, Protecting an ECSM Implementation
, 132 0xA Bibliography [ABF + 02 Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures, CHES, volume 2523 of Lecture Notes in Computer Science, pp.260-275, 2002.
, A Survey of Differential Fault Analysis Against Classical RSA Implementations, Fault Analysis in Cryptography, Information Security and Cryptography, pp.111-124, 2012.
DOI : 10.1007/978-3-642-29656-7_7
, Correlation Power Analysis with a Leakage Model, CHES, pp.16-29, 2004.
DOI : 10.1007/978-3-540-28632-5_2
, Bug attacks, CRYPTO, pp.221-240, 2008.
, Making RSA-PSS Provably Secure Against Non-Random Faults, IACR Cryptology ePrint Archive, p.252, 2014.
, Synthesis of Fault Attacks on Cryptographic Implementations, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp.1016-1027, 2014.
, NICV: Normalized Inter-Class Variance for Detection of Side-Channel Leakage, International Symposium on Electromagnetic Compatibility (EMC '14 Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, 2014.
, Side-channel leakage and trace compression using normalized inter-class variance, Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP '14, pp.1-7, 2014.
DOI : 10.1145/2611765.2611772
, On the Importance of Checking Cryptographic Protocols for Faults, Proceedings of Eurocrypt'97, pp.37-51, 1997.
DOI : 10.1007/3-540-69053-0_4
, Notes on Landauer's principle, Reversible Computation and Maxwell's Demon. Studies in History and Philosophy of Modern Physics, pp.501-510, 2003.
, Fault Analysis of Infective AES Computations, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.101-107, 2013.
DOI : 10.1109/FDTC.2013.12
, A Practical Second-Order Fault Attack against a Real-World Pairing Implementation, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.123-136, 2014.
DOI : 10.1109/FDTC.2014.22
, Tampering Attacks in Pairing-Based Cryptography, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.1-7, 2014.
DOI : 10.1109/FDTC.2014.10
, Formal certification of code-based cryptographic proofs, 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp.90-101, 2009.
, A fast new DES implementation in software, Lecture Notes in Computer Science, vol.1267, pp.260-272, 1997.
DOI : 10.1007/BFb0052352
, PRESENT: An Ultra-Lightweight Block Cipher, CHES, pp.450-466, 2007.
DOI : 10.1007/978-3-540-74735-2_31
, ProVerif: Cryptographic protocol verifier in the formal model
, CRT RSA Algorithm Protected Against Fault Attacks, Lecture Notes in Computer Science, vol.49, issue.9, pp.229-243, 2007.
DOI : 10.1007/11554868_13
, A new CRT-RSA algorithm secure against bellcore attacks, ACM Conference on Computer and Communications Security, pp.311-320, 2003.
, Sign Change Fault Attacks on Elliptic Curve Cryptosystems, Fault Diagnosis and Tolerance in Cryptography, pp.36-52, 2006.
DOI : 10.1007/11889700_4
, Differential fault analysis of secret key cryptosystems, CRYPTO, pp.513-525, 1997.
DOI : 10.1007/BFb0052259
, How to Prevent DPA and Fault Attack in a Unified Way for ECC Scalar Multiplication ??? Ring Extension Method, Information Security Practice and Experience, pp.225-237, 2007.
DOI : 10.1007/978-3-540-72163-5_18
, Formal verification of a CRT-RSA implementation against fault attacks, Journal of Cryptographic Engineering, vol.2009, issue.3, pp.157-167, 2013.
DOI : 10.1007/s13389-013-0049-3
, Balanced Encoding to Mitigate Power Analysis: A Case Study, CARDIS, Lecture Notes in Computer Science, 2014.
DOI : 10.1007/978-3-319-16763-3_4
, Analysis of the algebraic side channel attack, Journal of Cryptographic Engineering, vol.24, issue.1, pp.45-62, 2012.
DOI : 10.1007/s13389-012-0028-0
URL : https://hal.archives-ouvertes.fr/hal-00777829
, Fault Attacks and Countermeasures on Vigilant's RSA-CRT Algorithm, pp.89-96, 2010.
