Conference on Cryptographic Hardware and Embedded Systems 2018

Amsterdam, The Netherlands, September 9–12, 2018

Program

Sunday, September 9, 2018

8:00–9:00 Welcome Coffee & Tutorial registration
CHES Tutorials (running in parallel)
9:00–12:30 Counterfeit Integrated Circuits: Threats, Detection, and Avoidance.
Domenic J. Forte (University of Florida) and Rajat Subhra Chakraborty (Indian Institute of Technology, Kharagpur) [slides]
9:00–12:30 Formal Verification of Masked Implementations.
Sonia Belaïd (CryptoExperts) and Benjamin Grégoire (Inria) [slides]
12:30–14:00 Lunch (for tutorial participants)
14:00–15:00 Conference registration
15:00–15:45 Welcome coffee & Conference registration
15:45–16:00 Opening remarks
Session 1: Masking (chair: Benedikt Gierlichs)
16:00–16:20 Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model.
Sebastian Faust (TU Darmstadt), Vincent Grosso (Radboud University), Santos Merino Del Pozo (Université catholique de Louvain, DarkMatter LLC), Clara Paglialonga (TU Darmstadt), François-Xavier Standaert (Université catholique de Louvain) [slides]
16:20–16:40 Extending Glitch-Free Multiparty Protocols to Resist Fault Injection Attacks.
Okan Seker (Universität zu Lübeck), Abraham Fernandez-Rubio (Intel), Rainer Steinwandt (Florida Atlantic University), Thomas Eisenbarth (Universitat zu Lübeck) [slides]
16:40–17:00 Low Randomness Masking and Shuffling: An Evaluation Using Mutual Information.
Kostas Papagiannopoulos (Radboud University) [slides]
17:00–17:15 Break
Session 2: Hardware Security Primitives (chair: Jorge Guajardo)
17:15–17:35 A Cautionary Note When Looking for a Truly Reconfigurable Resistive RAM PUF.
Kai-Hsin Chuang (KU Leuven & imec), Robin Degraeve (imec), Andrea Fantini (imec), Guido Groeseneken (imec), Dimitri Linten (imec), Ingrid Verbauwhede (KU Leuven) [slides]
17:35–17:55 Evaluation and Monitoring of Free Running Oscillators Serving as Source of Randomness.
Elie Noumon Allini (University of Lyon), Maciej Skórski (IST Austria), Oto Petura (University of Lyon), Florent Bernard (University of Lyon), Marek Laban (University of Košice), Viktor Fischer (University of Lyon) [slides]
17:55–18:15 ES-TRNG: A High-throughput, Low-area True Random Number Generator based on Edge Sampling.
Bohan Yang (KU Leuven), Vladimir Rožić (KU Leuven), Miloš Grujić (KU Leuven), Nele Mentens (KU Leuven), Ingrid Verbauwhede (KU Leuven) [slides]
18:30–20:30 Welcome reception

