Titel Deelnemers "Optimizing Linear Correctors: A Tight Output Min-Entropy Bound and Selection Technique" "Milos Grujic, Ingrid Verbauwhede" "BASALISC: Programmable Hardware Accelerator for BGV Fully Homomorphic Encryption" "Robin Geelen, Michiel Van Beirendonck, Ingrid Verbauwhede, Frederik Vercauteren" "SpectrEM: Exploiting Electromagnetic Emanations During Transient Execution" "Jesse De Meulemeester, Lennert Wouters, Ingrid Verbauwhede" "Modern processors implement sophisticated performance optimizations, such as out-of-order execution and speculation, that expose programs to so-called transient execution attacks. So far, such attacks rely on specific on-chip covert channels (e.g., cache timing), instilling the hope that they can be thwarted by closing or weakening these channels. In this paper, we consider the inevitable physical side effects of transient execution. We focus on electromagnetic (EM) emanations produced by the processor and develop two lightweight and accurate EM channels to extract secret bits from the transient window. We propose SpectrEM, a Spectre variant for embedded devices exposed to physical access by an attacker. While it assumes a physical adversary, it does not fundamentally require code execution, expanding its applicability in the embedded world. We evaluate SpectrEM on an Arm Cortex-A72, leaking up to 366 bits per second at a bit error rate as low as 0.008%. To our knowledge, this is the first practical demonstration of physical transient execution attacks." "A 334 - μW 0.158 - mm2 ASIC for Post-Quantum Key-Encapsulation Mechanism Saber With Low-Latency Striding Toom–Cook Multiplication" "Angshuman Karmakar, Ingrid Verbauwhede" "Lattice-based cryptography is a novel approach to public key cryptography (PKC), of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, the National Institute of Standards and Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice-based cryptography. Because PKC is mostly used to establish common secret keys, the focus is on compact area, power, and energy budget and, to a lesser extent, on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT)-based multiplications, in this article, we highly optimize a Toom–Cook-based multiplier. We demonstrate that a memory-efficient striding Toom–Cook with lazy interpolation results in a highly compact, low-power implementation, which, on top, enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating, and shift-add multiplier has helped to achieve 38% less power than state-of-the-art post-quantum cryptography (PQC) core, 4 × less memory, 36.8% reduction in multiplier energy, and 118 × reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes 0.158 - mm2 active area, which is the lowest reported to date despite the process disadvantages of the state-of-the-art designs." "Fault Attack Investigation on TaOx Resistive-RAM for Cyber Secure Application" "Ingrid Verbauwhede" "Mining CryptoNight-Haven on the Varium C1100 Blockchain Accelerator Card" "Michiel Van Beirendonck, Ingrid Verbauwhede" "Cryptocurrency mining is an energy-intensive process that presents a prime candidate for hardware acceleration. This work-in-progress presents the first coprocessor design for the ASIC-resistant CryptoNight-Haven Proof of Work (PoW) algorithm. We construct our hardware accelerator as a Xilinx Run Time (XRT) RTL kernel targeting the Xilinx Varium C1100 Blockchain Accelerator Card. The design employs deeply pipelined computation and High Bandwidth Memory (HBM) for the underlying scratchpad data. We aim to compare our accelerator to existing CPU and GPU miners to show increased throughput and energy efficiency of its hash computations." "Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations" "Jan-Pieter D'Anvers, Michiel Van Beirendonck, Ingrid Verbauwhede" "Circuits for Security and Secure Circuits: Implementation of cryptographic algorithms" "Ingrid Verbauwhede" "It is an honor for me to write this overview article and share with the reader the topic of circuits and security. This topic has triggered my curiosity since I started as a Ph.D. student." "On the Unpredictability of SPICE Simulations for Side-Channel Leakage Verification of Masked Cryptographic Circuits" "Ingrid Verbauwhede" "ShowTime: Amplifying Arbitrary CPU Timing Side Channels" "Antoon Purnal, Márton Bognár, Frank Piessens, Ingrid Verbauwhede"