breaking deployed crypto
play

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel - PowerPoint PPT Presentation

Mar 31, 2023 •231 likes •926 views

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi) 04/30/2020 Hardwear.io About Me Daniel Moghimi @danielmgmi Security Researcher PhD Student @ WPI Microarchitectural Security Side

  1. Breaking Deployed Crypto The Side Channel Analyst ’ s Way Daniel Moghimi (@danielmgmi) 04/30/2020 Hardwear.io

  2. About Me • Daniel Moghimi @danielmgmi • Security Researcher • PhD Student @ WPI • Microarchitectural Security • Side Channels • Breaking Crypto Implementations • Trusted Execution Environment (Intel SGX) 2

  3. Cryptanalysis • Cryptosystem with an input m , output c , and secret k • Attacker tries to learn k b y looking at ( m, c ) k c m Encrypt Decrypt Sign 3

  4. Cryptanalysis • Cryptosystem with an input m , output c , and secret k • Attacker tries to learn k b y looking at ( m, c ) 𝐹𝐷𝐸𝑇𝐵 𝑇𝑗𝑕𝑜: 𝑦 1 , 𝑧 1 = 𝑙 𝑗 × 𝐻 𝑠 𝑗 = 𝑦 1 𝑛𝑝𝑒 𝑜 −1 𝑨 + 𝑠 𝑗 𝑒 𝑛𝑝𝑒 𝑜 𝑡 𝑗 = 𝑙 𝑗 −1 𝑨 + 𝑠 𝑡 1 = 𝑙 1 1 𝑒 𝑛𝑝𝑒 𝑜 −1 𝑨 + 𝑠 2 𝑒 𝑛𝑝𝑒 𝑜 k 𝑡 2 = 𝑙 2 c m Encrypt Decrypt Sign 4

  5. Cryptanalysis • Cryptosystem with an input m , output c , and secret k • Attacker tries to learn k b y looking at ( m, c ) 𝐹𝐷𝐸𝑇𝐵 𝑇𝑗𝑕𝑜: 𝑦 1 , 𝑧 1 = 𝑙 𝑗 × 𝐻 𝑠 𝑗 = 𝑦 1 𝑛𝑝𝑒 𝑜 −1 𝑨 + 𝑠 𝑗 𝑒 𝑛𝑝𝑒 𝑜 𝑡 𝑗 = 𝑙 𝑗 𝑙 1 = 𝑙 2 = 𝑙 𝑜 𝑡 1 = 𝑙 −1 𝑨 + 𝑠 1 𝑒 𝑛𝑝𝑒 𝑜 𝑡 2 = 𝑙 −1 𝑨 + 𝑠 2 𝑒 𝑛𝑝𝑒 𝑜 k c m Encrypt Decrypt Sign 5

  6. Cryptanalysis • Cryptosystem with an input m , output c , and secret k • Attacker tries to learn k b y looking at ( m, c ) 𝐹𝐷𝐸𝑇𝐵 𝑇𝑗𝑕𝑜: 𝑦 1 , 𝑧 1 = 𝑙 𝑗 × 𝐻 𝑠 𝑗 = 𝑦 1 𝑛𝑝𝑒 𝑜 −1 𝑨 + 𝑠 𝑗 𝑒 𝑛𝑝𝑒 𝑜 𝑡 𝑗 = 𝑙 𝑗 𝑙 1 = 𝑙 2 = 𝑙 𝑜 𝑡 1 = 𝑙 −1 𝑨 + 𝑠 1 𝑒 𝑛𝑝𝑒 𝑜 𝑡 2 = 𝑙 −1 𝑨 + 𝑠 2 𝑒 𝑛𝑝𝑒 𝑜 k c m 𝑡 2 − 𝑡 1 = 𝑠 2 − 𝑠 1 𝑒 𝑛𝑝𝑒 𝑜 Encrypt Decrypt Sign 6

  7. Side-Channel Cryptanalysis • Cryptosystem with an input m , output c , and secret k • Attacker tries to learn k b y looking at ( m, c ) and signal s s k c m Encrypt Decrypt Sign 7

  8. Side-Channel Attacks • Channels • Power Analysis • EM Analysis • … • Timing Analysis • CPU Side Channels • Threat Models: • Physical Access • Local Access (Co-location) • Remote 8

  9. Secure Elements Untrusted Software is /Bad Org.? insecure. Heartbleed? Rootkits? Computers Ransomware? are just Evil?!

