a first dfa on pride from theory to practice
play

A First DFA on PRIDE: from Theory to Practice Works presentation at - PowerPoint PPT Presentation

Nov 12, 2023 •158 likes •976 views

A First DFA on PRIDE: from Theory to Practice Works presentation at CRiSIS 2016 Benjamin Lac 1 , 5 , Marc Beunardeau 2 , 6 , Anne Canteaut 3 , Jacques J.A. Fournier 1 , Renaud Sirdey 4 1 CEATech/DPACA, Gardanne, France, 2 Ingenico Labs, Paris,

  1. A First DFA on PRIDE: from Theory to Practice Works presentation at CRiSIS 2016 Benjamin Lac 1 , 5 , Marc Beunardeau 2 , 6 , Anne Canteaut 3 , Jacques J.A. Fournier 1 , Renaud Sirdey 4 1 CEATech/DPACA, Gardanne, France, 2 Ingenico Labs, Paris, France, 3 Inria, Paris, France, 4 CEATech/LIST, Saclay, France 5 ENSM-SE, Saint-Étienne, France, 6 ENS, Paris, France, {benjamin.lac, jacques.fournier, renaud.sirdey}@cea.fr , marc.beunardeau@ingenico.com , anne.canteaut@inria.fr September 7th, 2016

  2. The PRIDE block cipher 1 The structure of PRIDE The PRIDE round function Differential Fault Analysis of PRIDE 2 General principle Differential properties of the PRIDE S-box Properties that make the attack effective Practical implementation of the DFA on PRIDE 3 Implementation of the device Exploitation of obtained faults Countermeasures 4 Duplication of computations Desynchronization Masking Conclusion and perspectives 5 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  3. The PRIDE block cipher The PRIDE block cipher 1 The structure of PRIDE The PRIDE round function Differential Fault Analysis of PRIDE 2 General principle Differential properties of the PRIDE S-box Properties that make the attack effective Practical implementation of the DFA on PRIDE 3 Implementation of the device Exploitation of obtained faults Countermeasures 4 Duplication of computations Desynchronization Masking Conclusion and perspectives 5 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  4. The PRIDE block cipher The structure of PRIDE 1 of 19 The structure of PRIDE Iterative block cipher composed of 20 rounds and introduced by Albrecht & al. in 2014. It takes as input a 64-bit block and uses a 128-bit key k = k 0 || k 1 . k 0 f 1 ( k 1 ) f 2 ( k 1 ) f 19 ( k 1 ) f 20 ( k 1 ) k 0 P − 1 M ⊕ R R R R ′ ⊕ P C The key scheduling We denote k 1 i the i -th byte of k 1 then f r ( k 1 ) = k 1 0 || g (0) ( k 1 1 ) || k 1 2 || g (1) ( k 1 3 ) || k 1 4 || g (2) ( k 1 5 ) || k 1 6 || g (3) ( k 1 7 ) r r r r for round r with g ( i ) r ( x ) = ( x + C i r ) mod 256 where C i is a constant. Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  5. The PRIDE block cipher The structure of PRIDE 1 of 19 The structure of PRIDE Iterative block cipher composed of 20 rounds and introduced by Albrecht & al. in 2014. It takes as input a 64-bit block and uses a 128-bit key k = k 0 || k 1 . k 0 f 1 ( k 1 ) f 2 ( k 1 ) f 19 ( k 1 ) f 20 ( k 1 ) k 0 P − 1 M ⊕ R R R R ′ ⊕ P C The key scheduling We denote k 1 i the i -th byte of k 1 then f r ( k 1 ) = k 1 0 || g (0) ( k 1 1 ) || k 1 2 || g (1) ( k 1 3 ) || k 1 4 || g (2) ( k 1 5 ) || k 1 6 || g (3) ( k 1 7 ) r r r r for round r with g ( i ) r ( x ) = ( x + C i r ) mod 256 where C i is a constant. Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  6. The PRIDE block cipher The PRIDE round function 2 of 19 The PRIDE round function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I r P − 1 ( f r ( k 1 )) ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X r R ′ S S S S S S S S S S S S S S S S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y r P R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z r L 0 L 1 L 2 L 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W r P − 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O r Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  7. Differential Fault Analysis of PRIDE The PRIDE block cipher 1 The structure of PRIDE The PRIDE round function Differential Fault Analysis of PRIDE 2 General principle Differential properties of the PRIDE S-box Properties that make the attack effective Practical implementation of the DFA on PRIDE 3 Implementation of the device Exploitation of obtained faults Countermeasures 4 Duplication of computations Desynchronization Masking Conclusion and perspectives 5 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

  8. Differential Fault Analysis of PRIDE General principle 3 of 19 Injecting faults on Z 19 S S S S S S S S S S S S S S S S Y 19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z 19 L 0 L 1 L 2 L 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W 19 P − 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O 19 = I 20 P − 1 ( f 20 ( k 1 )) ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X 20 S S S S S S S S S S S S S S S S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y 20 = O 20 k 0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ P − 1 ( C ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

