@conference {18075, title = {Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices}, booktitle = {Progress in Cryptology - Africacrypt}, year = {2012}, month = {July}, address = {Ifrance, Morocco}, author = {Eisenbarth, Thomas and Gong, Zheng and Gneysu, Tim and Heyse, Stefan and Indesteege, Sebastiaan and Kerckhof, St{\'e}phanie and Koeune, Francois and Nad, Tomislav and Plos, Thomas and Regazzoni, Francesco and Standaert, Fran{\c c}ois-Xavier and Oldenzeel, Loic Van Oldene} } @conference {18073, title = {Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices}, booktitle = {11th Smart Card Research and Advanced Application Conference (CARDIS)}, year = {2012}, month = {November}, address = {Graz, Austria}, author = {Balasch, Josep and Ege, Baris and Eisenbarth, Thomas and Grard, Benot and Gong, Zheng and Gneysu, Tim and Heyse, Stefan and Kerckhof, St{\'e}phanie and Koeune, Francois and Plos, Thomas and Poppelmann, Thomas and Regazzoni, Francesco and Standaert, Fran{\c c}ois-Xavier and Van Assche, Gilles and Van Keer, Ronny and Oldenzeel, Loic Van Oldene and von Maurich, Ingo} } @article {18064, title = {Evaluating Resistance of MCML Technology to Power Analysis Attacks Using a Simulation-Based Methodology}, journal = {Springer Transactions on Computational Science}, volume = {5430}, year = {2009}, month = {February}, pages = {230{\textendash}243}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Poschmann, Axel and Groschdl, Johann and Gurkaynak, Frank and Macchetti, Marco and Toprak, Zeynep and Pozzi, Laura and Paar, Christof and Leblebici, Yusuf and Ienne, Paolo} } @conference {89.ReEiBrIeKo, title = {Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices?}, booktitle = {Proceedings of 23rd IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFTS 08)}, year = {2008}, month = {October 1-3}, abstract = {Side-channel attacks are nowadays a serious concern when implementing cryptographic algorithms. Powerful ways for gaining information about the secret key as well as various countermeasures against such attacks have been recently developed. Although it is well known that such attacks can exploit information leaked from different sources, most prior works have only addressed the problem of protecting a cryptographic device against a single type of attack. Consequently, there is very little knowledge on how a scheme for protecting a device against one type of side-channel attack may affect its vulnerability to other types of side-channel attacks. In this paper we focus on devices that include protection against fault injection attacks (using different error detection schemes) and explore whether the presence of such fault detection circuits affects the resistance against attacks based on power analysis. Using the AES S-Box as an example, we performed attacks on the unprotected implementation as well as modified implementations with parity check circuits or residue check circuits (mod3 and mod7). In particular, we focus on the question whether the knowledge of the presence of error detection circuitry in the cryptographic device can help an attacker who attempts to mount a power attack on the device. Our results show that the presence of error detection circuitry helps the attacker even if he is unaware of this circuitry, and that the benefit to the attacker increases with the number of check bits used for the purpose of error detection.}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Breveglieri, Luca and Ienne, Paolo and Koren, Israel} } @conference {67.ReEiGr07, title = {Power Attacks Resistance of Cryptographic S-boxes with added Error Detection Circuits}, booktitle = {proceedings of: {\textquoteright}22nd IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT{\textquoteright}07)}, year = {2007}, month = {September 26-28}, address = {Rome, Italy}, abstract = {Many side-channel attacks on implementations of cryptographic algorithms have been developed in recent years demonstrating the ease of extracting the secret key. In response, various schemes to protect cryptographic devices against such attacks have been devised and some implemented in practice. Almost all of these protection schemes target an individual side-channel attack and consequently, it is not obvious whether a scheme for protecting the device against one type of side-channel attacks may make the device more vulnerable to another type of side-channel attacks. We examine in this paper the possibility of such a negative impact for the case where fault detection circuitry is added to a device (to protect it against fault injection attacks) and analyze the resistance of the modified device to power attacks. To simplify the analysis we focus on only one component in the cryptographic device (namely, the S-box in the AES and Kasumi ciphers), and perform power attacks on the original implementation and on a modified implementation with an added parity check circuit. Our results show that the presence of the parity check circuitry has a negative impact on the resistance of the device to power analysis attacks.}, keywords = {cryptography, fault tolerance, reliable applications, side channel attacks}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Gro{\ss}sch{\"a}dl, Johann and Breveglieri, Luca and Ienne, Paolo and Koren, Israel and Paar, Christof} } @conference {59.ReBaEi07, title = {Simulation-based Methodology for Evaluating DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies}, booktitle = {International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS IC 07)}, year = {2007}, month = {July 16-19}, address = {Samos, Greece}, abstract = {This paper explores the resistance of MOS Current Mode Logic (MCML) against Differential Power Analysis (DPA) attacks. Circuits implemented in MCML, in fact, have unique characteristics both in terms of power consumption and the dependency of the power profile from the input signal pattern. Therefore, MCML is suitable to protect cryptographic hardware from DPA and similar side-channel attacks. In order to demonstrate the effectiveness of different logic styles against power analysis attacks, the non-linear bijective function of the Kasumi algorithm (known as substitution box S7) was implemented with CMOS and MCML technology, and a set of attacks was performed using power traces derived from SPICE-level simulations. Although all keys were discovered for CMOS, only very few attacks to MCML were successful.}, keywords = {current mode logic (CML), differential power analysis (DPA), power simulation, side channel attacks}, author = {Regazzoni, Francesco and Badel, St{\'e}phane and Eisenbarth, Thomas and Gro{\ss}sch{\"a}dl, Johann and Poschmann, Axel and Toprak, Zeynep and Macchetti, Marco and Pozzi, Laura and Paar, Christof and Leblebici, Yusuf and Ienne, Paolo} }