  10. Secure Elements Untrusted Software is /Bad Org.? insecure. Heartbleed? Rootkits? Computers Ransomware? are just Evil?! Hardware-based Root of Trust?! 10

  11. Trusted Platform Module (TPM) • Security Chip for Computers? • Tamper Resistant • Side-Channel Resistant • Crypto Co-processor 11

  12. Trusted Platform Module (TPM) • Security Chip for Computers? • Tamper Resistant • Side-Channel Resistant • Crypto Co-processor Trusted Computing Base 12

  13. Trusted Platform Module (TPM) • Cryptographic Co-processor, specified by Trusted Computing Group • Secure Storage • Integrity Measurement • TRNG • Hash Functions • Encryption • Digital Signatures 13

  14. TPM – Digital Signatures • Applications • Trusted Execution of Signing Operations • Remote Attestation • TPM 2.0 supports Elliptic-Curve Digital Signature • ECDSA • ECSchnorr • ECDAA (Anonymous Remote Attestation) 14

  15. Trusted Computing Group • https://trustedcomputinggroup .org/membership/certification/ • https://trustedcomputinggroup .org/membership/certification/ tpm-certified-products/ 15

  16. Are TPMs really side-channel resistant? 16

  17. High-resolution Timing Test • TPM frequency ~= 32-120 MHz • CPU Frequency is more than 2 GHz 17

  18. High-resolution Timing Test – Intel PTT (fTPM) • Intel Platform Trust Technology (PTT) • Integrated firmware-TPM inside the CPU package • Runs on top of Converged Security and Management Engine (CSME) • Standalone low power processor PCH CPU • Has been around since Haswell CSME fTPM 18

  19. High-resolution Timing Test – Intel PTT (fTPM) • Intel Platform Trust Technology (PTT) • Integrated firmware-TPM inside the CPU package • Runs on top of Converged Security and Management Engine (CSME) PCH CPU CSME fTPM Histogram 19

  20. High-resolution Timing Test – Intel PTT (fTPM) • Linux TPM Command Response Buffer (CRB) driver • Kernel Driver to increase the Resolution PCH CPU CSME fTPM 20

  21. High-resolution Timing Test - Analysis • RSA and ECDSA timing test on 3 dedicated TPM and Intel fTPM • Various non-constant behaviour for both RSA and ECDSA 21

  22. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 22

  23. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 23

  24. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 24

  25. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 25

  26. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 26

  27. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 27

  28. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • ECDSA • ECSChnorr Nonce • BN-256 (ECDAA) 0101000100111111...111 0000100100111111...111 1101000100111111...111 0000000000111111...111 0000000000001111...111 t 4.67 4.76 4.8 4.84 4.72 28

  29. 29

  30. High-resolution Timing Test – ECDSA Nonce • Intel fTPM: 4-bit Window Nonce Length Leakage • STMicro TPM: Bit-by-Bit Nonce Length Leakage 30

  31. TPM-Fail – Recovering Private ECDSA Key • TPM is programmed with an unknown key • We already have a template for 𝑢 𝑗 . 1. Collect list of signatures (𝑠 𝑗 , 𝑡 𝑗 ) and timing samples 𝑢 𝑗 . 2. Filter signatures based on 𝑢 𝑗 and keeps (𝑠 𝑗 , 𝑡 𝑗 ) with a known bias. 3. Lattice-based attack to recover private key 𝑒 , from signatures with biased nonce 𝑙 𝑗 . 31

  32. Lattice and Hidden Number Problem • 𝑡 = 𝑙 −1 𝑨 + 𝑒𝑠 𝑛𝑝𝑒 𝑜 32

  33. Lattice and Hidden Number Problem −1 − 𝑡 𝑗 • 𝑡 = 𝑙 −1 𝑨 + 𝑒𝑠 𝑛𝑝𝑒 𝑜 → 𝑙 𝑗 −1 𝑠 −1 𝑨 ≡ 0 𝑛𝑝𝑒 𝑜 𝑗 𝑒 − 𝑡 𝑗 33

  34. Lattice and Hidden Number Problem −1 − 𝑡 𝑗 • 𝑡 = 𝑙 −1 𝑨 + 𝑒𝑠 𝑛𝑝𝑒 𝑜 → 𝑙 𝑗 −1 𝑠 −1 𝑨 ≡ 0 𝑛𝑝𝑒 𝑜 𝑗 𝑒 − 𝑡 𝑗 −1 𝑠 −1 𝑨 → 𝑙 𝑗 + 𝐵 𝑗 𝑒 + 𝐶 𝑗 = 0 • 𝐵 𝑗 = −𝑡 𝑗 𝑗 , 𝐶 𝑗 = −𝑡 𝑗 34

  35. Lattice and Hidden Number Problem −1 − 𝑡 𝑗 • 𝑡 = 𝑙 −1 𝑨 + 𝑒𝑠 𝑛𝑝𝑒 𝑜 → 𝑙 𝑗 −1 𝑠 −1 𝑨 ≡ 0 𝑛𝑝𝑒 𝑜 𝑗 𝑒 − 𝑡 𝑗 −1 𝑠 −1 𝑨 → 𝑙 𝑗 + 𝐵 𝑗 𝑒 + 𝐶 𝑗 = 0 • 𝐵 𝑗 = −𝑡 𝑗 𝑗 , 𝐶 𝑗 = −𝑡 𝑗 • Let 𝑌 be the upper bound on k i and (𝑒, 𝑙 0, 𝑙 1 … , 𝑙 𝑜 ) is unknown 35 [1] Dan Boneh and Ramarathnam Venkatesan. Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

