International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Elisabeth Oswald

Affiliation: University of Bristol

Publications

Year
Venue
Title
2017
ASIACRYPT
2016
ASIACRYPT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
ASIACRYPT
2015
CHES
2014
EPRINT
2014
EPRINT
2014
EPRINT
2014
ASIACRYPT
2014
ASIACRYPT
2013
CHES
2013
ASIACRYPT
2013
FSE
2012
CHES
2011
CRYPTO
2010
EPRINT
The World is Not Enough: Another Look on Second-Order DPA
In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. In other words, while a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that considers these two questions in the case of a masked device exhibiting a Hamming weight leakage model. Our results lead to new intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). It turns out that moving to higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods.
2010
ASIACRYPT
2008
EPRINT
Template Attacks on ECDSA
Marcel Medwed Elisabeth Oswald
Template attacks have been considered exclusively in the context of implementations of symmetric cryptographic algorithms on 8-bit devices. Within these scenarios, they have proven to be the most powerful attacks. This is not surprising because they assume the most powerful adversaries. In this article we investigate how template attacks can be applied to implementations of an asymmetric cryptographic algorithm on a 32-bit platform. The asymmetric cryptosystem under scrutiny is the elliptic curve digital signature algorithm (ECDSA). ECDSA is particularly suitable for 32-bit platforms. In this article we show that even SPA resistant implementations of ECDSA on a typical 32-bit platform succumb to template-based SPA attacks. The only way to secure such implementations against template-based SPA attacks is to make them resistant against DPA attacks.
2006
FSE
2005
CHES
2005
FSE
2005
EPRINT
Update on SHA-1
Vincent Rijmen Elisabeth Oswald
We report on the experiments we performed in order to assess the security of SHA-1 against the attack by Chabaud and Joux. We present some ideas for optimizations of the attack and some properties of the message expansion routine. Finally, we show that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than $2^{80}$ operations.
2004
EPRINT
Secure and Efficient Masking of AES - A Mission Impossible?
This document discusses masking approaches with a special focus on the AES S-box. Firstly, we discuss previously presented masking schemes with respect to their security and implementation. We conclude that algorithmic countermeasures to secure the AES algorithm against side-channel attacks have not been resistant against all first-order side-channel attacks. Secondly, we introduce a new masking countermeasure which is not only secure against first-order side-channel attacks, but which also leads to relatively small implementations compared to other masking schemes when implemented in dedicated hardware.
2003
CHES
2002
CHES
2001
CHES

Program Committees

Asiacrypt 2018
CHES 2018
Crypto 2017
FSE 2017
Asiacrypt 2016
CHES 2016
Eurocrypt 2015
Eurocrypt 2014
FSE 2014
FSE 2013
FSE 2012
CHES 2012
FSE 2011
Eurocrypt 2011
CHES 2011
Asiacrypt 2010
CHES 2010
FSE 2010
CHES 2009
Asiacrypt 2009
FSE 2008
CHES 2008
FSE 2007
Asiacrypt 2007
FSE 2006
CHES 2006
CHES 2005