This paper gives a motivation for the design of memoryhard key derivation functions (KDFs), a summary of a memory-hard password-based key derivation function called scrypt, and an overview of cache timing attacks. A cache timing attack against scrypt is introduced and described in detail. Finally, additional work necessary to implement the attack and measures to prevent the attack are discussed...

At Crypto’99, Fujisaki and Okamoto [10] presented a nice generic transformation from weak asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model. From this transformation, two specific candidates to standardization were designed: EPOC-2 [9] and PSEC2 [16], based on Okamoto-Uchiyama and El Gamal primitives, respectively. Since then, several cryptanal...

The hypothesis of the selfish herd has been highly influential to our understanding of animal aggregation. Various movement strategies have been proposed by which individuals might aggregate to form a selfish herd as a defence against predation, but although the spatial benefits of these strategies have been extensively studied, little attention has been paid to the importance of predator attac...

This paper presents applicability of Strong Stationary Times (SST) techniques in the area of cryptography. The applicability is in three areas: 1) Propositions of a new class of cryptographic algorithms (pseudo-random permutation generators) which do not run for the predefined number of steps. Instead, these algorithms stop according to a stopping rule defined as SST, for which one can obtain p...

Cache Timing Attacks have attracted a lot of cryptographic attention due to their relevance for the AES. However, their applicability to other cryptographic primitives is less well researched. In this talk, we give an overview over our analysis of the stream ciphers that were selected for phase 3 of the eStream project.

This paper identifies certain privacy threats that apply to anonymous credential systems. The focus is on timing attacks that apply even if the system is cryptographically secure. The paper provides some simple heuristics that aim to mitigate the exposure to the threats and identifies directions for further research.

A formal model for description of probabilistic timing attacks is presented and studied. It is based on a probabilistic timed process algebra, on observations (mappings which make visible only a part of system behavior) and on an information flow. The resulting security properties are studied and compared with other security concepts.

The Problem of Side Channels A cryptographic mechanism based on algorithms which are proven to be secure may become vulnerable after it is implemented in some programming language and run on an actual computer system. Side channel attacks are based on the fact that by observing the implementation’s behavior which is not modeled by the underlying cryptographic algorithm the attacker can infer co...

In RFID systems addressing security issues, many authentication techniques require the tag to keep some sort of synchronization with the reader. In particular, this is true in those proposals that leverage hash chains. When the reader and the tag get de-synchronized, possibly by an attacker, this paves the way to several denial of service (DoS) attacks, as well as threatening privacy (e.g., via...

Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats. Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability. For this reason, they failed to provide secure implementations again...