Explore an invited talk from Eurocrypt 2019 by François-Xavier Standaert on secure cryptographic implementations. Delve into topics such as transparency in cryptography, AES Rijndael, leakage function definitions, and basic facts about cryptographic attacks. Examine noise in hardware, masking techniques for noise amplification, and their applications in ARM Cortex M4. Investigate Authenticated Encryption (AEAD), ciphertext integrity with leakage, and Chosen Ciphertext Security. Analyze the challenge leakage controversy, leakage-resilient MAC, and engineering approaches to CCAL security. Discover CCAML2 encryption schemes, security reductions, and full-fledged scheme examples. Conclude by discussing the relationship between theory and practice in cryptography and exploring open problems in the field.
Towards an Open Approach to Secure Cryptographic Implementations
Overview
Syllabus
Intro
Transparency (as a measure of maturity)
Acknowledgments & cautionary note
AES Rijndael: y = AES (x)
Leakage function definition
Basic facts (0)
Consequence (for theoretical analysis)
Basic facts (1)
Summarizing (taxonomy of attacks)
Outline
Noise (hardware) is not enough
Masking (= noise amplification)
Masking (abstract view)
Masking (concrete view)
Masking (reduction)
Statistical intuition (2 shares)
Case study: ARM Cortex M4 [JS17]
Authenticated Encryption (AEAD)
Ciphertext Integrity with Leakage
Chosen Ciphertext Security
CCA Security with Leakage [GPPS18]
The challenge leakage controversy (0)
An motivating example
Seed: a leakage-resilient MAC
First tweak: LR tag verification
Engineering approach to CCAL security
A CCAML2 encryption scheme
Security reductions (simplified)
Example of full-fledged scheme
A theory to guide practice?
Open problems
Evaluation challenge
Taught by
TheIACR
