Overview
Syllabus
Intro
Transparency (as a measure of maturity)
Acknowledgments & cautionary note
AES Rijndael: y = AES (x)
Leakage function definition
Basic facts (0)
Consequence (for theoretical analysis)
Basic facts (1)
Summarizing (taxonomy of attacks)
Outline
Noise (hardware) is not enough
Masking (= noise amplification)
Masking (abstract view)
Masking (concrete view)
Masking (reduction)
Statistical intuition (2 shares)
Case study: ARM Cortex M4 [JS17]
Authenticated Encryption (AEAD)
Ciphertext Integrity with Leakage
Chosen Ciphertext Security
CCA Security with Leakage [GPPS18]
The challenge leakage controversy (0)
An motivating example
Seed: a leakage-resilient MAC
First tweak: LR tag verification
Engineering approach to CCAL security
A CCAML2 encryption scheme
Security reductions (simplified)
Example of full-fledged scheme
A theory to guide practice?
Open problems
Evaluation challenge
Taught by
TheIACR