Cryptography and cryptanalysis for embedded systems

A growing number of devices of daily use are equipped with computing capabilities. Today, already more than 98 % of all manufactured microprocessors are employed in embedded applications , leaving less than 2 % to traditional computers. Many of these embedded devices are enabled to communicate amongst each other and form networks. A side effect of the rising interconnectedness is a possible vulnerability of these embedded systems. Attacks that have formerly been restricted to PCs can suddenly be launched against cars, tickets, ID cards or even pacemakers. At the same time the security awareness of users and manufacturers of such systems is much lower than in classical PC environments. This renders security one key aspect of embedded systems design and for most pervasive computing applications. As embedded systems are usually deployed in large numbers, costs are a main concern of system developers. Hence embedded security solutions have to be cheap and efficient. Many security services such as digital signatures can only be realized by public key cryptography. Yet, public key schemes are in terms of computation orders of magnitude more expensive than private key cryptosystems. At the same time the prevailing schemes rely on very similar security assumptions. If one scheme gets broken, almost all cryptosystems employing asymmetric cryptography become useless. The first part of this work explores alternatives to the prevailing public key cryptosystems. Two alternative signature schemes and one public key encryption scheme from the family of post quantum cryptosystems are explored. Their security relies on different assumptions so that a break of one of the prevailing schemes does not affect the security of the studied alternatives. The main focus lies on the implementational aspects of these schemes for embedded systems. One actual outcome is that, contrary to common belief, the presented schemes provide similar and in some cases even better performance than the prevailing schemes. The presented solutions include a highly scalable software implementation of the Merkle signature scheme aimed at low-cost microprocessors. For signatures in hardware an FPGA framework for implementing a family of signature schemes based on multivariate quadratic equations is presented. Depending on the chosen scheme, multivariate quadratic signatures show better performance than elliptic curves in terms of area consumption and performance. The McEliece cryptosystem is an alternative public key encryption scheme which was believed to be infeasible on embedded platforms due to its large key size. This work shows that by applying certain …

[1]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[2]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[3]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[4]  Bart Preneel,et al.  Taxonomy of Public Key Schemes based on the problem of Multivariate Quadratic equations , 2005, IACR Cryptol. ePrint Arch..

[5]  Bo-Yin Yang,et al.  TTS: High-Speed Signatures on a Low-Cost Smart Card , 2004, CHES.

[6]  Israel Koren,et al.  Power Attacks Resistance of Cryptographic S-boxes with added Error Detection Circuits , 2007, 22nd IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems (DFT 2007).

[7]  Adi Shamir,et al.  Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies , 2000, CHES.

[8]  Jacques Stern,et al.  Total Break of the l-IC Signature Scheme , 2008, Public Key Cryptography.

[9]  Tanja Lange,et al.  Hash-Based Signatures , 2011, Encyclopedia of Cryptography and Security.

[10]  Andrey Bogdanov,et al.  Trusted Computing for Automotive Systems: New Approaches to Enforce Security for Electronic Systems in Vehicles , 2007 .

[11]  Daisuke Suzuki,et al.  Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Willi Meier,et al.  An attack on the isomorphisms of polynomials problem with one secret , 2003, International Journal of Information Security.

[13]  William Whyte,et al.  NAEP: Provable Security in the Presence of Decryption Failures , 2003, IACR Cryptol. ePrint Arch..

[14]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[15]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[16]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[17]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[18]  Sean R. Eddy,et al.  Biological Sequence Analysis: Probabilistic Models of Proteins and Nucleic Acids , 1998 .

[19]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[20]  Joos Vandewalle,et al.  A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM , 1992 .

[21]  Christophe Clavier,et al.  Side Channel Analysis for Reverse Engineering (SCARE) - An Improved Attack Against a Secret A3/A8 GSM Algorithm , 2004, IACR Cryptol. ePrint Arch..

[22]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[23]  Andrey Bogdanov,et al.  Attacks on the Keeloq Block Cipher and Authentication Systems , 2007 .

[24]  Régis Leveugle,et al.  Error Detection Code Efficiency for Secure Chips , 2006, 2006 13th IEEE International Conference on Electronics, Circuits and Systems.

[25]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[26]  Bo-Yin Yang,et al.  Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS , 2005, ACISP.

[27]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[28]  Ahmad-Reza Sadeghi,et al.  Establishing Chain of Trust in Reconfigurable Hardware , 2007 .

