The resistance of a cryptographic implementation with regards to side-channel analysis is often quantified by measuring the success rate of a given attack. This approach cannot always be followed in practice, especially when the implementation includes some countermeasures that may render the attack too costly for an evaluation purpose, but not costly enough from a security point of view. An ev...

We survey a number of attacks on cryptographic systems which depend on measuring physical characteristics of such systems whilst a given cryptographic operation is carried out. Such measurements could include the time needed to perform certain operations, the power consumed or any electromagnetic radiation produced. As such the physical measurement is producing a side-channel for the cryptograp...

In cryptography, a side-channel attack is any attack based on the analysis ofmeasurements related to the physical implementation of a cryptosystem. Nowadays, thepossibility of collecting a large amount of observations paves the way to the adoptionof machine learning techniques, i.e., techniques able to extract information and patternsfrom large datasets. The use of statistical t...

Dual-rail logic styles have been considered as possible alternatives to CMOS for the design of cryptographic circuits (more) secure against side-channel attacks. The state-of-the-art view on this approach is contrasted as they reduce the exploitable side-channel signal while not being sufficient to fully prevent the attacks. Since the limitations of dualrail logic styles are essentially due to ...

We improve several elliptic curve multiplication algorithms secure against side channel attacks (SCA). While some efficient SCAresistant algorithms were developed that apply only to special classes of curves, we are interested in algorithms that are suitable for general elliptic curves and can be applied to the recommended curves found in various standards. We compare the running time and memor...

The most recent left-to-right and right-to-left multibase exponentiation methods are compared for elliptic curve and modular residue groups to gauge the value and cost of switching from the normal left-toright mode to the more side channel resistant right-to-left direction in a resource constrained environment.

Random delays are commonly used as a countermeasure to hinder side channel analysis and fault attacks in embedded devices. This paper proposes a different manner of generating random delays, that increases the desynchronisation compared to random delays whose lengths are uniformly distributed. It is also shown that it is possible to reduce the time lost due to the inclusion of random delays, wh...

Together with masking, shuffling is one of the most frequently considered solutions to improve the security of small embedded devices against side-channel attacks. In this paper, we provide a comprehensive study of this countermeasure, including improved implementations and a careful information theoretic and security analysis of its different variants. Our analyses lead to important conclusion...

We describe a technique to formally verify the security of masked implementations against side-channel attacks, based on elementary circuit transforms. We describe two complementary approaches: a generic approach for the formal verification of any circuit, but for small attack orders only, and a specialized approach for the verification of specific circuits, but at any order. We also show how t...

Side-channel attacks are a recent class of attacks that have been revealed to be very powerful in practice. By measuring some sidechannel information (running time, power consumption, . . . ), an attacker is able to recover some secret data from a carelessly implemented cryptoalgorithm. This paper investigates the Hessian parameterization of an elliptic curve as a step towards resistance agains...