Browse ORBi

- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?

ORBi

High-Order Conversion from Boolean to Arithmetic Masking Coron, Jean-Sébastien in Proceedings of CHES 2017 (2017) Detailed reference viewed: 116 (15 UL)Zeroizing Attacks on Indistinguishability Obfuscation over CLT13 Coron, Jean-Sébastien ; ; et al in Proceedings of PKC 2017 (2017) Detailed reference viewed: 92 (18 UL)Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme Coron, Jean-Sébastien ; ; et al in Proceedings of CHES 2016 (2016) Detailed reference viewed: 94 (0 UL)Faster Evaluation of SBoxes via Common Shares Coron, Jean-Sébastien ; ; et al in Proceedings of CHES 2016 (2016) Detailed reference viewed: 78 (2 UL)Cryptanalysis of GGH15 Multilinear Maps Coron, Jean-Sébastien ; ; et al in Proceedings of Crypto 2016 (2016) Detailed reference viewed: 102 (2 UL)New Multilinear Maps over the Integers Coron, Jean-Sébastien ; ; in Proceedings of Crypto 2015 (2015) Detailed reference viewed: 106 (12 UL)Zeroizing Without Low-Level Zeroes: New MMAP Attacks and Their Limitations Coron, Jean-Sébastien in Proceedings of Crypto 2015 (2015) Detailed reference viewed: 98 (4 UL)Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity Coron, Jean-Sébastien ; Groszschädl, Johann ; et al in Leander, Gregor (Ed.) Fast Software Encryption, 22nd International Workshop, FSE 2015, Istanbul, Turkey, March 8-11, 2015, Revised Selected Papers (2015, March) A general technique to protect a cryptographic algorithm against side-channel attacks consists in masking all intermediate variables with a random value. For cryptographic algorithms combining Boolean ... [more ▼] A general technique to protect a cryptographic algorithm against side-channel attacks consists in masking all intermediate variables with a random value. For cryptographic algorithms combining Boolean operations with arithmetic operations, one must then perform conversions between Boolean masking and arithmetic masking. At CHES 2001, Goubin described a very elegant algorithm for converting from Boolean masking to arithmetic masking, with only a constant number of operations. Goubin also described an algorithm for converting from arithmetic to Boolean masking, but with O(k) operations where k is the addition bit size. In this paper we describe an improved algorithm with time complexity O(log k) only. Our new algorithm is based on the Kogge-Stone carry look-ahead adder, which computes the carry signal in O(log k) instead of O(k) for the classical ripple carry adder. We also describe an algorithm for performing arithmetic addition modulo 2^k directly on Boolean shares, with the same complexity O(log k) instead of O(k). We prove the security of our new algorithm against first-order attacks. Our algorithm performs well in practice, as for k=64 we obtain a 23% improvement compared to Goubin’s algorithm. [less ▲] Detailed reference viewed: 172 (8 UL)Secure Conversion between Boolean and Arithmetic Masking of Any Order Coron, Jean-Sébastien ; Groszschädl, Johann ; Vadnala, Praveen Kumar in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2014, 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings (2014, September) Detailed reference viewed: 135 (12 UL)Higher Order Masking of Look-Up Tables Coron, Jean-Sébastien in Proceedings of Eurocrypt 2014 (2014) Detailed reference viewed: 78 (1 UL)Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures Coron, Jean-Sébastien ; ; Venkatesh, Srinivas Vivek in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2014 (2014) We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite ... [more ▼] We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity ${\cal O}(2^{n/2}/\sqrt{n})$ instead of ${\cal O}(2^{n/2})$ proven complexity for the Parity-Split method. We also prove a lower bound of ${\Omega}(2^{n/2}/\sqrt{n})$ on the complexity of any method to evaluate $n$-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box. In practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16 in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box. [less ▲] Detailed reference viewed: 132 (6 UL)A Note on the Bivariate Coppersmith Theorem Coron, Jean-Sébastien ; ; Tibouchi, Mehdi in Journal of Cryptology (2013), 26(2), 246-250 Detailed reference viewed: 85 (2 UL)Batch Fully Homomorphic Encryption over the Integers ; Coron, Jean-Sébastien ; et al in EUROCRYPT (2013) Detailed reference viewed: 136 (0 UL)Practical Multilinear Maps over the Integers Coron, Jean-Sébastien ; Lepoint, Tancrède ; Tibouchi, Mehdi in CRYPTO (1) (2013) Detailed reference viewed: 106 (3 UL)Conversion of Security Proofs from One Leakage Model to Another: A New Issue Coron, Jean-Sébastien ; ; et al in Proceedings of COSADE 2012 (2012) To guarantee the security of a cryptographic implementation against Side Channel Attacks, a common approach is to formally prove the security of the corresponding scheme in a model as pertinent as ... [more ▼] To guarantee the security of a cryptographic implementation against Side Channel Attacks, a common approach is to formally prove the security of the corresponding scheme in a model as pertinent as possible. Nowadays, security proofs for masking schemes in the literature are usually conducted for models where only the manipulated data are assumed to leak. However in practice, the leakage is better modeled encompassing the memory transitions as e.g. the Hamming distance model. From this observation, a natural question is to decide at which extent a countermeasure proved to be secure in the first model stays secure in the second. In this paper, we look at this issue and we show that it must definitely be taken into account. Indeed, we show that a countermeasure proved to be secure against second-order side-channel attacks in the first model becomes vulnerable against a first-order side-channel attack in the second model. Our result emphasize the issue of porting an implementation from devices leaking only on the manipulated data to devices leaking on the memory transitions. [less ▲] Detailed reference viewed: 98 (8 UL)Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers Coron, Jean-Sébastien ; ; Tibouchi, Mehdi in EUROCRYPT (2012) Detailed reference viewed: 95 (0 UL)Fully Homomorphic Encryption over the Integers with Shorter Public Keys Coron, Jean-Sébastien ; Mandal, Avradip ; et al in CRYPTO (2011) Detailed reference viewed: 85 (0 UL)Improved Generic Algorithms for Hard Knapsacks ; Coron, Jean-Sébastien ; in EUROCRYPT (2011) Detailed reference viewed: 83 (0 UL)Efficient Indifferentiable Hashing into Ordinary Elliptic Curves ; Coron, Jean-Sébastien ; Icart, Thomas et al in CRYPTO (2010) Detailed reference viewed: 82 (0 UL)Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 Coron, Jean-Sébastien ; Kizhvatov, Ilya in Proceedings of CHES 2010 (2010) Random delays are often inserted in embedded software to protect against side-channel and fault attacks. At CHES 2009 a new method for generation of random delays was described that increases the attacker ... [more ▼] Random delays are often inserted in embedded software to protect against side-channel and fault attacks. At CHES 2009 a new method for generation of random delays was described that increases the attacker's uncertainty about the position of sensitive operations. In this paper we show that the CHES 2009 method is less secure than claimed. We describe an improved method for random delay generation which does not suffer from the same security weakness. We also show that the paper's criterion to measure the security of random delays can be misleading, so we introduce a new criterion for random delays which is directly connected to the number of acquisitions required to break an implementation. We mount a power analysis attack against an 8-bit implementation of the improved method verifying its higher security in practice. [less ▲] Detailed reference viewed: 71 (0 UL) |
||