[29]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[30]  Patrick Schaumont,et al.  Changing the Odds Against Masked Logic , 2006, Selected Areas in Cryptography.

[31]  M. Anwar Hasan,et al.  High-Performance Architecture of Elliptic Curve Scalar Multiplication , 2008, IEEE Transactions on Computers.

[32]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[33]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[34]  Gareth Williams,et al.  Linear Algebra With Applications , 1984 .

[35]  Andrey Bogdanov,et al.  Fast multivariate signature generation in hardware: The case of rainbow , 2008, 2008 International Conference on Application-Specific Systems, Architectures and Processors.

[36]  L. Vandersypen Dot-To-Dot Design , 2007, IEEE Spectrum.

[37]  Rainer Laur,et al.  On the VLSI implementation of the international data encryption algorithm IDEA , 1995, Proceedings of ISCAS'95 - International Symposium on Circuits and Systems.

[38]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[39]  Moti Yung,et al.  A block cipher based pseudo random number generator secure against side-channel key recovery , 2008, ASIACCS '08.

[40]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[41]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[42]  Amir Moradi,et al.  Power Analysis Attacks on MDPL and DRSL Implementations , 2007, ICISC.

[43]  Stefan Mangard,et al.  Practical Attacks on Masked Hardware , 2009, CT-RSA.

[44]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes -extended Version , 1999 .

[45]  Tarek A. El-Ghazawi,et al.  Low latency elliptic curve cryptography accelerators for NIST curves over binary fields , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[46]  Antonio Rubio,et al.  Low delta-I noise CMOS circuits based on differential logic and current limiters , 1999 .

[47]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[48]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[49]  Jintai Ding,et al.  Post-Quantum Cryptography, Second International Workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17-19, 2008, Proceedings , 2008, PQCrypto.

[50]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[51]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[52]  Joseph H. Silverman,et al.  NTRU in Constrained Devices , 2001, CHES.

[53]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[54]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[55]  A. Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem , 1999 .

[56]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[57]  Akashi Satoh,et al.  High-Resolution Side-Channel Attack Using Phase-Based Waveform Matching , 2006, CHES.

[58]  Daniel J. Bernstein List Decoding for Binary Goppa Codes , 2011, IWCC.

[59]  Ma Jian-feng,et al.  An Access Control Scheme in Wireless Sensor Networks , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[60]  Ariel Shamir,et al.  Cryptanalysis of the oil and vinegar signature scheme , 1998 .

[61]  Lei Hu,et al.  Note on Design Criteria for Rainbow-Type Multivariates , 2006, IACR Cryptol. ePrint Arch..

[62]  Thomas A. Berson,et al.  Failure of the McEliece Public-Key Cryptosystem Under Message-Resend and Related-Message Attack , 1997, CRYPTO.

[63]  Masakazu Yamashina,et al.  An MOS Current Mode Logic (MCML) Circuit for Low-Power Sub-GHz Processors , 1992 .

[64]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[65]  Jean-Jacques Quisquater,et al.  Automatic Code Recognition for Smartcards Using a Kohonen Neural Network , 2002, CARDIS.

[66]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[67]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[68]  Travis N. Blalock,et al.  An on-chip signal suppression countermeasure to power analysis attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[69]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[70]  Avishai Wool,et al.  One-Time Signatures Revisited: Have They Become Practical? , 2005, IACR Cryptol. ePrint Arch..

[71]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[72]  Tsuyoshi Takagi,et al.  Digital Signatures Out of Second-Preimage Resistant Hash Functions , 2008, PQCrypto.

[73]  A. K. Lenstra,et al.  Key Lengths Contribution to The Handbook of Information Security , 2010 .

[74]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[75]  Daisuke Suzuki,et al.  DPA Leakage Models for CMOS Logic Circuits , 2005, CHES.

[76]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[77]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[78]  Frank Mueller,et al.  Analyzing and modeling encryption overhead for sensor network nodes , 2003, WSNA '03.

[79]  Andrey Bogdanov,et al.  A Parallel Hardware Architecture for fast Gaussian Elimination over GF(2) , 2006, 2006 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[80]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[81]  C. Paar,et al.  Performance Analysis of Contemporary Light-Weight Block Ciphers on 8-bit Microcontrollers , 2007 .

[82]  Israel Koren,et al.  Incorporating Error Detection in an RSA Architecture , 2006, FDTC.

