Crystals-Dilithium is one of NISTs to be standardized Post-Quantum Secure Digital Signature Algorithms. As the standardization process continues, several implementations protected against side-channel attacks have been proposed.

The goal of this work is to compare the design goals and achieved performance of currently proposed implementations based on their papers.

References:

Paper 1

Paper 2

Telecommunication (CDMA) and satellite navigation (GPS) use the same signal channels or frequencies from different senders. Thus, low correlation codes - Gold codes - are used to increase the SNR. In Side-Channel analysis it is challenging to attack parallel operations due to degrading SNR. This could be solved by applying low correlation inputs, since the cross-correlation between parallel operations may be influenced positively yielding a larger attack surface.

In this work, an overview of existing low correlation codes should be written. Gold codes working principle should be described in detail and compared to other low correlation codes [1]. Cross correlation analysis of the codes should be also taken into consideration [2] since this will be the main challenge for an application at side-channel attack targets.. A special emphasize is laying on outputting multiple bits at the same time in order to feed a side channel attack target with such codes.

[1] M. B. Mollah and M. R. Islam, "Comparative analysis of Gold Codes with PN codes using correlation property in CDMA technology"

[2] T. M. N. Huda and S. F. Islam, "Correlation analysis of the gold codes and walsh codes in CDMA technology"

Masking schemes to protect an implementation against side-channel attacks usually come with security proofs in so-called probing models [1, 2].
There exists different probing models that address different leakage characteristics, such as glitches [3].

The goal is to give insight into different probing models, their characteristics and limitations.

References

[1] Ishai, Y., Sahai, A., Wagner, D. (2003). Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_27

[2] Cassiers, Gaetan & Standaert, François-Xavier. (2020). Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Transactions on Information Forensics and Security. PP. 1-1. 10.1109/TIFS.2020.2971153.

[3] Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., & Standaert, F.-X. (2018). Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120

With the imminent threat of large scale quantum computers, the current established asymmetric cryptography will likely be broken in the future.
In order to mitigate this risk, a shift to other cryptographic algorithms based on mathematical problems that are not vulnerable to such a large scale quantum computer has to be performed.
This topic of post-quantum cryptography is mainly driven by the US NIST in its standardization effort [1].
Although this effort reached an end with the publication of first drafts of algorithms that have been selected for publication [2], other entities follow their own standardization efforts or give different recommendations.
This work should give an overview of the whole standardization process (timeline, actors etc.) with respect to possible standardization entities. Examples include:
- German BSI (https://www.bsi.bund.de/DE/Home/home_node.html)
- Fench ANNSI (https://www.ssi.gouv.fr/en/)
- NIST [1]
- Koera KqpC Competition (https://www.kpqc.or.kr/competition.html)
- China Efforts [3]
- ISO
The paper should include recommended algorithms, possible arguments/reasons why those are chosen, and the an exhaustive literatrue research.

[1] https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
[2] https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography
[3] https://docbox.etsi.org/Workshop/2018/201811_ETSI_IQC_QUANTUMSAFE

/EXECUTIVETRACK/JING_CHINESEACCADEMYOFSCIENCE.pdf

For real world deployment, cryptographic devices must be protected against physical attacks. Against power-side channels, masking in its different flavors (e.g., Boolean, arithmetic masking) is a common approach. To implement masked cryptographic schemes, secure gadgets that are proven to be secure in certain probing models are typically used.

The first part of this work aims at explaining security notions like non-interference (NI), strong non-interference (SNI) [1], that are used within the context of secure gadgets. Afterwards, the work should investigate and explain some secure gadgets and procedures that are commonly used in post-quantum cryptography, as for example proposed in [2].

References

• [1]: https://dl.acm.org/doi/abs/10.1145/2976749.2978427
• [2]: https://link.springer.com/chapter/10.1007/978-3-030-21568-2_17

The objective of this task is to conduct a comprehensive survey of wear leveling techniques employed in flash memory and/or phase-change memory (PCM) technologies. Wear leveling is crucial for extending the lifespan and maintaining the reliability of these non-volatile memory types. This survey shall provide insights into various wear leveling methods, their advantages, limitations, and applications.

The survey will cover wear leveling techniques used in both flash memory and PCM technology. Flash memory includes NAND and NOR flash, while PCM is a type of emerging non-volatile memory technology. The survey will encompass static and dynamic wear leveling strategies, as well as any innovative approaches used to optimize wear leveling.

