Ruhr University Bochum (RUB), 2023
In our contemporary life, digital infrastructure plays a crucial role and it is almost impossible to imagine a modern world without the advantages provided by highly advanced technology. Due to the influence of this infrastructure on so many areas of our life, robust, reliable, and secure systems are necessary. Moreover, this includes performing any kind of communication encrypted avoiding misuse of information and protecting data integrity. Creating an environ- ment of encrypted communication became even more important over the last years since many systems are connected including a huge amount of embedded devices. Therefore, underlying cryptographic algorithms need to be implemented on highly diverse platforms including mi- crocontrollers, Field-Programmable Gate Arrays (FPGAs), and Application-Specific Integrated Circuits (ASICs).
In addition, due to extensive research in the field of quantum computers during the last years, it is more likely than ever that today’s deployed public-key cryptography can be broken in the near future. As a consequence, the National Institute of Standards and Technology (NIST) announced a Post-Quantum Cryptography (PQC) standardization process in order to find suitable cryptographic algorithms that are secure against attacks mounted on both classical and quantum computers. These two emerging fields of study lead to the requirement for secure and efficient hardware implementations for modern cryptography. More precisely, the emergence of post-quantum secure algorithms introduces new challenges with respect to efficient implementations target- ing microcontrollers, FPGAs, and ASICs. At the same time, side-channel and fault-injection attacks pose a huge threat against any type of cryptographic implementations on embedded devices, where securing conventional symmetric cryptography is still raising unconsidered and challenging questions.
In this work, we first address the protection of symmetric cryptography against side-channel and fault-injection attacks. We start by investigating protection mechanisms that combine established countermeasures against side-channel attacks with instantiations of linear Error- Correcting Codes (ECCs). Exploiting the structure of linear ECCs and dynamically exchanging their underlying generator matrices, allow us to introduce additional noise into cryptographic operations achieving increased protection against side-channel adversaries. In the second part, we revisit existing models abstracting fault injections and propose a new generic, simple, and consolidated fault adversary model. Here, we connect the physical behavior of different fault-injection mechanisms more closely with the theoretical abstracted adversary model. Additionally, we cover and introduce security notions for secure and composable gadgets protecting hardware implementations against fault-injection and combined attacks. For our third part, we use the aforementioned theoretical and essential work to create formal verification frameworks parsing gate-level netlists of implemented countermeasures and analyz- ing their security. We first present the framework FIVER which incorporates our fault adversary model and evaluates – based on a data structure relying on binary decision diagrams – fault- injection countermeasures. We continue to drive this work even further by presenting VERICA which is capable of verifying the security of gadgets and entire cryptographic functions in a setting considering combined attacks.
Eventually, we propose efficient implementations of the PQC scheme BIKE targeting reconfig- urable hardware. Our first implementation presents an optimized polynomial multiplier, a core performing the polynomial inversion based on Fermat’s little theorem, and the first hardware implementation of the black-gray flip decoder. We further improve these results by introducing a new multiplier design exploiting the sparseness of one of its input operands and an optimized polynomial inversion based on the extended Euclidean algorithm.