[83]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.

[84]  Christophe Clavier,et al.  Susceptibility of eSTREAM Candidates towards Side Channel Analysis , 2008 .

[85]  Andrey Bogdanov,et al.  Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? , 2008, IACR Cryptol. ePrint Arch..

[86]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[87]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[88]  Christof Paar,et al.  Information Leakage of Flip-Flops in DPA-Resistant Logic Styles , 2008, IACR Cryptol. ePrint Arch..

[89]  Ludovic Perret,et al.  Polynomial Equivalence Problems and Applications to Multivariate Cryptosystems , 2003, INDOCRYPT.

[90]  Ingrid Verbauwhede,et al.  Place and Route for Secure Standard Cell Design , 2004, CARDIS.

[91]  Bo-Yin Yang,et al.  l-Invertible Cycles for Multivariate Quadratic (MQ) Public Key Cryptography , 2007, Public Key Cryptography.

[92]  Christof Paar,et al.  Comparison of arithmetic architectures for Reed-Solomon decoders in reconfigurable hardware , 1997, Proceedings. The 5th Annual IEEE Symposium on Field-Programmable Custom Computing Machines Cat. No.97TB100186).

[93]  Jacques Stern,et al.  Practical Cryptanalysis of SFLASH , 2007, CRYPTO.

[94]  David J. Allstot,et al.  Synthesis techniques for CMOS folded source-coupled logic circuits , 1992 .

[95]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[96]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[97]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[98]  Bart Preneel,et al.  A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes , 2005, CT-RSA.

[99]  Arnaud Tisserand,et al.  FPGA Implementation of a Recently Published Signature Scheme , 2004 .

[100]  Jacques Patarin,et al.  Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of Asymmetric Algorithms - Extended Version - , 1996 .

[101]  Catherine H. Gebotys,et al.  EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA , 2005, CHES.

[102]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[103]  Adi Shamir On the generation of multivariate polynomials which are hard to factor , 1993, STOC '93.

[104]  T. Eisenbarth Theoretical Models for Side-Channel Attacks , 2008 .

[105]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[106]  Erik Knudsen,et al.  Ways to Enhance Differential Power Analysis , 2002, ICISC.

[107]  Christof Paar,et al.  Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.

[108]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[109]  Eric Peeters,et al.  Power and electromagnetic analysis: Improved model, consequences and comparisons , 2007, Integr..

[110]  K. Huber NOTE ON DECODING BINARY GOPPA CODES , 1996 .

[111]  Carlos Coronado On the security and the efficiency of the Merkle signature scheme , 2005, IACR Cryptol. ePrint Arch..

[112]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[113]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[114]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[115]  Robert W. Keyes,et al.  Challenges for quantum computing with solid-state devices , 2005, Computer.

[116]  Chen-Mou Cheng,et al.  Implementing Minimized Multivariate PKC on Low-Resource Embedded Systems , 2006, SPC.

[117]  Eli Biham,et al.  Bug Attacks , 2008, CRYPTO.

[118]  Florian Mendel,et al.  Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[119]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[120]  Israel Koren,et al.  Can Knowledge Regarding the Presence of Countermeasures Against Fault Attacks Simplify Power Attacks on Cryptographic Devices? , 2008, 2008 IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems.

[121]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[122]  Christof Paar,et al.  Comparison of innovative signature algorithms for WSNs , 2008, WiSec '08.

[123]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[124]  Jintai Ding,et al.  Proceedings of the 2nd International Workshop on Post-Quantum Cryptography , 2008 .

[125]  George S. Taylor,et al.  Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[126]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[127]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[128]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[129]  R. Leveugle,et al.  On the use of error correcting and detecting codes in secured circuits , 2007, 2007 Ph.D Research in Microelectronics and Electronics Conference.

[130]  Berk Sunar,et al.  Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography , 2006, FDTC.

[131]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[132]  Jacques Stern,et al.  Cryptanalysis of SFLASH with Slightly Modified Parameters , 2007, EUROCRYPT.

[133]  Ahmad-Reza Sadeghi,et al.  Reconfigurable trusted computing in hardware , 2007, STC '07.

[134]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[135]  Nigel P. Smart,et al.  Hash Based Digital Signature Schemes , 2005, IMACC.

[136]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[137]  Christof Paar,et al.  Efficient Hash-Based Signatures on Embedded Devices , 2008 .