A possible starting point is given by the following paper:

• [1] M. K. Qureshi, J. Karidis, M. Franceschini, V. Srinivasan, L. Lastras, and B. Abali, “Enhancing lifetime and security of PCM-based main memory with start-gap wear leveling,” in MICRO, 2009.
• [2] N. H. Seong, D. H. Woo, and H.-H. S. Lee, “Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-change Memory with Dynamically Randomized Address Mapping,” in ISCA, 2010.
• [3] F. Huang, D. Feng, W. Xia, W. Zhou, Y. Zhang, M. Fu, C. Jiang, and Y. Zhou, “Security RBSG: Protecting Phase Change Memory with Security-Level Adjustable Dynamic Mapping,” in IPDPS, 2016.

Physical Unclonable Function enable different features to be used for security. They therefore exploit fingerprint-like characteristics of a silicon device.
However, this fingerprint is noisy such that some kind of error correction is necessary.

The topic for this thesis is to evaluate the applicabiltiy of [1] to the PUF context.

[1] Cohen, Alejandro, et al. "AES as Error Correction: Cryptosystems for Reliable Communication." IEEE Communications Letters (2023).

DRM schemes are by design a never-ending game of cat and mouse revolving around properitary and skechy cryptographic approaches. In this work the cryptographic principles of the Advanced Access Content System (AACS) [1-3] should be evaluated in detail.

The main outcome hereby should be a general introduction to AACS, and an exhaustive list of all threat vectors.

[1] https://en.wikipedia.org/wiki/Advanced_Access_Content_System

[2] https://en.wikipedia.org/wiki/Security_of_Advanced_Access_Content_System

[3] https://en.wikipedia.org/wiki/AACS_encryption_key_controversy

Formal verification is an emerging trend [1-3] to justify the security claims of a cryptographic implementation against SCA and FIA. This work aims to provide an overview of formal verification approaches and tools.

[1] https://eprint.iacr.org/2020/634.pdf

[2] https://eprint.iacr.org/2020/1294.pdf

[3] https://eprint.iacr.org/2019/1312.pdf

Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.

With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).

The aim of this work is a comprehensive literature search

• summarising hybrid memristor-CMOS PUF designs,
• determining the benefits and drawbacks compared to purely CMOS PUF designs, and
• evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.

[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347

Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.

The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.

References

• Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.
  
  
• Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.

There is a recent work proposing a side-channel attack on HMAC-SHA2.

The goal of this work is to give an overview over previous works attacking SHA2 and possibly proposed countermeasures.

References:

Paper

The term ‘memristor’ by now covers a wide range of technologies implementing two-terminal circuit elements with variable resistance. In the domain of non-volatile memory, memristors are expected to enter the mass market at one point or the other. Other applications, such as memristor-based analogue accelerators for neural network inference, are heavily researched as well.

Digital logic can also be built using memristors. Circuits realising logic functions within a memristor crossbar structure have been described for quite some time now (e.g. [1]). Some research focuses on methods to synthesis generic logic functions into memristor circuits (e.g. [2]). Recently, purpose-built memristive circuits for specific applications have also been developed (e.g. [3]).

The aim of this work is to provide an overview of recent work on applications of digital memristive logic. Recent literature can be summarised e.g. regarding

• applications (e.g. implemented functions),
• circuit topologies,
• simulation methods, and
• memristor technologies.

[1] http://ieeexplore.ieee.org/document/6617731/
[2] https://ieeexplore.ieee.org/abstract/document/8091016
[3] https://ieeexplore.ieee.org/abstract/document/9837685

Cyber resilience, also known as attack resilience, describes the ability of a system to protect itself against malicious, destructive attacks while being able to detect and quickly recover from such attacks. According to the National Institute of Standards and Technology (NIST), achieving three principles, namely protection, attack detection, and recovery, is essential to enhance a complete cyber-resilient system [1].

The aim of this work is to:

• summarize cyber resilience in embedded systems using defined standards,
• compare existing research and product solutions (architectures, engines), such as CARE [2] module, for enhancing resilience.

References:

[1] Regenscheid, A. (2018), Platform Firmware Resiliency Guidelines, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD

[2] A. Dave, N. Banerjee and C. Patel, "CARE: Lightweight Attack Resilient Secure Boot Architecture with Onboard Recovery for RISC-V based SOC," 2021 22nd International Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA, 2021, pp. 516-521, doi: 10.1109/ISQED51717.2021.9424322.

In recent years, publications use belief propagation techniques to boost the information gain from side-channel analysis. Such attacks can be seen as a merge of divide and conquer differential attacks and algebraic side-channel attacks.

