Invited speakers
Maria Eichlseder - Fault Attacks and Cryptanalytic Countermeasures
Abstract: Fault attacks are a powerful and versatile family of attacks on cryptographic implementations. Countless attack variants (e.g., DFA, IFA, SFA, SIFA, ...) and countermeasures have been proposed, yet new variants that defy existing countermeasures keep emerging. In this talk, I discuss fault attacks from a cryptographer's perspective and show how ideas from cryptanalysis can be applied to find efficient attacks as well as countermeasures. Compared to implementation-level countermeasures, such crypto-level countermeasures are interesting because they sometimes provide more general inherent security arguments applicable to arbitrary implementations - however, there are also various pitfalls along the way.
Bio: Maria Eichlseder is assistant professor of Cryptography at Graz University of Technology, Austria. Her research interests include the cryptanalysis, design, and implementation security of symmetric cryptographic algorithms, such as hash functions and authenticated encryption algorithms and their underlying primitives. She co-designed Ascon, a lightweight authenticated cipher that is among the winners of the CAESAR competition, and ISAP; both are now finalists in the NIST LWC competition.
Dan Page - How do you solve a problem like the ISA?
Abstract: Instruction Set Architectures (ISAs) act as an interface (or contract) between hardware and software, so represent a fundamentally important component in system design. For cryptographic systems, however, this role leads to two problems. First, "ideal" support for cryptographic software and the constraints of RISC- or CISC-style design principles are in tension; exploring ways to address this problem is central to the established discipline of Instruction Set Extensions (ISA) design. Second, the interface prevents control over and abstracts detail of any underlying micro-architecture; the security implications of both are central to the emergent discipline of micro-architectural leakage. This talk will focus on the second problem, and, though the discipline is broader, instances related to analogue leakage (e.g., from power or EM); it will aim to provide an introduction to the problem itself, and an overview of (ongoing) work which is attempting to address it.