, Higher-Order Masking Schemes for S-Boxes, Fast Software Encryption -19th International Workshop, FSE 2012, pp.366-384, 2012.
DOI : 10.1007/978-3-642-34047-5_21
, Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, IACR Cryptology ePrint Archive, issue.179, pp.475-492, 2011.
, Practical fault countermeasures for chinese remaindering based RSA, Fault Diagnosis and Tolerance in Cryptography, pp.124-131, 2005.
, PSS Is Secure against Random Fault Attacks, ASIACRYPT, pp.653-666, 2009.
, Side Channel Cryptanalysis of a Higher Order Masking Scheme, CHES, pp.28-44, 2007.
, Using Virtual Secure Circuit to Protect Embedded Software from Side-Channel Attacks, IEEE Transactions on Computers, vol.62, issue.1, pp.124-136, 2013.
DOI : 10.1109/TC.2011.225
, CacheAudit: A Tool for the Static Analysis of Cache Side Channels, IACR Cryptology ePrint Archive, p.253, 2013.
, On Second-Order Fault Analysis Resistance for CRT-RSA Implementations, Lecture Notes in Computer Science, vol.5746, pp.68-83, 2009.
DOI : 10.1007/978-3-642-03944-7_6
, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638
, Wavelet transform based pre-processing for side channel analysis, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, pp.32-38, 2012.
DOI : 10.1109/MICROW.2012.15
, François-Xavier Standaert, and Loïc van Oldeneel tot Oldenzeel . Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices, Lecture Notes in Computer Science, vol.12, issue.7374, pp.172-187, 2012.
, A survey of fault attacks in pairing based cryptography, Cryptography and Communications, vol.56, issue.1, pp.1-21, 2014.
DOI : 10.1007/s12095-014-0114-5
URL : https://hal.archives-ouvertes.fr/hal-01197172
, Number Systems and Arithmetic, Advances in Computers, vol.6, pp.131-194, 1965.
, Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks, IEEE Transactions on Computers, vol.57, issue.11, pp.1482-1497, 2008.
DOI : 10.1109/TC.2008.109
, The ???Backend Duplication??? Method, CHES, pp.383-397, 2005.
DOI : 10.1007/11545262_28
, An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis, IEEE Transactions on Computers, vol.55, issue.9, pp.1116-1120, 2006.
DOI : 10.1109/TC.2006.135
, Generic Side-Channel Countermeasures for Reconfigurable Devices, CHES, pp.33-48, 2011.
DOI : 10.1007/978-3-642-23951-9_3
, Provably secure concurrent error detection against differential fault analysis, Cryptology ePrint Archive, vol.552552, 2012.
, Genus 2 Hyperelliptic Curve Families with Explicit Jacobian Order Evaluation and Pairing-Friendly Constructions, Pairing-Based Cryptography ? Pairing 2012, pp.234-253, 2013.
DOI : 10.1007/978-3-642-36334-4_16
URL : https://hal.archives-ouvertes.fr/hal-00871327
, Software Implementation of Dual-Rail Representation, In COSADE, 2011.
, Formal Verification of a Software Countermeasure Against Instruction Skip Attacks, Cryptology ePrint Archive, vol.679679, 2013.
URL : https://hal.archives-ouvertes.fr/emse-01233327
, OCaml, a variant of the Caml language
, Private Circuits II: Keeping Secrets in Tamperable Circuits, EUROCRYPT, pp.308-327, 2006.
DOI : 10.1007/11761679_19
, Private Circuits: Securing Hardware against Probing Attacks, CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp.463-481, 2003.
DOI : 10.1007/978-3-540-45146-4_27
, Chinese Remaindering Based Cryptosystems in the Presence of Faults Alfred Menezes, and Scott Vanstone. The Elliptic Curve Digital Signature Algorithm (ECDSA), JMV01] Don Johnson, pp.241-24536, 1999.
, Protecting RSA against Fault Attacks: The Embedding Method, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp.41-45, 2009.
DOI : 10.1109/FDTC.2009.32
, GCD-Free Algorithms for Computing Modular Inverses, CHES, pp.243-253, 2003.
DOI : 10.1007/978-3-540-45238-6_20
, Secure evaluation of modular functions, 2001.