Primas~et~al. for example break latice based encrypten often used in PQC with merely a single trace [1]. They first match templates with the trace and the so aquired results are combined within a belief propagation graph. Lastly, they use the so acquired information in lattice-decoding to get the secret key. Other works, such as [2-4] use similar approaches. The field of such attack combinations is promising for building up very powerful attacks as [1] shows. Countermeasures, that randomize the execution sequence for example, can become ineffective.

Within the Scientific Seminar, a overview of existing work should be gathered. Concretely, the most relevant works of attacks should be summarized shortly. Common SCA countermeasures should be checked in regard of their resistance against such attacks.

[1] Primas, Robert, Peter Pessl, and Stefan Mangard. "Single-trace side-channel attacks on masked lattice-based encryption." Cryptographic Hardware and Embedded Systems–CHES 2017: 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Springer International Publishing, 2017.

[2] Hermelink, Julius, et al. "Adapting belief propagation to counter shuffling of NTTs." IACR Transactions on Cryptographic Hardware and Embedded Systems (2023): 60-88.

[3] Le Bouder, Hélène, et al. "A multi-round side channel attack on AES using belief propagation." Foundations and Practice of Security: 9th International Symposium, FPS 2016, Québec City, QC, Canada, October 24-25, 2016, Revised Selected Papers 9. Springer International Publishing, 2017.

[4] Veyrat-Charvillon, Nicolas, Benoît Gérard, and François-Xavier Standaert. "Soft analytical side-channel attacks." Advances in Cryptology–ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, ROC, December 7-11, 2014. Proceedings, Part I 20. Springer Berlin Heidelberg, 2014.

Shor's algorithm threathens the security of conventional asymmetric cryptography as soon as a sufficiently large quantum computer is available. As a consequence, alternative cryptographic schemes must be found that withstand quantum-computers. This research area is denoted as Post-Quantum Cryptography (PQC).

Recently, NIST opened an additional call for post-quantum signature schemes to extend their portfolio of standards [1]. Several schemes, that are based on the Multi-Party Computation in the Head (MPCitH) paradigm [2], were submitted to this call.

In the first part of this work, the idea behind the MPCitH paradigm should be explained. The second part should give an overview of the signature schemes (based on MPCitH) in the NIST call. The goal is to provide an overview of the key and signature sizes as well as the performance of the MPCitH schemes.

References:

• [1] : https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures
• [2]: https://dl.acm.org/doi/abs/10.1145/1250790.1250794

Machine learning-based side-channel attacks are getting more and more popular due to the relaxed feature engineering effort in constrast to classical side-channel approaches.
For designers of cryptographic implemenations that include countermeasures for side-channel attacks, it is crucial to understand what side-channel information is exploited by such ML-based attacks.

There are a several methods for Neural Network attribution [1] that have been transfered in the SCA domain.
This work should perfrom an indept literature analysis and give an overview about nowel attribution methods in the machine learning domain (not included in [1], i.e. recent approaches) that have not been applied to side-channel attacks.

[1] Ancona, M., Ceolini, E., Öztireli, C., Gross, M. (2019). Gradient-Based Attribution Methods. In: Samek, W., Montavon, G., Vedaldi, A., Hansen, L., Müller, KR. (eds) Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. Lecture Notes in Computer Science(), vol 11700. Springer, Cham. https://doi-org/10.1007/978-3-030-28954-6_9

From a hardware perpective, side-channel leakage can occur due to power consumed by switching gates. Over the years different techniques have been proposed to mitigate this leakage already at a low level.

This works shall give an overview over hardware based countermeasures that minimize the emitted information application independent in hardware.

References:

MIRACLE: MIcRo-ArChitectural Leakage Evaluation

The topic of physical unclonable functions (PUFs) can be seen as a part of biometric security. Biometric security itself is a wide research area which involves various aspects one of which is an information theoretical analysis. The goal of this research is determine how good a system can be in theory.
In [1] the authors target a basic scenario, in which they evaluate the trade-off between privacy (i.e. protecting the biometric data) and security (i.e. roughly speaking how many key bits can be derived).

This seminar topic is supposed to summarize key aspects of such an information-theoretic approach and possibly translate it to the context of PUFs.
It is highly recommended to have some background in either information theory or PUFs.


[1] Lai, Lifeng, Siu-Wai Ho, and H. Vincent Poor. "Privacy–security trade-offs in biometric security systems—Part I: Single use case." IEEE Transactions on Information Forensics and Security 6.1 (2010): 122-139.