[crypto] [secdm at tue.nl: Program Crypto Working Group, December 16, 2016]
R. Hirschfeld
ray at unipay.nl
Tue Dec 13 10:32:20 CET 2016
------- Start of forwarded message -------
From: Secretariaat DM <secdm at tue.nl>
Subject: Program Crypto Working Group, December 16, 2016
Date: Mon, 12 Dec 2016 13:15:07 +0000
Dear all,
Herewith I send you the program of the CWG-meeting this Friday, December 16, 2016.
With kind regards / Met vriendelijke groeten,
Anita Klooster
secretary of the section Discrete Mathematics
[cid:image001.gif at 01CB8FB5.88A9C0F0]
Dept. of Mathematics and Computer Science
MF 4.058
Office hours: Monday and Friday 08.30-12.30 h / Tuesday and Wednesday 08.30-17.00 h
Telephone: +31 (0)40 2472254
Email: secdm at tue.nl<mailto:secdm at tue.nl>
CRYPTO WORKING GROUP
Friday, December 16, 2016
De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
Oudegracht 36, Utrecht
Program
10.45 - 11.30 hrs. Léon Groot Bruinderink (TU/e),
Flush, Gauss, and Reload - A Cache-attack on the BLISS Lattice-based Signature Scheme
11.30 - 11.45 hrs. Coffee / tea break
11.45 - 12.30 hrs. Joost Renes (RU Nijmegen),
Efficient compression of SIDH public keys
12.30 - 14.00 hrs. Lunch break (lunch not included)
14.00 - 14.45 hrs. Ismail Khoffi (EPFL),
Overview and challenges of CONIKS-like transparency overlays for key-management
14.45 - 15.00 hrs. Coffee / tea break
15.00 - 15.45 hrs. Kostas Papagiannopoulos (RU Nijmegen),
Bitsliced Masking and ARM: Friends or Foes?
Abstract talk Kostas Papagiannopoulos: Bitsliced Masking and ARM: Friends or Foes?
Software-based cryptographic implementations can be vulnerable to side-channel analysis. Masking countermeasures rank among the most prevalent techniques against it, ensuring formally the protection vs. value-based leakages. However, its applicability is halted by two factors. First, a masking countermeasure involves a computational overhead that can render implementations inefficient. Second, physical effects such as glitches and distance-based leakages can cause the reduction of the security order in practice, rendering the masking protection less effective. In order to reduce the computational cost, we implement a high-throughput, bitsliced, 2nd-order masked implementation of the PRESENT cipher, in ARM Cortex-M4. Second, we analyze experimentally the effectiveness of masking in ARM devices, i.e. we examine the effects of distance-based leakages on the security order of our implementation. We confirm the theoretical model behind distance leakages for the first time in ARM-!
based architectures.
------- End of forwarded message -------
More information about the crypto
mailing list