[crypto] Fwd: PROGRAM Crypto Working Group, April 12, 2019

R. Hirschfeld ray at unipay.nl
Mon Apr 8 17:20:16 CEST 2019 


-------- Original Message --------
Subject: PROGRAM Crypto Working Group, April 12, 2019
Date: 2019-04-08 16:59
 From: Secretariaat DM <secdm at tue.nl>
To: Secretariaat DM <secdm at tue.nl>

Dear all,

Herewith I send you the program of the CWG-meeting on Friday, April 12, 
2019.

With kind regards / Met vriendelijke groeten,
Anita Klooster
secretary of the section Discrete Mathematics

[cid:image001.gif at 01CB8FB5.88A9C0F0]

Dept. of Mathematics and Computer Science
MF 4.058
Office hours: Monday and Friday 08.30-12.30 h / Tuesday and Wednesday 
08.30-17.00 h
Telephone: +31 (0)40 2472254
Email: secdm at tue.nl<mailto:secdm at tue.nl>




CRYPTO WORKING GROUP


Friday, April 12, 2019
De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
Oudegracht 36, Utrecht



Program


10.45 – 11.30 hrs.                             Michael Meyer (Hochschule 
RheinMain),

                                                                          
         On Lions and Elligators: An efficient constant-time 
implementation of CSIDH

11.30 -  11.45 hrs.                             Coffee / tea break


11.45 - 12.30 hrs.                              Tobias Oder (Ruhr Univ. 
Bochum),

                                                                          
         Masking NewHope at Arbitrary Orders


12.30 -  14.00 hrs.             Lunch break (lunch not included)


14.00 - 14.45 hrs.                              Thom Wiggers (RU 
Nijmegen),

                                                                          
         Solving LPN using Large Covering Codes


14.45 - 15.00 hrs.                           Coffee / tea break


15.00 - 15.45 hrs                               Richard Petri (SIT 
Fraunhofer),

                                                                          
         Implementing Side-Channel Protections for ARX Ciphers


Abstract talk Michael Meyer: On Lions and Elligators: An efficient 
constant-time implementation of CSIDH

CSIDH is a new and promising candidate for a post-quantum key exchange. 
However, its proof-of-concept implementations are variable-time and 
hence vulnerable to timing attacks. Therefore, efficient constant-time 
implementations are required. This talk gives an overview of 
isogeny-based cryptography, the algorithmic design of CSIDH, and 
techniques for efficient constant-time implementations.



Abstract talk Tobias Oder: Masking NewHope at Arbitrary Orders

During the last years key exchange schemes based on the hardness of 
ring-LWE, like NewHope, have gained significant popularity. For 
real-world security applications assuming strong adversary models, a 
number of practical issues still need to be addressed. Protection 
against side-channel attacks is one of these issues. In this talk we 
present potential countermeasures to protect the NewHope key exchange 
against timing attacks and higher-order power analysis.



Abstract talk Thom Wiggers: Solving LPN using Large Covering Codes

Learning Parity with Noise (LPN) is mathematical problem that we can 
base cryptographic schemes on, and it is supposed to be hard for both 
classical and quantum computers. We will be looking at how hard this 
problem actually is, by studying existing attacks on the LPN problem. 
Most attacks on LPN use enormous amounts of memory. We aim to improve 
that situation.
More concretely, we study composing a reduction based on covering codes 
with a solving algorithm called Gauss. Both the reduction and the Gauss 
algorithm use little memory, but by itself Gauss is slower than attacks 
that use more memory.
Unfortunately, we determine that this combination will not work. We also 
look at improving the codes used by the reduction by applying StGen 
codes, which was proposed by Simona Samardjiska at a RU-DS lunch talk in 
March 2017. While this improves run-time performance in theory, the 
real-world performance is much less positive.

We will also be looking ahead at some of our ongoing efforts in finding 
new attacks that fit in  constrained memory.
Finally, we developed software that we hope allows people to easily work 
with the LPN problem and the algorithms that aim to solve it.



Abstract talk Richard Petri: Implementing Side-Channel Protections for 
ARX Ciphers

Boolean masking for the modular addition operation in software has a 
very high performance overhead concerning two aspects: the instruction 
count is very high compared to a normal addition operation and the 
amount of entropy   consumed is quite high.

This work improves on these aspects by applying the Threshold 
Implementation (TI) methodology with two shares and by reusing internal 
values as randomness source in such a way that the uniformity is always 
preserved.

This approach performs faster compared to the previously known masked 
addition and subtraction algorithms if we only consider the number of 
ARM assembly instructions. Furthermore the amount of randomness is 
significantly reduced to just one bit additional entroy per addition, 
which is a good trade-off for the improved performance.

This work was previously presented at CHES and this presentation 
provides extended information on the process and tools used during 
development, including our extended version of the MAPS power simulator 
for Cortex-M4  microcontrollers.

More information about the crypto mailing list