Current state of affairs of protected implementations of Crystals-Dilithium
Description
Crystals-Dilithium is one of NISTs to be standardized Post-Quantum Secure Digital Signature Algorithms. As the standardization process continues, several implementations protected against side-channel attacks have been proposed.
The goal of this work is to compare the design goals and achieved performance of currently proposed implementations based on their papers.
References:
Supervisor:
Low Correlation Codes and possible applications in Side Channel Analysis
Gold Codes, Side Channel Analysis
Description
Telecommunication (CDMA) and satellite navigation (GPS) use the same signal channels or frequencies from different senders. Thus, low correlation codes - Gold codes - are used to increase the SNR. In Side-Channel analysis it is challenging to attack parallel operations due to degrading SNR. This could be solved by applying low correlation inputs, since the cross-correlation between parallel operations may be influenced positively yielding a larger attack surface.
In this work, an overview of existing low correlation codes should be written. Gold codes working principle should be described in detail and compared to other low correlation codes [1]. Cross correlation analysis of the codes should be also taken into consideration [2] since this will be the main challenge for an application at side-channel attack targets.. A special emphasize is laying on outputting multiple bits at the same time in order to feed a side channel attack target with such codes.
[1] M. B. Mollah and M. R. Islam, "Comparative analysis of Gold Codes with PN codes using correlation property in CDMA technology"
[2] T. M. N. Huda and S. F. Islam, "Correlation analysis of the gold codes and walsh codes in CDMA technology"
Supervisor:
Probing Models
Description
Masking schemes to protect an implementation against side-channel attacks usually come with security proofs in so-called probing models [1, 2].
There exists different probing models that address different leakage characteristics, such as glitches [3].
The goal is to give insight into different probing models, their characteristics and limitations.
References
[1] Ishai, Y., Sahai, A., Wagner, D. (2003). Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_27
[2] Cassiers, Gaetan & Standaert, François-Xavier. (2020). Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Transactions on Information Forensics and Security. PP. 1-1. 10.1109/TIFS.2020.2971153.
[3] Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., & Standaert, F.-X. (2018). Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120
Contact
Supervisor:
Alternative Post-Quantum Cryptography Standardization Approaches
Description
With the imminent threat of large scale quantum computers, the current established asymmetric cryptography will likely be broken in the future.
In order to mitigate this risk, a shift to other cryptographic algorithms based on mathematical problems that are not vulnerable to such a large scale quantum computer has to be performed.
This topic of post-quantum cryptography is mainly driven by the US NIST in its standardization effort [1].
Although this effort reached an end with the publication of first drafts of algorithms that have been selected for publication [2], other entities follow their own standardization efforts or give different recommendations.
This work should give an overview of the whole standardization process (timeline, actors etc.) with respect to possible standardization entities. Examples include:
- German BSI (https://www.bsi.bund.de/DE/Home/home_node.html)
- Fench ANNSI (https://www.ssi.gouv.fr/en/)
- NIST [1]
- Koera KqpC Competition (https://www.kpqc.or.kr/competition.html)
- China Efforts [3]
- ISO
The paper should include recommended algorithms, possible arguments/reasons why those are chosen, and the an exhaustive literatrue research.
[1] https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
[2] https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography
[3] https://docbox.etsi.org/Workshop/2018/201811_ETSI_IQC_QUANTUMSAFE
/EXECUTIVETRACK/JING_CHINESEACCADEMYOFSCIENCE.pdf
Contact
Supervisor:
Secure Gadgets for Post-Quantum Cryptography
Description
For real world deployment, cryptographic devices must be protected against physical attacks. Against power-side channels, masking in its different flavors (e.g., Boolean, arithmetic masking) is a common approach. To implement masked cryptographic schemes, secure gadgets that are proven to be secure in certain probing models are typically used.
The first part of this work aims at explaining security notions like non-interference (NI), strong non-interference (SNI) [1], that are used within the context of secure gadgets. Afterwards, the work should investigate and explain some secure gadgets and procedures that are commonly used in post-quantum cryptography, as for example proposed in [2].
References
- [1]: https://dl.acm.org/doi/abs/10.1145/2976749.2978427
- [2]: https://link.springer.com/chapter/10.1007/978-3-030-21568-2_17
Contact
Supervisor:
Survey of Wear Leveling Techniques
Description
The objective of this task is to conduct a comprehensive survey of wear leveling techniques employed in flash memory and/or phase-change memory (PCM) technologies. Wear leveling is crucial for extending the lifespan and maintaining the reliability of these non-volatile memory types. This survey shall provide insights into various wear leveling methods, their advantages, limitations, and applications.
The survey will cover wear leveling techniques used in both flash memory and PCM technology. Flash memory includes NAND and NOR flash, while PCM is a type of emerging non-volatile memory technology. The survey will encompass static and dynamic wear leveling strategies, as well as any innovative approaches used to optimize wear leveling.
A possible starting point is given by the following paper:
- [1] M. K. Qureshi, J. Karidis, M. Franceschini, V. Srinivasan, L. Lastras, and B. Abali, “Enhancing lifetime and security of PCM-based main memory with start-gap wear leveling,” in MICRO, 2009.
- [2] N. H. Seong, D. H. Woo, and H.-H. S. Lee, “Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-change Memory with Dynamically Randomized Address Mapping,” in ISCA, 2010.
- [3] F. Huang, D. Feng, W. Xia, W. Zhou, Y. Zhang, M. Fu, C. Jiang, and Y. Zhou, “Security RBSG: Protecting Phase Change Memory with Security-Level Adjustable Dynamic Mapping,” in IPDPS, 2016.
Contact
Supervisor:
AES for Error Correction
Description
Physical Unclonable Function enable different features to be used for security. They therefore exploit fingerprint-like characteristics of a silicon device.
However, this fingerprint is noisy such that some kind of error correction is necessary.
The topic for this thesis is to evaluate the applicabiltiy of [1] to the PUF context.
[1] Cohen, Alejandro, et al. "AES as Error Correction: Cryptosystems for Reliable Communication." IEEE Communications Letters (2023).
Contact
Supervisor:
A Summary of AACS
Description
DRM schemes are by design a never-ending game of cat and mouse revolving around properitary and skechy cryptographic approaches. In this work the cryptographic principles of the Advanced Access Content System (AACS) [1-3] should be evaluated in detail.
The main outcome hereby should be a general introduction to AACS, and an exhaustive list of all threat vectors.
[1] https://en.wikipedia.org/wiki/Advanced_Access_Content_System
[2] https://en.wikipedia.org/wiki/Security_of_Advanced_Access_Content_System
[3] https://en.wikipedia.org/wiki/AACS_encryption_key_controversy
Contact
Supervisor:
Overview of Formal Verification Tooling
Description
Formal verification is an emerging trend [1-3] to justify the security claims of a cryptographic implementation against SCA and FIA. This work aims to provide an overview of formal verification approaches and tools.
[1] https://eprint.iacr.org/2020/634.pdf
[2] https://eprint.iacr.org/2020/1294.pdf
[3] https://eprint.iacr.org/2019/1312.pdf
Contact
Supervisor:
Hybrid Memristor-CMOS PUFs?–?Worth the Effort?
Description
Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.
With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).
The aim of this work is a comprehensive literature search
- summarising hybrid memristor-CMOS PUF designs,
- determining the benefits and drawbacks compared to purely CMOS PUF designs, and
- evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.
[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347
Contact
Supervisor:
Frequency-Based Differential Side-Channel Attack
Description
Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.
The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.
References
- Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.
- Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.