  36. Lattice and Hidden Number Problem −1 − 𝑡 𝑗 • 𝑡 = 𝑙 −1 𝑨 + 𝑒𝑠 𝑛𝑝𝑒 𝑜 → 𝑙 𝑗 −1 𝑠 −1 𝑨 ≡ 0 𝑛𝑝𝑒 𝑜 𝑗 𝑒 − 𝑡 𝑗 −1 𝑠 −1 𝑨 → 𝑙 𝑗 + 𝐵 𝑗 𝑒 + 𝐶 𝑗 = 0 • 𝐵 𝑗 = −𝑡 𝑗 𝑗 , 𝐶 𝑗 = −𝑡 𝑗 • Let 𝑌 be the upper bound on k i and (𝑒, 𝑙 0, 𝑙 1 … , 𝑙 𝑜 ) is unknown • Lattice Construction: 𝑜 𝑜 ⋱ LLL/BKZ 𝑜 𝑌 𝐵 1 𝐵 2 … 𝐵 𝑢 𝑜 𝐶 1 𝐶 2 … 𝐶 𝑢 𝑌 36

  37. TPM-Fail – Key Recovery Results • Intel fTPM • ECDSA, ECSchnorr and BN-256 (ECDAA) • Three different threat model System, User, Network • STMicroelectronics TPM • CC EAL4+ Certified • Give you the key in 80 minutes 37

  38. 38

  39. TPM-Fail Case Study: StrongSwan VPN VPN Client VPN Server TPM Device 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler

Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler

Reaping and breaking keys at scale: when crypto meets big data Nils Amiet Yolan Romailler August 2018 DEF CON 26 Public keys what for? Break them! Retrieve the private keys Show how easy it is If we can do it

684 views • 31 slides
A Deployed Analyst A Deployed Analyst in in The Vietnam War The Vietnam War E. B. Vandiver

A Deployed Analyst A Deployed Analyst in in The Vietnam War The Vietnam War E. B. Vandiver

A Deployed Analyst A Deployed Analyst in in The Vietnam War The Vietnam War E. B. Vandiver III 24 August 2007 1 Purpose Relate the experiences of a deployed analyst during the Vietnam War in the late 1960s. Compare the experience

643 views • 42 slides
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE http://sloth-attack.org Karthikeyan Bhargavan Gatan Leurent Crypto protocols and applications evolve Agility: graceful transition from old to new

228 views • 18 slides
https://xkcd.com/538/ CS 166: Information Security Crypto Basics Prof. Tom Austin San Jos

https://xkcd.com/538/ CS 166: Information Security Crypto Basics Prof. Tom Austin San Jos

https://xkcd.com/538/ CS 166: Information Security Crypto Basics Prof. Tom Austin San Jos State University Crypto Terminology Cryptology art and science of making and breaking secret codes Cryptography making secret

645 views • 50 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation & opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El

448 views • 16 slides
Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya

Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya

Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya University Kazuhiko Minematsu, NEC Corporation CRYPTO 2012 August 20, 2012, Santa Barbara, USA GCM Galois/Counter Mode authenticated encryption

414 views • 29 slides
w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

Aditus Luxury Access Platform for Crypto A ffl uents Presentation 21 Nov 2017 w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals Crypto-currency values have been the best performing asset class

206 views • 19 slides
Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO Use this space to add an image. IMPLEMENTATION, OR CRYPTO RNG Insert an image and change the scale to cover this box. ALSO, KEY MANAGEMENT IS

1.01k views • 81 slides
19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

121 views • 11 slides
and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

Standardizing Lattice Cryptography and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the oldest and most (the most?) efficient quantum-resilient alternatives for basic primitives Public key

844 views • 62 slides
The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange

The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange

Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange Labs CHES 2011 Nara, Japan

689 views • 33 slides
cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal cryptographer at Kudelski Security, .ch applied crypto research and outreach BLAKE, BLAKE2, SipHash, NORX Crypto Coding Standard Password Hashing Competition

883 views • 73 slides
LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder and CTO of Nebulas Former architect of Alibaba Blockchain Department Former Senior Engineering Director of Dolphin Browser Robin Zhong

711 views • 24 slides
Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmller, Henning Stubbe, Thomas Wild,

181 views • 15 slides
Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and Blockchain Technologies Shanghai Jiao Tong University 2017 Bitcoin Bitcoin What is bitcoin and how does it work? Bitcoin What is bitcoin and how

2.08k views • 178 slides
Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht

Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht

Sage & Algebraic Techniques for the Lazy Symmetric Cryptographer Martin R. Albrecht @martinralbrecht Crypto Group, DTU Compute, Denmark IceBreak, Reykjavik, Iceland # icebreak Outline Sage Introduction Highlevel Features Fields &

1.04k views • 93 slides
High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B. Almeida, M. Barbosa, G. Barthe, B. Grgoire, A. Koutsos , V. La- porte, T. Oliveira, P-Y. Strub Octobre 9th, 2019 1 Context 2 Context Cryptographic

985 views • 57 slides

More recommend