Program
Program
| 09:20 - 09:30 |
Opening remarks | |
|---|---|---|
| Session 1: Keynote |
||
| 09:30 - 10:20 |
 |
How cryptographic benchmarking goes wrong by Daniel J. Bernstein – TU Eindhoven and University of Illinois at Chicago Slides: download There are several incentives towards publishing cryptographic performance figures that fail to accurately predict the cryptographic performance that users will see. This talk will give examples of these incentives, for both software and hardware, and examples of techniques to combat these incentives. |
| Coffee Break | ||
| Session 2: Crypto Benchmarking |
||
| 10:50 - 11:30 |
 |
Fair and Efficient Hardware Benchmarking of Candidates in Cryptographic Contests by Kris Gaj – George Mason University Slides: download Cryptographic contests have become a commonly accepted way of developing cryptographic standards, driving the innovation in hardware benchmarking of various types of cryptosystems, from secret-key block ciphers to post-quantum public-key cryptography. The growing number of candidates, combined with the specific requirements of the contests, calls for the adoption of more efficient and CAD-oriented design and implementation methodologies. In this talk, we will review the progress accomplished in this area since the first major contest on AES, with the special focus on recent developments, such as universal APIs, RTL development packages, universal testbenches and test vector generation tools, open-source VHDL/Verilog code, target use cases, FPGA option and target frequency optimization tools (such as ATHENa and Minerva), as well as comprehensive databases, full reproducibility, and various graphical representations of results. Then, we will give an overview of a new emerging approach, based on the use of High-Level Synthesis tools, combined with the pragma extensions and refactoring of traditional software implementations in C. |
| 11:30 - 12:10 |
 |
Design Automation for Cryptography by Anupam Chattopadhyay – Nanyang Technological University Slides: download Secure hardware accelerators have become an integral part of modern System-on-Chips due to the heavy computational demands of cryptographic workloads and ubiquitous presence of security requirements in various standards. Furthermore, new cryptographic algorithms are being proposed as part of diverse competitions with varied emphasis on different performance constraints, which needs to be accurately benchmarked with respect to their runtime, area and energy efficiency. Design of an efficient hardware accelerator for a given crypto algorithm is a daunting task, which can be, to large extent, automated. Despite major advances in the high-level design automation flows, their adoption in the cryptographic community is minimal. In this talk, I will discuss about different computing architectures, their corresponding design automation flows and how these has been applied to cryptographic accelerator design with promising results. The talk with end with some highlights about enhancing other design automation flows to take care of the burning issues in security, namely side-channel attacks. |
| 12:10 - 12:50 |
 |
The State-of-the-Art of Hardware Implementations of Elliptic Curve Cryptography by Kimmo Jaervinen – University of Helsinki Slides: download Elliptic curve cryptography (ECC) has become the most popular type of public-key cryptography because it combines short keys and fast performance. Many applications of ECC have requirements that can be met only with specific hardware implementations. Such requirements include very fast processing speed (either throughput or latency), minimal resource usage (chip area, power, energy, etc.), and implementation security. In this talk, we review the state-of-the-art of ECC hardware implementations in the light of these specific requirements and survey the techniques that have made these results possible. We benchmark these ECC implementations against each others and also compare them with RSA and certain proposals for post-quantum cryptography. |
| Lunch break in the Beckmann's Hof restaurant | ||
| Session 3: SCA Benchmarking |
||
| 14:10 - 14:50 |
 |
How to evaluate side-channel leakages by Amir Moradi – Ruhr-Universität Bochum Slides: download The talk deals with answering the question how to compare the side-channel leakage of different cryptographic implementations. The focus is on schemes which consider statistical moments of side-channel leakages to perform analysis and/or conduct attacks. Particularly the application of student's t-test in the areas of side-channel analysis (also known as TVLA) is deeply reviewed. Different forms of such a leakage assessment, the robust ways for fast computations, and practical issues which security engineers may face with are reviewed. The talk also includes a couple of case studies and the corresponding results. The final message of the talk is whether such a test vector can help comparing the side-channel leakage of different implementations/countermeasures. |
| 14:50 - 15:30 |
 |
What can be learned from leakage assessment and what not? by Benedikt Gierlichs – KU Leuven Slides: download |
| Coffee Break | ||
| Session 4: Trojan Benchmarking |
||
| 16:00 - 16:40 |
 |
A Crowdsourced Approach to Hardware Security Benchmarks by Ramesh Karri – Polytechnic Institute NYU |
| 16:40 - 17:20 |
 |
Offensive and Defensive Aspects of Hardware Trojans by Marc Fyrbiak – Ruhr-Universität Bochum Hardware reverse engineering is a universal tool for both system designers and attackers. Although it can reveal Intellectual Property violations and the evidence of hardware Trojans, it can also reveal information that is necessary to facilitate malicious design manipulation. Unfortunately, reverse engineering is a time-consuming and costly task in practice even for a team of analysts. This talk will discuss reverse engineering for offensive and defensive aspects of hardware Trojans with a particular focus on currently available benchmarks. |
| 17:20 - 17:30 |
Closing remarks | |
| Afterward dinner and get-together | ||