DRM schemes are by design a never-ending game of cat and mouse revolving around properitary and skechy cryptographic approaches. In this work the cryptographic principles of the Advanced Access Content System (AACS) [1-3] should be evaluated in detail.

The main outcome hereby should be a general introduction to AACS, and an exhaustive list of all threat vectors.

[1] https://en.wikipedia.org/wiki/Advanced_Access_Content_System

[2] https://en.wikipedia.org/wiki/Security_of_Advanced_Access_Content_System

[3] https://en.wikipedia.org/wiki/AACS_encryption_key_controversy

Crystals-Dilithium is one of NISTs to be standardized Post-Quantum Secure Digital Signature Algorithms. As the standardization process continues, several implementations protected against side-channel attacks have been proposed.

The goal of this work is to compare the design goals and achieved performance of currently proposed implementations based on their papers.

References:

Paper 1

Paper 2

 Telecommunication (CDMA) and satellite navigation (GPS) use the same signal channels or frequencies from different senders. Thus, low correlation codes - Gold codes - are used to increase the SNR. In Side-Channel analysis it is challenging to attack parallel operations due to degrading SNR. This could be solved by applying low correlation inputs, since the cross-correlation between parallel operations may be influenced positively yielding a larger attack surface.

In this work, an overview of existing low correlation codes should be written. Gold codes working principle should be described in detail and compared to other low correlation codes [1]. Cross correlation analysis of the codes should be also taken into consideration [2] since this will be the main challenge for an application at side-channel attack targets.. A special emphasize is laying on outputting multiple bits at the same time in order to feed a side channel attack target with such codes.

[1] M. B. Mollah and M. R. Islam, "Comparative analysis of Gold Codes with PN codes using correlation property in CDMA technology"

[2] T. M. N. Huda and S. F. Islam, "Correlation analysis of the gold codes and walsh codes in CDMA technology"

The term ‘memristor’ by now covers a wide range of technologies implementing two-terminal circuit elements with variable resistance. In the domain of non-volatile memory, memristors are expected to enter the mass market at one point or the other. Other applications, such as memristor-based analogue accelerators for neural network inference, are heavily researched as well.

Digital logic can also be built using memristors. Circuits realising logic functions within a memristor crossbar structure have been described for quite some time now (e.g. [1]). Some research focuses on methods to synthesis generic logic functions into memristor circuits (e.g. [2]). Recently, purpose-built memristive circuits for specific applications have also been developed (e.g. [3]).

The aim of this work is to provide an overview of recent work on applications of digital memristive logic. Recent literature can be summarised e.g. regarding

• applications (e.g. implemented functions),
• circuit topologies,
• simulation methods, and
• memristor technologies.

[1] http://ieeexplore.ieee.org/document/6617731/
[2] https://ieeexplore.ieee.org/abstract/document/8091016
[3] https://ieeexplore.ieee.org/abstract/document/9837685

With the imminent threat of large scale quantum computers, the current established asymmetric cryptography will likely be broken in the future.
In order to mitigate this risk, a shift to other cryptographic algorithms based on mathematical problems that are not vulnerable to such a large scale quantum computer has to be performed.
This topic of post-quantum cryptography is mainly driven by the US NIST in its standardization effort [1].
Although this effort reached an end with the publication of first drafts of algorithms that have been selected for publication [2], other entities follow their own standardization efforts or give different recommendations.
This work should give an overview of the whole standardization process (timeline, actors etc.) with respect to possible standardization entities. Examples include:
- German BSI (https://www.bsi.bund.de/DE/Home/home_node.html)
- Fench ANNSI (https://www.ssi.gouv.fr/en/)
- NIST [1]
- Koera KqpC Competition (https://www.kpqc.or.kr/competition.html)
- China Efforts [3]
- ISO
The paper should include recommended algorithms, possible arguments/reasons why those are chosen, and the an exhaustive literatrue research.

[1] https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
[2] https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography
[3] https://docbox.etsi.org/Workshop/2018/201811_ETSI_IQC_QUANTUMSAFE

/EXECUTIVETRACK/JING_CHINESEACCADEMYOFSCIENCE.pdf

For real world deployment, cryptographic devices must be protected against physical attacks. Against power-side channels, masking in its different flavors (e.g., Boolean, arithmetic masking) is a common approach. To implement masked cryptographic schemes, secure gadgets that are proven to be secure in certain probing models are typically used.

The first part of this work aims at explaining security notions like non-interference (NI), strong non-interference (SNI) [1], that are used within the context of secure gadgets. Afterwards, the work should investigate and explain some secure gadgets and procedures that are commonly used in post-quantum cryptography, as for example proposed in [2].

References

• [1]: https://dl.acm.org/doi/abs/10.1145/2976749.2978427
• [2]: https://link.springer.com/chapter/10.1007/978-3-030-21568-2_17

Shor's algorithm threathens the security of conventional asymmetric cryptography as soon as a sufficiently large quantum computer is available. As a consequence, alternative cryptographic schemes must be found that withstand quantum-computers. This research area is denoted as Post-Quantum Cryptography (PQC).

Recently, NIST opened an additional call for post-quantum signature schemes to extend their portfolio of standards [1]. Several schemes, that are based on the Multi-Party Computation in the Head (MPCitH) paradigm [2], were submitted to this call.

In the first part of this work, the idea behind the MPCitH paradigm should be explained. The second part should give an overview of the signature schemes (based on MPCitH) in the NIST call. The goal is to provide an overview of the key and signature sizes as well as the performance of the MPCitH schemes.

