor at the Technische Universiteit Eindhoven, the Netherlands. Before joining TUE she worked at the Technical University of Denmark and the Ruhr-University Bochum, Germany. She is well-known for her work on elliptic and hyperelliptic curves, making hyperelliptic curves competitive with elliptic curves in speed and beating them for special choices. She is one of the main authors of the Handbook of Elliptic and Hyperelliptic Curve Cryptography (http://www.hyperelliptic.org/HEHCC/) and wrote in particular the chapter on side-channel attacks on curves. Together with Christof Paar she funded the "SHARCS -- Special-purpose Hardware for Attacking Cryptographic Systems" (www.sharcs.org) workshop series which is running in the third year. Together with Daniel Bernstein she is running the eBATS (ECRYPT Benchmarking of Asymmetric Systems) competition (www.ecrypt.eu.org/ebats) and the "SPEED -- Software Performance Enhancement for Encryption and Decryption" workshop (www.hyperelliptic.org/SPEED).

Eran Tromer
Massachusetts Institute of Technology, USA

Eran Tromer is a postdoctoral fellow at the Massachusetts Institute of Technology. His research focuses on side-channel cryptanalysis and hardware-based cryptanalytic devices. He received the John F. Kennedy award for his Ph.D. (pending) advised by Prof. Adi Shamir at the Weizmann Institute of Science, Israel, and the Rothschild fellowship.

Daniel J. Bernstein
University of Illinois at Chicago, USA

Daniel J. Bernstein is Professor in the Department of Mathematics, Statistics, and Computer Science at the University of Illinois at Chicago. Professor Bernstein has received a U.S. National Science Foundation CAREER award and a Sloan Research Fellowship for his research in computational number theory, cryptography, and computer security. He is the author of dozens of papers and two of the Internet's most popular server software packages.


Related links:

Marc Joye - personal web page
Tanja Lange - personal web page
Eran Tromer - personal web page
Daniel J. Bernstein - personal web page

Fourth Workshop “Quo vadis cryptology? - The Future of Financial and Critical Data Security, Warsaw, May 2006
Third Workshop “Quo vadis cryptology? - Advances in cryptanalysis, Warsaw, May 2005
Second Workshop “Quo vadis cryptology? - AES Under Attack: Designing Secure Ciphers and the Challenge of Algebraic Attacks, Warsaw, May 2004