, Fault Analysis in Cryptography, 2011.
DOI : 10.1007/978-3-642-29656-7
, An information-theoretic model for adaptive sidechannel attacks, ACM Conference on Computer and Communications Security, pp.286-296, 2007.
, A Provably Secure and Efficient Countermeasure against Timing Attacks, 2009 22nd IEEE Computer Security Foundations Symposium, pp.324-335, 2009.
DOI : 10.1109/CSF.2009.21
, Lowcost fault detection method for ECC using montgomery powering ladder, Design, Automation and Test in Europe, DATE 2011, pp.1016-1021, 2011.
, Differential Power Analysis, Proceedings of CRYPTO'99, pp.388-397, 1999.
, An efficient CRT-RSA algorithm secure against power and fault attacks, Journal of Systems and Software, vol.84, issue.10, pp.1660-1669, 2011.
DOI : 10.1016/j.jss.2011.04.026
, High-Speed RSA Implementation, 1994.
, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of CRYPTO'96, pp.104-113, 1996.
, Roots of random polynomials over a finite field, Mathematical Notes, vol.80, issue.12, pp.300-304, 2006.
, A CRT-RSA Algorithm Secure against Hardware Fault Attacks, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp.51-60, 2006.
DOI : 10.1109/DASC.2006.5
, Factoring polynomials with rational coefficients, Mathematische Annalen, vol.32, issue.4, pp.515-534, 1982.
DOI : 10.1007/BF01457454
, Practical Validation of Several Fault Attacks against the Miller Algorithm, Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on, pp.115-122, 2014.
, On Double Exponentiation for Securing RSA against Fault Analysis, Lecture Notes in Computer Science, vol.8366, pp.152-168, 2014.
DOI : 10.1007/978-3-319-04852-9_8
, Balanced self-checking asynchronous logic for smart card applications, Microprocessors and Microsystems, vol.27, issue.9, pp.421-430, 2003.
DOI : 10.1016/S0141-9331(03)00092-9
, Coarsely integrated operand scanning (CIOS) architecture for high-speed Montgomery modular multiplication, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921), pp.185-191, 2004.
DOI : 10.1109/FPT.2004.1393267
, Pinpointing side-channel information leaks in web applications, Journal of Cryptographic Engineering, vol.15, issue.6, pp.161-177, 2012.
DOI : 10.1007/s13389-012-0036-0
, Power Analysis Attacks: Revealing the Secrets of Smart Cards, 2006.
, Compiler Assisted Masking, CHES, pp.58-75, 2012.
DOI : 10.1007/978-3-642-33027-8_4
, One for all ??? all for one: unifying standard differential power analysis attacks, IET Information Security, vol.5, issue.2, pp.100-111, 2011.
DOI : 10.1049/iet-ifs.2010.0096
, Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations, CHES, pp.76-90, 2006.
DOI : 10.1007/11894063_7
, Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices, AFRICACRYPT, pp.279-296
DOI : 10.1007/978-3-642-12678-9_17
, Handbook of Applied Cryptography, 1996.
DOI : 10.1201/9781439821916
, BCDL: A high performance balanced DPL with global precharge and without early-evaluation, DATE'10, pp.849-854, 2010.
, New Software Speed Records for Cryptographic Pairings, Progress in Cryptology ? LATINCRYPT 2010, pp.109-123, 2010.
DOI : 10.1007/978-3-642-14712-8_7
, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT, pp.223-238, 1999.
DOI : 10.1007/3-540-48910-X_16
, Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints, Cryptographic Hardware and Embedded Systems ? CHES 2005, pp.172-186, 2005.
DOI : 10.1007/11545262_13
, A formal proof of countermeasures against fault injection attacks on CRT-RSA, Journal of Cryptographic Engineering, vol.21, issue.2, pp.173-185, 2014.
DOI : 10.1007/s13389-013-0065-3
URL : https://hal.archives-ouvertes.fr/hal-00863914
, Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack, Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, PPREW'14, pp.978-979, 2014.
DOI : 10.1145/2556464.2556466
, Countermeasures against High-Order Fault-Injection Attacks on CRT-RSA, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.68-82, 2014.