References:

• [1] : https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures
• [2]: https://dl.acm.org/doi/abs/10.1145/1250790.1250794

The objective of this task is to conduct a comprehensive survey of wear leveling techniques employed in flash memory and/or phase-change memory (PCM) technologies. Wear leveling is crucial for extending the lifespan and maintaining the reliability of these non-volatile memory types. This survey shall provide insights into various wear leveling methods, their advantages, limitations, and applications.

The survey will cover wear leveling techniques used in both flash memory and PCM technology. Flash memory includes NAND and NOR flash, while PCM is a type of emerging non-volatile memory technology. The survey will encompass static and dynamic wear leveling strategies, as well as any innovative approaches used to optimize wear leveling.

A possible starting point is given by the following paper:

• [1] M. K. Qureshi, J. Karidis, M. Franceschini, V. Srinivasan, L. Lastras, and B. Abali, “Enhancing lifetime and security of PCM-based main memory with start-gap wear leveling,” in MICRO, 2009.
• [2] N. H. Seong, D. H. Woo, and H.-H. S. Lee, “Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-change Memory with Dynamically Randomized Address Mapping,” in ISCA, 2010.
• [3] F. Huang, D. Feng, W. Xia, W. Zhou, Y. Zhang, M. Fu, C. Jiang, and Y. Zhou, “Security RBSG: Protecting Phase Change Memory with Security-Level Adjustable Dynamic Mapping,” in IPDPS, 2016.

Physical Unclonable Function enable different features to be used for security. They therefore exploit fingerprint-like characteristics of a silicon device.
However, this fingerprint is noisy such that some kind of error correction is necessary.

The topic for this thesis is to evaluate the applicabiltiy of [1] to the PUF context.

[1] Cohen, Alejandro, et al. "AES as Error Correction: Cryptosystems for Reliable Communication." IEEE Communications Letters (2023).

Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.

With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).

The aim of this work is a comprehensive literature search

• summarising hybrid memristor-CMOS PUF designs,
• determining the benefits and drawbacks compared to purely CMOS PUF designs, and
• evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.

[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347

Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.

The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.

References

• Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.
  
  
• Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.

Formal verification is an emerging trend [1-3] to justify the security claims of a cryptographic implementation against SCA and FIA. This work aims to provide an overview of formal verification approaches and tools.

[1] https://eprint.iacr.org/2020/634.pdf

[2] https://eprint.iacr.org/2020/1294.pdf

[3] https://eprint.iacr.org/2019/1312.pdf

Lightweight cryptography is a popular research area, dedicated to achieving high levels of security on embedded devices, despite their resource constraints, such as limited processing power, lower memory, low energy. Moreover, low latency is another critical aspect of these algorithms, particularly in the context of real-time, safety-critical systems.

The aim of this work is to:

• conduct a literature review for finding existing lightweight, low-latency cryptographic algorithms (e.g. PRINCE, NIST Lightweight Cryptography Finalists [1], such as ASCON),
• list the advantages, disadvantages, and use cases of these algorithms for their implementations on RISC-V,
• and to compare with each other.

References:

[1] Madushan H, Salam I, Alawatugoda J. A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses. Electronics. 2022; 11(24):4199.

In recent years, publications use belief propagation techniques to boost the information gain from side-channel analysis. Such attacks can be seen as a merge of divide and conquer differential attacks and algebraic side-channel attacks.

Primas~et~al. for example break latice based encrypten often used in PQC with merely a single trace [1]. They first match templates with the trace and the so aquired results are combined within a belief propagation graph. Lastly, they use the so acquired information in lattice-decoding to get the secret key. Other works, such as [2-4] use similar approaches. The field of such attack combinations is promising for building up very powerful attacks as [1] shows. Countermeasures, that randomize the execution sequence for example, can become ineffective.

Within the Scientific Seminar, a overview of existing work should be gathered. Concretely, the most relevant works of attacks should be summarized shortly. Common SCA countermeasures should be checked in regard of their resistance against such attacks.

[1] Primas, Robert, Peter Pessl, and Stefan Mangard. "Single-trace side-channel attacks on masked lattice-based encryption." Cryptographic Hardware and Embedded Systems–CHES 2017: 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Springer International Publishing, 2017.

[2] Hermelink, Julius, et al. "Adapting belief propagation to counter shuffling of NTTs." IACR Transactions on Cryptographic Hardware and Embedded Systems (2023): 60-88.

[3] Le Bouder, Hélène, et al. "A multi-round side channel attack on AES using belief propagation." Foundations and Practice of Security: 9th International Symposium, FPS 2016, Québec City, QC, Canada, October 24-25, 2016, Revised Selected Papers 9. Springer International Publishing, 2017.

[4] Veyrat-Charvillon, Nicolas, Benoît Gérard, and François-Xavier Standaert. "Soft analytical side-channel attacks." Advances in Cryptology–ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, ROC, December 7-11, 2014. Proceedings, Part I 20. Springer Berlin Heidelberg, 2014.

This task aims to provide an in-depth understanding of the various hardware design approaches, optimization techniques, and performance evaluations of ASCON, which stands for "Authenticated Secret CONfidentiality,". ASCON is a lightweight cryptographic algorithm designed to provide a high level of security for various applications while maintaining efficiency in terms of both computational resources and energy consumption. ASCON was created as a response to the need for secure and efficient encryption and authentication in resource-constrained environments, such as embedded systems, IoT (Internet of Things) devices, and low-power hardware.

A good starting point is following paper:

[1] H. Groß, E. Wenger, C. Dobraunig and C. Ehrenhöfer, "Suit up! -- Made-to-Measure Hardware Implementations of ASCON," 2015 Euromicro Conference on Digital System Design, Madeira, Portugal, 2015, pp. 645-652, doi: 10.1109/DSD.2015.14.