Ruhr-Universität Bochum (RUB): Open Journal Systems
Not a member yet
4280 research outputs found
Sort by
Scalable Information Theoretic Evaluation of the Rank Statistics in Side-Channel Attacks
No full textEvaluating the security of a device against side-channel attacks is a difficult task. One prominent strategy for this purpose is to characterize the distribution of the rank of the correct key among the different key hypotheses produced by a maximum likelihood attack, depending on the number of measured traces. In practice, evaluators can estimate some statistics of the rank that are used as security indicators—e.g., the arithmetic and geometric mean rank, the median rank, the α-marginal guesswork, or the success rate of level L. Yet, a direct estimation becomes time-consuming as security levels increase.In this work, we provide new bounds on these figures of merit in terms of the mutual information between the secret and its side-channel leakages. These bounds provide theoretical insights on the evolution of the figures of merit in terms of noise level, computational complexity (how many keys are evaluated) and data complexity (how many side-channel traces are used for the attack). To the best of our knowledge, these bounds are the first to formally characterize security guarantees that depend on the computational power of the adversary, based on a measure of their informational leakages. It follows that our results enable fast shortcut formulas for the certification laboratories, potentially enabling them to speed up the security evaluation process. We demonstrate the tightness of our bounds on both synthetic traces (in a controlled environment) and real-world traces from two popular datasets (Aisylab/AES_HD and SMAesH)
SPHGen: A Program Generator for Fast Polynomial Hash Functions
No full textUniversal hash functions are a widely-used, fundamental building block in constructing more complex cryptographic schemes. This makes achieving high efficiency, both at the design and implementation level, an utmost priority. Using simple polynomial hash functions over prime fields is a popular choice; Poly1305 is a particular instance of such an approach that is standardized and widely deployed. However, even for simple polynomial hash functions, there are significant challenges in designing fast implementations. Firstly, there is a large set of choices for algorithmic parameters such as finite field and limb sizes. Secondly, the complexity and diversity of modern vector instruction set architectures (ISAs) makes performance evaluation, and subsequent parameter selection difficult. In this paper we present SPHGen, a program generator for simple polynomial hash functions. SPHGen takes as input the field parameters and outputs highly optimized code for a given vector ISA. The generated code is automatically verified by means of symbolic execution, ensuring functional correctness. Accompanying SPHGen is an accurate model that predicts the runtime of each generated program. Using SPHGen, one can readily identify the Pareto front of Pareto-optimal hash function parameters w.r.t. the security-performance trade-offs, and, when using the model, even without running any code. SPHGen and the model can be retargeted to different vector ISAs and languages; we consider AVX2, AVX512, AVX512_IFMA, and Jasmin as examples. We generate Jasmin code to ensure memory safety and constant-time execution. We report benchmarks showing that SPHGen offers significant performance improvements over the best previous non-vectorized code. In addition, for large messages, our automatically generated code offers speedups of up to 37% compared to the highly-optimized implementation of Poly1305 in OpenSSL, which is hand-coded in assembly
WW-FL: Secure and Private Large-Scale Federated Learning
No full textFederated learning (FL) is an efficient approach for large-scale distributed machine learning that promises data privacy by keeping training data on client devices. However, recent research has uncovered vulnerabilities in FL, impacting both security and privacy through poisoning attacks and the potential disclosure of sensitive information in individual model updates as well as the aggregated global model. This paper explores the inadequacies of existing FL protection measures when applied independently, and the challenges of creating effective compositions.Addressing these issues, we propose WW-FL, an innovative framework that combines secure multi-party computation (MPC) with hierarchical FL to guarantee data and global model privacy. One notable feature of WW-FL is its capability to prevent malicious clients from directly poisoning model parameters, confining them to less destructive data poisoning attacks. We furthermore provide a PyTorch-based FL implementation integrated with Meta’s CrypTen MPC framework to systematically measure the performance and robustness of WW-FL. Our extensive evaluation demonstrates that WW-FL is a promising solution for secure and private large-scale federated learning