[138]  Jean-Jacques Quisquater,et al.  High-speed hardware implementations of Elliptic Curve Cryptography: A survey , 2007, J. Syst. Archit..

[139]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[140]  Jean-Jacques Quisquater,et al.  Information Theoretic Evaluation of Side-Channel Resistant Logic Styles , 2007, CHES.

[141]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[142]  Tim Güneysu,et al.  Special-Purpose Hardware for Solving the Elliptic Curve Discrete Logarithm Problem , 2008, TRETS.

[143]  Benedikt Gierlichs DPA-Resistance Without Routing Constraints? , 2007, CHES.

[144]  Roman Novak,et al.  Side-Channel Attack on Substitution Blocks , 2003, ACNS.

[145]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[146]  Stefano Gregori,et al.  Power-smart system-on-chip architecture for embedded cryptosystems , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[147]  Christopher Wolf,et al.  Efficient Public Key Generation for HFE and Variations , 2004, Cryptographic Algorithms and their Uses.

[148]  Louis Goubin,et al.  Improved Algorithms for Isomorphisms of Polynomials , 1998, EUROCRYPT.

[149]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[150]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[151]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[152]  Chin-Liang Wang,et al.  A Systolic Architecture for Computing Inverses and Divisions in Finite Fields GF(2^m) , 1993, IEEE Trans. Computers.

[153]  Christof Paar,et al.  Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed , 2009, AFRICACRYPT.

[154]  Jean-Charles Faugère Algebraic cryptanalysis of HFE using Gröbner bases , 2002 .

[155]  Christof Paar,et al.  Efficient implementation of eSTREAM ciphers on 8-bit AVR microcontrollers , 2008, 2008 International Symposium on Industrial Embedded Systems.

[156]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[157]  Adrian Perrig,et al.  Seven cardinal properties of sensor network broadcast authentication , 2006, SASN '06.

[158]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[159]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[160]  Stéphane Badel,et al.  A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies , 2007, 2007 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation.

[161]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[162]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[163]  Craig Gentry,et al.  Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001 , 2001, ASIACRYPT.

[164]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[165]  Olivier Billet,et al.  Cryptanalysis of Rainbow , 2006, SCN.

[166]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[167]  Dennis Vermoen MSc THESIS Reverse engineering of Java Card applets using power analysis , 2006 .

[168]  Christof Paar,et al.  Fast Hash-Based Signatures on Constrained Devices , 2008, CARDIS.

[169]  I. Chuang,et al.  Experimental realization of Shor's quantum factoring algorithm using nuclear magnetic resonance , 2001, Nature.

[170]  D. DiVincenzo,et al.  Prospects for quantum computing , 2000, International Electron Devices Meeting 2000. Technical Digest. IEDM (Cat. No.00CH37138).

[171]  Hideki Imai,et al.  Algebraic Methods for Constructing Asymmetric Cryptosystems , 1985, AAECC.

[172]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[173]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[174]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[175]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[176]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[177]  Bart Preneel,et al.  Power-Analysis Attacks on an FPGA - First Experimental Results , 2003, CHES.

[178]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[179]  R. McEliece Finite Fields for Computer Scientists and Engineers , 1986 .

[180]  Yusuf Leblebici,et al.  Evaluating Resistance of MCML Technology to Power Analysis Attacks Using a Simulation-Based Methodology , 2009, Trans. Comput. Sci..

[181]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[182]  Andy Rupp Computational aspects of cryptography and cryptanalysis , 2009 .

[183]  Maureen Smerdon Security Solutions Using Spartan-3 Generation FPGAs , 2008 .

[184]  Louis Goubin,et al.  A Fast and Secure Implementation of Sflash , 2003, Public Key Cryptography.

[185]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[186]  Richard Lindner,et al.  Explicit Hard Instances of the Shortest Vector Problem , 2008, PQCrypto.

[187]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[188]  Werner Schindler,et al.  How to Compare Profiled Side-Channel Attacks? , 2009, ACNS.

[189]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[190]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[191]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[192]  Masao Kasahara,et al.  A Method for Solving Key Equation for Decoding Goppa Codes , 1975, Inf. Control..

[193]  Stéphane Badel,et al.  A Generic Standard Cell Design Methodology for Differential Circuit Styles , 2008, 2008 Design, Automation and Test in Europe.

[194]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.