Monday, September 10, 2018

8:00–9:00 Welcome coffee & Conference registration
Session 3: Fault Attacks I (chair: Michael Tunstall)
9:00–9:20 Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code.
Jakub Breier (Nanyang Technological University), Xiaolu Hou (Nanyang Technological University), Yang Liu (Nanyang Technological University) [slides]
9:20–9:40 ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers.
Sayandeep Saha (Indian Institute of Technology, Kharagpur), Debdeep Mukhopadhyay (Indian Institute of Technology, Kharagpur), Pallab Dasgupta (Indian Institute of Technology, Kharagpur) [slides]
9:40–10:00 FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES.
Jonas Krautter (Karlsruhe Institute of Technology), Dennis R.E. Gnad (Karlsruhe Institute of Technology), Mehdi B. Tahoori (Karlsruhe Institute of Technology) [slides]
10:00–10:20 Key Extraction Using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs.
Heiko Lohrke (TU Berlin), Shahin Tajik (University of Florida), Thilo Krachenfels (TU Berlin), Christian Boit (TU Berlin), Jean-Pierre Seifert (TU Berlin) [slides]
10:20–10:50 Coffee break
Session 4: Threshold Implementations (chair: Amir Moradi)
10:50–11:10 Rhythmic Keccak: SCA Security and Low Latency in HW.
Victor Arribas (KU Leuven), Begül Bilgin (KU Leuven), George Petrides (Vrije Universiteit Brussel), Svetla Nikova (KU Leuven), Vincent Rijmen (KU Leuven) [slides]
11:10–11:30 Efficient Side-Channel Protections of ARX Ciphers.
Bernhard Jungk (Fraunhofer Singapore), Richard Petri (Fraunhofer SIT), Marc Stöttinger (Continental Teves) [slides]
Invited talk 1 (chair: Daniel Page)
11:30–12:30 (Why) Are Microarchitectural Attacks Really Different than Physical Side-Channel Attacks?
Daniel Gruss (TU Graz)
12:30–14:00 Lunch
Session 5: Post-Quantum Cryptography I (chair: Joppe Bos)
14:00–14:20 Practical CCA2-Secure and Masked Ring-LWE Implementation.
Tobias Oder (Ruhr-Universität Bochum), Tobias Schneider (Université Catholique de Louvain), Thomas Pöppelmann (Infineon Technologies AG), Tim Güneysu (Ruhr-Universität Bochum) [slides]
14:20–14:40 CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme.
Léo Ducas (CWI), Eike Kiltz (Ruhr-Universität Bochum), Tancrède Lepoint (SRI International), Vadim Lyubashevsky (IBM Research), Peter Schwabe (Radboud University), Gregor Seiler (IBM Research), Damien Stehlé (ENS de Lyon) [slides]
14:40–15:00 SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange.
Hwajeong Seo (Hansung University), Zhe Liu (Nanjing University), Patrick Longa (Microsoft Research), Zhi Hu (Central South University) [slides]
15:00–15:20 Differential Fault Attacks on Deterministic Lattice Signatures.
Leon Groot Bruinderink (Technische Universiteit Eindhoven), Peter Pessl (TU Graz) [slides]
15:20–15:50 Coffee break
Session 6: Hardware Obfuscation (chair: Francesco Regazzoni)
15:50–16:10 Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead.
Max Hoffmann (Ruhr-Universität Bochum), Christof Paar (Ruhr-Universität Bochum) [slides]
16:10–16:30 On the Difficulty of FSM-based Hardware Obfuscation.
Marc Fyrbiak (Ruhr-Universität Bochum), Sebastian Wallat (University of Massachusetts Amherst), Jonathan Dèchelotte (University of Massachusetts Amherst), Nils Albartus (Ruhr-Universität Bochum), Sinan Böcker (Ruhr-Universität Bochum), Russell Tessier (University of Massachusetts Amherst), Christof Paar (Ruhr-Universität Bochum) [slides]
Session 7: Homomorphic Encryption (chair: Pierre-Alain Fouque)
16:30–16:50 High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA.
Ahmad Al Badawi (National University of Singapore, A*STAR), Bharadwaj Veeravalli (National University of Singapore), Chan Fook Mun (A*STAR), Khin Mi Mi Aung (A*STAR) [slides]
16:50–17:10 Data Flow Oriented Hardware Design of RNS-based Polynomial Multiplication for SHE Acceleration.
Joël Cathébras (CEA), Alexandre Carbon (CEA), Peter Milder (Stony Brook University), Renaud Sirdey (CEA), Nicolas Ventroux (CEA) [slides]
17:10–18:00 Spare time
18:00–19:00 Poster Session
19:00–22:00 Dinner and Rump Session (chairs: Daniel Genkin and Yuval Yarom)