Dreaming and mind wandering: Spontaneous thought across the sleep-wake cycle. Editorial introduction
No full textThis special issue unites original theoretical and empirical research on two topics that are gaining traction in cognitive neuroscience and psychology, but so far have small philosophical footprints: dreaming and waking mind wandering. While the fields of dream and mind wandering research are largely separate, phenomenological and neurophysiological similarities between waking mind wandering and sleep-related experiences suggest that these phenomena are intimately connected. Together, they raise important questions about the nature and functions of spontaneous mental phenomena and their relation to wakefulness and sleep, as well as for theories of attention, action, and consciousness
The Violence of Aspiration: Symbolic Harm and the Crisis of Development in the Global South
Full text linkThis essay critiques contemporary development paradigms in postcolonial democracies such as India by exposing the symbolic and aesthetic violence embedded within them. It argues that development today operates not only through material exclusion but also via symbolic harm—governing through aspiration, aesthetic legibility, and bureaucratic temporality. Drawing on Pierre Bourdieu\u27s concept of symbolic violence and insights from feminist political economy, postcolonial theory, and subaltern studies, the essay examines how marginalized bodies and spaces are rendered visible only through curated, sanitized aesthetics that uphold elite-defined ideals.Rather than delivering inclusion, development often demands performance: the poor must appear modern, grateful, and digitally fluent to qualify for visibility. These visual scripts—found in biometric governance, aspirational media campaigns, and platform-based welfare systems—discipline subjectivities while erasing dissent and complexity. Aspirations become instruments of control, redefining citizenship as aesthetic conformity rather than structural entitlement. Simultaneously, the poor are subjected to temporal violence, constantly made to wait for rights, services, and recognition—an experience framed as transitional but often permanent.Using a critical-interpretive methodology, the essay reads planning documents, urban design frameworks, and welfare technologies not as policy tools but as aesthetic and affective texts. It argues that development enacts a moral order of legibility, where failure to perform prescribed norms results in administrative invisibility or symbolic punishment. Gender, caste, and class hierarchies are embedded in these scripts, shaping who can be seen, heard, or served.The essay proposes a reparative vision of development grounded in four principles: voice over visibility, memory over erasure, plurality over prescription, and freedom over discipline. Moving beyond metrics and images, this framework foregrounds epistemic justice and collective dignity. Development must be reimagined not as performance or progress, but as a democratic process rooted in recognition, care, and shared futurity
Finding Bugs and Features Using Cryptographically-Informed Functional Testing
No full textIn 2018, Mouha et al. (IEEE Trans. Reliability, 2018) performed a postmortem investigation of the correctness of reference implementations submitted to the SHA3 competition run by NIST, finding previously unidentified bugs in a significant portion of them, including two of the five finalists. Their innovative approach allowed them to identify the presence of such bugs in a black-box manner, by searching for counterexamples of expected cryptographic properties of the implementations under test. In this work, we extend their approach to key encapsulation mechanisms (KEMs) and digital signature schemes (DSSs). We perform our tests on multiple versions of the LibOQS collection of post-quantum schemes to capture implementations at different points of the recent Post-Quantum Cryptography Standardization Process run by NIST. We identify multiple bugs, ranging from software bugs (segmentation faults, memory overflows) to cryptographic bugs, such as ciphertext malleability in KEMs claiming IND-CCA security. We also observe various features of KEMs and DSSs that do not contradict any security guarantees but could appear counter-intuitive. Finally, we compare this methodology with a traditional fuzzing campaign against LibOQS and SUPERCOP, observing that traditional fuzzing harnesses appear less effective in surfacing software and logical bugs
Don’t be mean: Reducing Approximation Noise in TFHE through Mean Compensation
