CASCADE Technical Program

This is a provisional program and may change over time.

Wednesday, April 2

Conference at Telecom Saint-Etienne, 25 Rue Dr Rémy Annino, 42000 Saint-Étienne

09:30 - 10:15	Registration Atrium / Coffee, Room: D03
10:15 - 10:30	Opening / Welcome Room: J022
10:30 - 11:30	Keynote 1, Room: J022 Session chair: Pascal Sasdrich Ileana Buhan Detecting and Mitigating Side-Channel Leaks in Software Implementation: Challenges, Automation, and Tools Certification of cryptographic implementations handling critical assets, including post-quantum cryptography, is mandated in various industries. A common countermeasure to protect against side-channel attacks is masking. However, the effectiveness of a masked implementation depends on the hardware of the target platform. Mitigating side channel leaks resulting from the interaction of masked implementations with the target platform requires expert knowledge. Leakage simulators offer an alternative by modeling power consumption from a sequence of instructions with the help of a leakage model. This function describes how the target devices consume power. Without tools such as leakage simulators, a security researcher tasked with hardening a cryptographic implementation will measure traces, detect leakage, change the implementation, and reiterate until the implementation stops leaking. The process is slow, error-prone, and expensive. A leakage simulator can automate the detection of side-channel leaks and, more importantly, can be used to explain the cause of a leak. This talk will explore the role of side-channel leakage simulators in detecting, and mitigating side channel leaks.
11:30 - 12:00	Industrial Session, Room: J022 Session chair: TBD
12:00 - 14:00	Lunch, Room: D03
14:00 - 15:40	Session 1: Attacks on PQC, Room: J022 Session chair: Melissa Azouaoui Alexandre Berzati (Thales DIS), Andersson Calle Viera (Lip6 Sorbonne Université, Thales DIS) Maya Chartouny (Université de Versailles Saint-Quentin-en-Yvelines, Thales DIS), David Vigilant (Thales DIS)Simple Power Analysis assisted Chosen Cipher-Text Attack on ML-KEM  Jonas Schupp (Technical University of Munich, Germany, TUM School of Computation, Information and Technology), Georg Sigl (Technical University of Munich, Germany; TUM School of Computation, Information and Technology and Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany) A Horizontal Attack on the Codes and Restricted Objects Signature Scheme (CROSS)  Vladimir Sarde (Université de Versailles – Saint-Quentin-en-Yvelines, Idemia) Nicolas Debande (Idemia) Improvement of Side-Channel Attacks on Mitaka Brice Colombier (Laboratoire Hubert Curien, Université Jean Monnet, Saint-Étienne, France) Vincent Grosso (Laboratoire Hubert Curien, CNRS, Saint-Étienne, France) Pierre-Louis Cayrel (Laboratoire Hubert Curien, Université Jean Monnet, Saint-Étienne, France) Vlad-Florin Drăgoi (Aurel Vlaicu University, Arad, Romania) Message-recovery Horizontal Correlation Attack on Classic McEliece
15:40 - 16:10	Coffee Break, Room: D03
16:10 - 17:30	Session 2: Attacks on Symmetric Crypto, Room: J022 Session chair: TBD Antoine Wurcker (SERMA Safety and Security), David Marcais (SERMA Safety and Security) The Dangerous Message/Key Swap in HMAC  Julien Devevey (ANSSI (Paris, France)), Morgane Guerreau (CryptoNext Security (Paris, France), Thomas Legavre (Thales (Gennevilliers, France), Université Sorbonne LIP6 (Paris, France), ANSSI (Paris, France)), Ange Martinelli (ANSSI (Paris, France)), Thomas Ricosset (Thales (Gennevilliers, France) Breaking HuFu with 0 Leakage: A Side-Channel Analysis  Viet Sang Nguyen (Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France), Vincent Grosso (CNRS and Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France), Pierre-Louis Cayrrel (Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France) Practical Second-Order CPA Attack on Ascon with Proper Selection Function

Thursday, April 3

Conference at Telecom Saint-Etienne

09:00 - 10:40	Session 3: Securing PQC, Room: J022 Session chair: TBD Quinten Norga (COSIC, KU Leuven), Jan-Pieter D'Anvers (COSIC, KU Leuven), Suparna Kundu (COSIC, KU Leuven), Ingrid Verbauwhede (COSIC, KU Leuven) X2X: Low-Randomness and High-Throughput A2B and B2A conversions for d+1 shares in Hardware Dina KAMEL (UCLouvain, ICTEAM, Crypto Group), Françoix-Xavier STANDAERT (UCLouvain, ICTEAM, Crypto Group) Area Efficient Hardware Architecture of a Modular Polynomial Arithmetic Unit for Post-Quantum Digital Signatures and KEMs  Mohamed Abdelmonem (Simula UiB), Lukas Holzbaur (Infineon Technologies AG), Håvard Raddum (Simula UiB), Alexander Zeh (Infineon Technologies AG) Efficient Error Detection Methods for the Number Theoretic Transforms in Lattice-Based Algorithms Sven Bauer (Siemens AG), Fabrizio De Santis (Siemens AG), Kristjane Koleci (Siemens AG), Anita Aghaie (Siemens AG) A Fault-Resistant NTT by Polynomial Evaluation and Interpolation
10:40 - 11:10	Coffee Break, Room: D03
11:10 - 12:10	Industrial Forum 2, Room: J022 Session chair: Vincent Grosso Thomas Prest Masking-Friendly Lattice Schemes and Lattice-Friendly Masking Schemes Masking is the most common countermeasure to protect cryptosystems against side-channel attacks. Unfortunately, lattice cryptosystems such as the recent NIST standards ML-DSA and ML-KEM are difficult to mask efficiently, resulting in poor performance when masked. What happens when we incorporate masking-friendliness as a design criteria? In this talk, I will discuss how this methodology can lead to lattice cryptosystems that can be masked extremely efficiently -- I will illustrate this point with the Raccoon signature scheme. Conversely, masking schemes can be adapted to fit the quirks of lattice cryptosystems -- I will illustrate this will a technique called "mask compression" which allows to implement masked lattice cryptosystems on memory-constrained devices.
12:10 - 14:10	Lunch, Room: D03
14:10 - 15:50	Session 4: Machine learning, Room: J022 Session chair: TBD Lucas David MEIER (CSEM), Damian VIZÁR (CSEM), Felipe VALENCIA (CSEM), Cristian-Alexandru BOTOCAN (CSEM) Taking AI-Based Side-Channel Attacks to a New Dimension  Minghui Zhao (Nanyang Technological University), Trevor Yap (Nanyang Technological University) Avenger Ensemble: Genetic Algorithm-Driven Ensemble Selection for Deep Learning-based Side-Channel Analysis Gauthier Cler (SERMA Safety & Security, France), Sebastien Ordas (SERMA Safety & Security, France), Philippe Maurine (LIRMM, France) Improving Leakage Exploitability in Horizontal Side Channel Attacks through Anomaly Mitigation with Unsupervised Neural Networks TBD: conditionally accepted
15:50 - 16:20	Coffee Break, Room: D03
16:20 - 17:00	Session 5: RISC-V, Room: J022 Session chair: Jan Richter-Brockmann Mathieu Escouteloup (Universite de Bordeaux, Bordeaux INP, Laboratoire IMS, UMR CNRS 5218, France), Vincent Migliore (LAAS–CNRS, Univ. Toulouse, CNRS, INSA, Toulouse, France) A hardware design methodology to prevent microarchitectural transition leakages Linus Mainka (Universiteit van Amsterdam), Kostas Papagiannopoulos (Universiteit van Amsterdam) