CERG Seminars are held in the Engineering Building on the GMU Fairfax campus unless noted otherwise. Parking is available in the Sandy Creek parking deck near the Engineering Building. Directions to the campus can be found here. The seminar talks are usually 45 to 60 minutes long and are open to the public. If you wish to be notified about future seminars, please send an e-mail to Jens-Peter Kaps.
Secure Implementation of Cryptography: Tools and Case Studies
Abubakr Abdulgadir, Ph.D. Thesis Defense
Date: Friday, May 28th, 12:00 pm - 1:00 pm
Lightweight authenticated ciphers are crucial in many resource-constrained applications, including online payment, edge computing, and the Internet of Things. However, the current standard AES-GCM is not adequate for many applications. Recent developments in Post-Quantum computing increased the urgency of deploying Post-Quantum cryptographic standards that withstand quantum and classic attacks. As a response to these needs, the US National Institute of Standards (NIST) coordinates two standardization processes to evaluate and ratify suitable algorithms. Although resistance to mathematical cryptanalysis is paramount, cost, performance, and resistance to side-channel attacks are among the most critical selection criteria.
In this research, we study the effect of applying side-channel countermeasures to the NIST LWC candidates Xoodyak and TinyJAMBU and the NIST PQC candidate Saber with a concentration on hardware implementations. Specifically, we employ the Domain-Oriented masking countermeasure to produce two first-order protected implementations of Xoodyak. For TinyJAMBU, we present a flexible implementation that is synthesizable for arbitrary order of protection. For Saber, we first develop a lightweight design and then apply countermeasures to algorithm building blocks.
In parallel, we developed the tools necessary for this research to improve on the existing FOBOS platform. We significantly improved the efficiency and flexibility of the system while using affordable hardware components. Our upgrades resulted in an efficient system capable of performing leakage assessment and attacks on FPGA cryptographic implementations. We also improved the usability of the system to address research and education needs. Our work aims at establishing methodologies and providing tools to develop and evaluate cryptographic candidates. Also, our results provide a more realistic look at the practical cost and performance of the algorithms studied.
Implementation, Benchmarking, and Protection of Lightweight Cryptography Candidates
Richard Haeussler, MS Thesis Defense
Date: Wednesday, April 28th, 11:00 am - 12:00 pm
In August 2019, the US National Institute of Standards and Technology (NIST) announced 32 candidates for Round 2 of their Lightweight Cryptography (LWC) standardization process. NIST needed to understand how each of the candidates performed in software and hardware before making their finalist selections. George Mason University's Cryptographic Engineering Research Group (CERG) assisted NIST by organizing the Field-Programmable Gate Array (FPGA) benchmarking of the Round 2 candidates. CERG developed LWC Hardware API compliant implementations for 14 of the Round 2 candidates. This work contains a detailed breakdown of the unprotected hardware implementations of Elephant and Xoodyak, along with figures and tables to illustrate the design choices that were made. It also highlights several new features that CERG added to the LWC Hardware API development package to assist in the FPGA benchmarking. An overview of CERG's benchmarking efforts, along with the results for Elephant and Xoodyak, are contained. From the results, analysis was conducted to determine possible design improvements. On March 29, 2021, NIST announced both Elephant and Xoodyak as LWC finalists. Before NIST announced finalists, Domain Oriented Masking was used to develop side-channel resistant implementations of both Elephant and Xoodyak. The efforts from this work certainly provide NIST with valuable information for their LWC standardization process.