Tuesday, September 11, 2018

8:00–9:00 Welcome coffee & Conference registration
Session 8: Side-Channel Attacks (chair: Colin O'Flynn)
9:00– 9:20 EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread.
Daniel Dinu (University of Luxembourg), Ilya Kizhvatov (Radboud University) [slides]
9:20– 9:40 Leakage Detection with the χ2-Test.
Amir Moradi (Ruhr-Universität Bochum), Bastian Richter (Ruhr-Universität Bochum), Tobias Schneider (Université Catholique de Louvain), François-Xavier Standaert (Université Catholique de Louvain) [slides]
9:40–10:00 CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks.
Fergus Dall (University of Adelaide), Gabrielle De Micheli (University of Pennsylvania), Thomas Eisenbarth (University zu Lübeck, Worcester Polytechnic Institute), Daniel Genkin (University of Pennsylvania, University of Maryland), Nadia Heninger (University of Pennsylvania), Ahmad Moghimi (Worcester Polytechnic Institute), Yuval Yarom (University of Adelaide, Data61) [slides]
10:00–10:20 Side-Channel Attacks on Post-Quantum Signature Schemes based on Multivariate Quadratic Equations – Rainbow and UOV.
Aesun Park (Kookmin University), Kyung-Ah Shim (NIMS), Namhun Koo (NIMS), Dong-Guk Han (Kookmin University) [slides]
10:20–10:50 Coffee break and poster session
Session 9: Post-Quantum Cryptography II (chair: Patrick Longa)
10:50–11:10 Saber on ARM: CCA-secure module lattice-based key encapsulation on ARM.
Angshuman Karmakar (KU Leuven), Jose Maria Bermudo Mera (KU Leuven), Sujoy Sinha Roy (KU Leuven), Ingrid Verbauwhede (KU Leuven) [slides]
11:10–11:30 Standard Lattice-Based Key Encapsulation on Embedded Devices.
James Howe (University of Bristol), Tobias Oder (Ruhr-Universität Bochum), Markus Krausz (Ruhr-Universität Bochum), Tim Güneysu (Ruhr-Universität Bochum, DFKI) [slides]
Invited talk 2 (chair: Matthieu Rivain)
11:30–12:30 Leveraging Deep-Learning to Perform SCA Attacks against AES Implementations.
Elie Bursztein (Google)
12:30–14:00 Lunch
Session 10: Hardware Masking (chair: Lejla Batina)
14:00–14:20 Generic Low-Latency Masking in Hardware.
Hannes Gross (TU Graz), Rinat Iusupov (TU Graz), Roderick Bloem (TU Graz) [slides]
14:20–14:40 Hardware Masking, Revisited.
Thomas De Cnudde (KU Leuven), Maik Ender (Ruhr-Universität Bochum), Amir Moradi (Ruhr-Universität Bochum) [slides]
14:40–15:00 Multiplicative Masking for AES in Hardware.
Lauren De Meyer (KU Leuven), Oscar Reparaz (KU Leuven, Square Inc.), Begül Bilgin (KU Leuven) [slides]
15:00–15:30 Coffee break
Session 11: Symmetric Cryptography (chair: François-Xavier Standaert)
15:30–15:50 SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation.
Yusuke Naito (Mitsubishi Electric Corporation), Mitsuru Matsui (Mitsubishi Electric Corporation), Takeshi Sugawara (University of Electro-Communications), Daisuke Suzuki (Mitsubishi Electric Corporation) [slides]
15:50–16:10 Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers.
Avik Chakraborti (NTT Secure Platform Laboratories), Nilanjan Datta (Indian Institute of Technology, Kharagpur), Mridul Nandi (Indian Statistical Institute, Kolkata), Kan Yasuda (NTT Secure Platform Laboratories) [slides]
16:10–16:30 FACE: Fast AES CTR mode Encryption Techniques based on the Reuse of Repetitive Data
Jin Hyung Park (Korea University), Dong Hoon Lee (Korea University) [slides]
16:30–17:30 Spare time
17:30–19:00 Canal cruise
19:00–22:00 Banquet

