Thursday, June 28, 2012
ACNS 2012 - Day 2
The second day was mainly devoted to theoretical works on various new or improved cryptographic primitives or cryptanalytic methods. Unfortunately I missed the invited talk of the industry track for "A New Masking Scheme for Side-Channel Protection of the AES" as it clashed with the session where I presented our work. Apart from that, the last session featured three talks on side channel attacks with some first results on zero-value point attacks on computations on Kummer surfaces (which can be used to speed up ECC/HECC), a new block cipher (Picardo), whose S-box is specifically designed to make higher-order masking more efficient, and practical results on power-analysis attacks on AES using wide collisions. Wide collisions mean that a number of intermediate values of two encryptions end up having the same value (instead of e.g. just a single S-box output byte). The price to pay for this is the requirement for the attacker to be in control of the plaintext fed to the cryptographic device. Of the three side-channel talks, the wide-collision one has probably the most immediate practical relevance, as these results need to be taken into account when implementing AES in a side-channel resistant way.