Recommend

the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable

the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable

he View Is Sweeter From the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable Pride Determination Pride Pride We As The Conner Cougars Are Proud Of Our Conner Family. Pride Is Pleasure Arising

445 views • 12 slides
Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no internal normative content practice theory for understanding social change well demonstrated as enabling distinctive insight into change

536 views • 24 slides
Pride flags Sadie, Yael, & Yossi Original Pride Flag Traditional Gay Pride Flag Philly

Pride flags Sadie, Yael, & Yossi Original Pride Flag Traditional Gay Pride Flag Philly

Pride flags Sadie, Yael, & Yossi Original Pride Flag Traditional Gay Pride Flag Philly Pride Flag Transgender Flag Progress Pride Flag Lesbian Flag Non-binary Flag Gender Fluidity flag Bisexual flag Pansexual Flag Asexual flag THANK

563 views • 13 slides
University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

(Or Living Between a Rock and a Hard Place) Nigel Smart University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs Theory and Practice A key problem is someones theory is someone elses practice,

1.66k views • 68 slides
From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no difference between theory and practice, but We can time different methods, but how to compare timings? not in practice Different on different

450 views • 7 slides
The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International House, Rome April 17-18, 2010 Leo van Lier Monterey Institute of International Studies lvanlier@miis.edu 1 1 The ecology has spoken! 2 2 All

421 views • 29 slides
Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall)

Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall)

Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall) Orenchuk Vice President for Development Newberry Library Why Pride and Prejudice? A Competitive Marriage Market Fundraising Environment Dos

512 views • 11 slides
FY2021 Budget Process Schools that are the Pride of the Community Schools that are the Pride of

FY2021 Budget Process Schools that are the Pride of the Community Schools that are the Pride of

FY2021 Budget Process Schools that are the Pride of the Community Schools that are the Pride of the Community CORE VISION Expectations Matter Schools that are the BELIEFS Pride of our Community Effort MISSION Matters To deliver a

280 views • 25 slides
XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web in Web in Practice Practice Sihem Amer-Yahia Mariano Consens Yahoo! Research University of Toronto In collaboration with: Ricardo Baeza-Yates

1.06k views • 59 slides
One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in practice Disclaimer Experiences with Gigascope. A practitioners perspective. Will be using my own implementations, rather than

849 views • 46 slides
Veterans This is YOUR Country ry What will YOU Do? Bailee Buddes Pride Mike Budde, U.S.

Veterans This is YOUR Country ry What will YOU Do? Bailee Buddes Pride Mike Budde, U.S.

We are Proud of our Veterans This is YOUR Country ry What will YOU Do? Bailee Buddes Pride Mike Budde, U.S. Air Force Bailee Buddes Pride Jaynie Frazier Serenity Childress Pride Kent Coffman Khloe & Klaira Fredricks

657 views • 63 slides
THE ELEGANT HIJAB Hijab My protection Hijab My pride What is hijab? Hijab is the word

THE ELEGANT HIJAB Hijab My protection Hijab My pride What is hijab? Hijab is the word

THE ELEGANT HIJAB Hijab My protection Hijab My pride What is hijab? Hijab is the word used in the Islamic context for the practice of dressing modestly, which all practicing Muslims past the age of BULUGH are instructed to do. Let

569 views • 18 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or {

560 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

162 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

579 views • 15 slides
How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch Sustainable Consumption Institute, University of Manchester Three contributions of contemporary practice theory A way of understanding the organisation

451 views • 15 slides
My Personal Tes-mony What pride does Do not the same evils

My Personal Tes-mony What pride does Do not the same evils

My Personal Tes-mony What pride does Do not the same evils s-ll exist that lay at the founda-on of Korahs ruin? Pride and ambi-on are widespread;

158 views • 15 slides
Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed Computing www.disco.ethz.ch Theory Meets Practice SenSys OSDI HotNets Multimedia Ubicomp PODC STOC Mobicom FOCS SIGCOMM ICALP SPAA SODA EC

950 views • 67 slides
How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA Brussels November 2013 Outline Introduction/Background Neo-classical theory Flaws in the theory Myths about growth Financial

729 views • 45 slides
Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Parallel Algorithms: Theory and Practice CS26 S260 Lecture cture 9* Yan n Gu Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism hard? Non-determinism!! Sc Schedu duli ling ng is

466 views • 11 slides
Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation is different We create a template for an activity, We put into practice We share experiences Technical aspect of sport = secondary Use

172 views • 13 slides
Welcome To Comanche Pride! 2018-2019 School Year What happens in Comanche Pride or CP class

Welcome To Comanche Pride! 2018-2019 School Year What happens in Comanche Pride or CP class

Welcome To Comanche Pride! 2018-2019 School Year What happens in Comanche Pride or CP class It is a Learning Environment Guidance Lessons I Graduate, HB 5 -Fall ( 1 to 2 lessons a week for 7 th and 8 th grade) SOS (1 lesson for 7

162 views • 12 slides
Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice Professor Carmen Dalli Kaupapa/Plan 1. Mantras and teachers practical knowledge 2. Identifying mantras: rules of practice principles of practice

568 views • 29 slides

More recommend