Final Report Summary - CRASH (CRyptographic Algorithms and Secure Hardware)
The summary should be a stand-alone description of the project and its outcomes. This text should be as concise as possible and suitable for dissemination to non specialist audiences. Please notice that this summary will be published.
Side-channel attacks are an important threat against cryptographic implementations, in which an adversary takes advantage of physical information leakages (such as the power consumption or the electromagnetic radiation of a smart card) in order to recover secret information. By allowing to circumvent the models in which standard security proofs are obtained, they can lead to powerful (e.g. key recovery) attacks against a large class of devices. Therefore, such attacks exhibit a gap between the mathematical abstractions of modern cryptography and the concrete peculiarities of actual electronic circuits.
By considering physical and algorithmic issues in a unified way, the goal of the CRASH project was to get rid of the incompatibilities between the different models that can be used to explain the information leakage in cryptographic implementations. For this purpose, we first focused on the development of sound evaluation tools. Namely, since cryptographic implementations are physical objects, we developed tools and methodologies allowing designers to ensure that the security levels they claim for their implementations are (sufficiently) accurate, which implies understanding the various errors that could bias these claims.
Next, and based on sound evaluation tools, we analyzed heuristic constructions (i.e. countermeasures) and formal models (of leakage-resilience) in order to establish the best ingredients (assumptions and constructions) in order to design efficient and side-channel resistant implementations. In this respect, an important conclusion of the project was the increasing importance of open source (hardware and software) design in order to facilitate the exploitation of formal tools, security proofs and design automation in the field of physical security. More in details, the results of the ERC project CRASH have been described in two invited talks, at SPACE 2016 (http://perso.uclouvain.be/fstandae/PUBLIS/183.pdf) and INDOCRYPT 2016 (http://perso.uclouvain.be/fstandae/PUBLIS/184.pdf).
Side-channel attacks are an important threat against cryptographic implementations, in which an adversary takes advantage of physical information leakages (such as the power consumption or the electromagnetic radiation of a smart card) in order to recover secret information. By allowing to circumvent the models in which standard security proofs are obtained, they can lead to powerful (e.g. key recovery) attacks against a large class of devices. Therefore, such attacks exhibit a gap between the mathematical abstractions of modern cryptography and the concrete peculiarities of actual electronic circuits.
By considering physical and algorithmic issues in a unified way, the goal of the CRASH project was to get rid of the incompatibilities between the different models that can be used to explain the information leakage in cryptographic implementations. For this purpose, we first focused on the development of sound evaluation tools. Namely, since cryptographic implementations are physical objects, we developed tools and methodologies allowing designers to ensure that the security levels they claim for their implementations are (sufficiently) accurate, which implies understanding the various errors that could bias these claims.
Next, and based on sound evaluation tools, we analyzed heuristic constructions (i.e. countermeasures) and formal models (of leakage-resilience) in order to establish the best ingredients (assumptions and constructions) in order to design efficient and side-channel resistant implementations. In this respect, an important conclusion of the project was the increasing importance of open source (hardware and software) design in order to facilitate the exploitation of formal tools, security proofs and design automation in the field of physical security. More in details, the results of the ERC project CRASH have been described in two invited talks, at SPACE 2016 (http://perso.uclouvain.be/fstandae/PUBLIS/183.pdf) and INDOCRYPT 2016 (http://perso.uclouvain.be/fstandae/PUBLIS/184.pdf).