Abdel Alim Kamal

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the AES-128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES-128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results.

An FPGA implementation of the NTRUEncrypt cryptosystem

The NTRU encryption algorithm, also known as NTRUEncrypt, is a parameterized family of lattice-based public key cryptosystems. Both the encryption and decryption operations in NTRU are based on simple polynomial multiplication which makes it very fast compared to other alternatives such as RSA, and elliptic-curve-based systems. Recently, the NTRU system has been accepted to the IEEE P1363 standards under the specifications for lattice-based public-key cryptography (IEEE P1363.1). In this paper, we investigate several hardware implementation options for the NTRU encryption algorithm. In particular, by utilizing the statistical properties of the distance between the non-zero elements in the polynomials involved in the encryption and decryption operations, we present an architecture that offers different area-speed trade-off and analyze its performance. A prototype for the proposed design is implemented using the virtex-E xcv1600e-8-fg860 FPGA chip.

A Scan-Based Side Channel Attack on the NTRUEncrypt Cryptosystem

Scan-based Design-for-Test (DFT) is a widely deployed technique for testing hardware chips. Using this approach, all flip-flops in the design under test are connected to a scan chain where their states can be scanned out through this chain during the testing phase. Scan-based side channel attacks exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature. The NTRU encryption algorithm (NTRUEncrypt) is a parameterized family of lattice-based public key cryptosystems which has recently been accepted to the IEEE P1363 standards under the specifications for lattice-based public-key cryptography. In this paper, we present a scan-based side channel attack on NTRUEncrypt hardware implementations that employ scan based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.

Fault analysis of the NTRUSign digital signature scheme

We present a fault analysis of the NTRUSign digital signature scheme. The utilized fault model is the one in which the attacker is assumed to be able to fault a small number of coefficients in a specific polynomial during the signing process but cannot control the exact location of the injected transient faults. For NTRUsign with parameters (N, q = pl,

An area optimized implementation of the Advanced Encryption Standard

\mathcal{B}

An FPGA implementation of AES with fault analysis countermeasures

, standard,

An area-optimized implementation for AES with hybrid countermeasures against power analysis

\mathcal{N}

Strengthening hardware implementations of NTRUEncrypt against fault analysis attacks

), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault, succeeds with probability

Enhanced implementation of the NTRUEncrypt algorithm using graphics cards

\approx 1-\frac{1}{p}

A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

and requires O((qN)t) steps when the number of faulted polynomial coefficients is upper bounded by t. The attack is also applicable to NTRUSign utilizing the transpose NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are investigated.