No full textFully Homomorphic Encryption (FHE) allows computations on encrypted data without revealing any information about the data itself. However, FHE ciphertexts include noise for security reasons, which increases during operations and can lead to decryption errors. This paper addresses the noise introduced during bootstrapping in Torus Fully Homomorphic Encryption (TFHE), particularly focusing on approximation errors during modulus switching and gadget decomposition. We propose a mean compensation technique that removes the mean term from the noise equations, achieving up to a twofold reduction in noise variance. This method can be combined with bootstrap key unrolling for further noise reduction. Mean compensation can reduce the error probability of a standard parameter set from 2−73.77 to 2−130.21, or allows the selection of more efficient parameters leading to a speedup of bootstrapping up to a factor 2.06x. Compared to the state-of-the-art rerandomization technique, mean compensation requires no additional key material, and offers a fixed workflow. Furthermore, it removes the dependency between the noise variance and the Hamming weight of the secret key
Coil-Based Detection and Concurrent Error Correction Against EMFI
No full textFault injection attacks target cryptographic primitives implemented in hardware by deliberately inducing faults, leading to abnormal behavior that can be exploited to extract sensitive information. To mitigate these threats, practical and lowoverhead countermeasures, whether at the algorithmic or physical level, are essential. However, the real-world effectiveness of these countermeasures remains uncertain, as it is not always clear whether, or to what extent, their underlying security assumptions hold in practice. Therefore, a thorough evaluation under realistic attack scenarios, including recent techniques such as Electromagnetic Fault Injection (EMFI), is crucial. In this work, we demonstrate the resistance of a protected real-world target chip against EMFI. Specifically, our fabricated 65 nm CMOS ASIC employs concurrent error correction based on the techniques described in Impeccable Circuits II as an algorithm-level countermeasure. At the physical level, the chip integrates multiple coils of varying sizes and positions that serve as sensors for electromagnetic fields. We employ a practical and affordable attack setup featuring a commercial faultinjection probe mounted on an XYZ stage for precise positioning over the ASIC. This setup allows us to investigate the effects of various attack parameters, including the probe’s position, pulse polarity, and voltage level. Our results highlight that the coils serve as a lightweight and effective countermeasure for the practical detection of EMFI attempts. In contrast, for concurrent error correction, a gap between theory and practice emerges: the protection overhead actually makes such designs more susceptible to EMFI in real-world scenarios
High Fidelity Security Mesh Monitoring using Low-Cost, Embedded Time Domain Reflectometry
No full textSecurity Meshes are patterns of sensing traces covering an area that are used in Hardware Security Modules (HSMs) and other systems to detect attempts to physically intrude into the device’s protective shell. State-of-the-art solutions manufacture meshes in bespoke processes from carefully chosen materials, which is expensive and makes replication challenging. Additionally, state-of-the-art monitoring circuits sacrifice either monitoring precision or cost efficiency. In this paper, we present an embeddable security mesh monitoring circuit constructed from low-cost, standard components that utilizes Time Domain Reflectometry (TDR) to create a unique fingerprint of a mesh. Our approach is both low-cost and precise, and enables the use of inexpensive standard Printed Circuit Boards (PCBs) as security mesh material. We demonstrate a working prototype of our TDR circuit costing less than 10 € in components that achieves both time resolution and rise time better than 200 ps—a 25x improvement over previous work. We demonstrate a simple classifier that detects several types of advanced attacks such as probing using an oscilloscope probe or micro-soldering attacks with no false negatives
YATA: Yet Another TFHE Accelerator with Key Compression and Radix-8 NTT
No full textThis paper introduces a silicon-proven ASIC accelerator, YATA, specifically designed for TFHE’s most demanding operation, the BlindRotate. The architecture tackles the main bottleneck in TFHE—massive memory bandwidth—by applying Key Compression to reduce the size of the bootstrapping key significantly. It further enhances performance and area efficiency through a novel Radix-8 Number Theoretic Transform (NTT), using carefully chosen prime moduli that allow cost-effective constant multiplications and streamlined modular reductions. Fabricated in a 22nm process, YATA’s design occupies only 5.93mm2 and achieves 0.32 ms BlindRotate latency for the targeted security parameters. YATA offers a practical route toward fully homomorphic encryption deployments on customized hardware. Overall, this work demonstrates the feasibility of ASIC-based accelerators for TFHE in latency and power efficiency, establishing a foundation for future TFHE-based privacy-preserving applications