We are already late, using cryptographic implementations in our daily life that are vulnerable to side-channel attacks. Provably secure cryptographic implementations are not practically secure and evaluations on concrete devices are not sufficient to achieve a reasonable security level. The ERC AMAskZONE project offers a solution that brings together all the links in the chain: provable security and practical security verified on concrete devices.
Who can I contact?
Give us the instruction set of your microcontroller and we do the rest.
We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software is available on a variety of hardware platforms and supports standard and advanced cryptographic algorithms.
Cryptography is everywhere in our daily life to ensure the confidentiality and authentication of our communications and the integrity of our records. Although there are strong expectations regarding the security of cryptographic schemes against black-box attackers whose knowledge is restricted to a few inputs or outputs, the security of their implementations is less challenged. However, once implemented on embedded devices, cryptographic schemes become vulnerable to powerful side-channel attacks. The latter additionally exploit the physical leakage (e.g., power consumption) released by the device to recover the manipulated secrets. With cheap equipment, side-channel attacks may yield tremendous damage (e.g., full key recovery) within seconds. Nevertheless, the current security level of countermeasures is not yet close to that achieved in the black-box model.
The community is divided on how to assess the security of cryptographic implementations. From practitioners’ perspective, they need to be confronted with concrete side-channel attacks directly on embedded devices. Conversely, theorists consider that such an empirical approach is not portable and does not yield concrete security levels (e.g., not all attacks can be tested). Therefore, they instead investigate security proofs based on abstract leakage models, although the latter are often too far removed from reality to yield practical security.
This ERC project plans to combine the advantages of both worlds with a toolbox to generate and verify cryptographic implementations with practical security. Namely, we aim to:
design new compilers to turn any high-level algorithm into an efficient implementation proven secure for identified concrete devices,
push the limits of formal verification with device characterization and polynomial complexity for industrial use.
The main challenge of AMAskZONE is to design and verify cryptographic implementations so that they achieve measurable practical security.