Wednesday, September 12, 2018

8:00–9:00 Welcome coffee & Conference registration
Session 12: Implementation Attacks (chair: Emmanuel Prouff)
9:00–9:40 Best Paper Award:Cold Boot Attacks on Ring and Module LWE Keys Under the NTT.
Martin R. Albrecht (Royal Holloway, University of London), Amit Deo (Royal Holloway, University of London), Kenneth G. Paterson (Royal Holloway, University of London) [slides]
9:40–10:00 Dismantling the AUT64 Automotive Cipher.
Christopher Hicks (University of Birmingham), Flavio Garcia (University of Birmingham), David Oswald (University of Birmingham) [slides]
10:00–10:20 Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack.
Gildas Avoine (Université de Rennes, Institut Universitaire de France), Loïc Ferreira (Université de Rennes, Orange Labs) [slides]
10:20–10:40 On Recovering Affine Encodings in White-Box Implementations.
Patrick Derbez (Université de Rennes), Pierre-Alain Fouque (Université de Rennes), Baptiste Lambin (Université de Rennes), Brice Minaud (Royal Holloway, University of London) [slides]
10:40 11:10 Coffee break and poster session
Session 13: Higher-Order Masking (chair: Sonia Belaïd)
11:10–11:30 High Order Masking of Look-up Tables with Common Shares.
Jean-Sébastien Coron (University of Luxembourg), Franck Rondepierre (IDEMIA), Rina Zeitoun (IDEMIA) [slides]
11:30–11:50 Linear Repairing Codes and Side-Channel Attacks.
Hervé Chabanne (IDEMIA, Télécom Paristech), Houssem Maghrebi (Underwriters Laboratories), Emmanuel Prouff (ANSSI) [slides]
11:50–12:10 Mixing Additive and Multiplicative Masking for Probing Secure Polynomial Evaluation Methods.
Axel Mathieu-Mahias (University of Versailles-St-Quentin-en-Yvelines), Michaël Quisquater (University of Versailles-St-Quentin-en-Yvelines) [slides]
12:10–12:30 Improved High-Order Conversion From Boolean to Arithmetic Masking.
Luk Bettale (IDEMIA), Jean-Sébastien Coron (University of Luxembourg), Rina Zeitoun (IDEMIA) [slides]
12:30–14:00 Lunch
Session 14: Hardware Implementations (chair: Axel Poschmann)
14:00–14:20 Smashing the Implementation Records of AES S-box.
Arash Reyhani-Masoleh (Western University), Mostafa Taha (Western University), Doaa Ashmawy (Western University) [slides]
14:20–14:40 Fast FPGA Implementations of Diffie-Hellman on the Kummer Surface of a Genus-2 Curve.
Philipp Koppermann (Fraunhofer Research Institution), Fabrizio De Santis (Siemens AG), Johann Heyszl (Fraunhofer Research Institution), Georg Sigl (Fraunhofer Research Institution, Technische Universität München) [slides]
14:40–15:00 FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256.
Dorian Amiet (IMES Institut für Mikroelektronik und Embedded Systems), Andreas Curiger (Securosys SA), Paul Zbinden (IMES Institut für Mikroelektronik und Embedded Systems) [slides]
15:00–15:20 Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES.
Lauren De Meyer (KU Leuven), Amir Moradi (Ruhr-Universität Bochum), Felix Wegener (Ruhr-Universität Bochum) [slides]
15:20–15:50 Coffee break
Session 15: Fault Attacks II (chair: Debdeep Mukhopadhyay)
15:50–16:10 New Bleichenbacher Records: Fault Attacks on qDSA Signatures.
Akira Takahashi (Kyoto University), Mehdi Tibouchi (Kyoto University, NTT Secure Platform Laboratories), Masayuki Abe (Kyoto University, NTT Secure Platform Laboratories) [slides]
16:10–16:30 Persistent Fault Analysis on Block Ciphers.
Fan Zhang (Zhejiang University), Xiaoxuan Lou (Zhejiang University), Xinjie Zhao (The Institute of North Electronic Equipment), Shivam Bhasin (Nanyang Technological University), Wei He (Huawei Ltd.), Ruyi Ding (Zhejiang University, Georgia Institute of Technology), Samiya Qureshi (Zhejiang University), Kui Ren (Zhejiang University) [slides]
16:30–16:50 SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography.
Christoph Dobraunig (TU Graz), Maria Eichlseder (TU Graz), Thomas Korak (Infineon Technologies AG), Stefan Mangard (TU Graz), Florian Mendel (Infineon Technologies AG), Robert Primas (TU Graz) [slides]
16:50–17:05 Closing remarks