DOI : 10.1109/FDTC.2014.17
URL : https://hal.archives-ouvertes.fr/hal-01071425
, Securing RSA against Fault Analysis by Double Addition Chain Exponentiation, Cryptology ePrint Archive Report, vol.52, issue.4, 2009.
DOI : 10.1109/TC.2003.1190587
, Provably Secure Higher-Order Masking of AES, CHES, pp.413-427, 2010.
DOI : 10.1007/978-3-642-15031-9_28
, Algebraic Side-Channel Attacks, Lecture Notes in Computer Science, vol.6151, pp.393-410, 2009.
DOI : 10.1007/978-3-642-16342-5_29
, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.
DOI : 10.1145/359340.359342
, Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA, CHES, pp.97-111, 2009.
DOI : 10.1007/978-3-642-04138-9_8
, WDDL is Protected against Setup Time Violation Attacks, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp.73-83, 2009.
DOI : 10.1109/FDTC.2009.40
URL : https://hal.archives-ouvertes.fr/hal-00410135
, Study of a Novel Software Constant Weight Implementation, CARDIS, Lecture Notes in Computer Science, 2014.
, Novel Applications of Wavelet Transforms based Side-Channel Analysis, Non-Invasive Attack Testing Workshop coorganized by NIST & AIST. Todai-ji Cultural Center, 2011.
, Modeling and comparing CMOS implementations of the C-element, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol.6, issue.4, pp.563-567, 1998.
DOI : 10.1109/92.736128
, Method and apparatus for protecting public key schemes from timing and fault attacks US Patent Number 5,991,415; also presented at the rump session of EUROCRYPT, 1997.
, Higher Order Masking of the AES, LNCS, vol.3860, pp.208-225, 2006.
DOI : 10.1007/11605805_14
, Protecting cryptographic hardware against malicious attacks by nonlinear robust codes, Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2014 IEEE International Symposium on, pp.40-45, 2014.
, Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack, CHES, pp.21-36, 2013.
DOI : 10.1007/978-3-642-40349-1_2
, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, Proceedings Design, Automation and Test in Europe Conference and Exhibition, pp.246-251, 2004.
DOI : 10.1109/DATE.2004.1268856
, Place and Route for Secure Standard Cell Design, Proceedings of WCC / CARDIS, pp.143-158, 2004.
DOI : 10.1007/1-4020-8147-2_10
, A digital design flow for secure integrated circuits, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol.25, issue.7, pp.1197-1208, 2006.
DOI : 10.1109/TCAD.2005.855939
, RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks, CHES, pp.130-145, 2008.
DOI : 10.1007/978-3-540-85053-3_9
, RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks, CHES, 2008. Slides presented at CHES [Vig08a]
DOI : 10.1007/978-3-540-85053-3_9
, Countermeasure securing exponentiation based cryptography
, Practical Optical Fault Injection on Secure Microcontrollers, pp.91-99, 2011.
, Cryptanalysis of a provably secure CRT-RSA algorithm, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.92-97, 2004.
DOI : 10.1145/1030083.1030097
, Algebraic manipulation detection codes and their applications for design of secure cryptographic devices, 2011 IEEE 17th International On-Line Testing Symposium, pp.234-239, 2011.
DOI : 10.1109/IOLTS.2011.5994535
, Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis, IEEE Trans. Computers, vol.49, issue.9, pp.967-970, 2000.
, Cross-VM side channels and their use to extract private keys, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.305-316, 2012.
DOI : 10.1145/2382196.2382230
, 3 Header of finja report for our fixed and simplified version of Vigilant's countermeasure, p.150
, 78 7.1 CRT-RSA with a Giraud's family countermeasure 91 7.2 CRT-RSA with Joye et al.'s countermeasure 93 7.3 CRT-RSA with Ciet & Joye's countermeasure 96 7.5 CRT-RSA with Shamir's countermeasure, 97 7.6 CRT-RSA with Aumüller et al.'s countermeasure 1 . . . . . . . . . . . 98 7.7 CRT-RSA with Vigilant's countermeasure 4 with Coron et al.'s fixes and Rauzy & Guilley's simplifications, p.99
, s countermeasure 4 , under its infective avatar (new algorithm contributed in this chapter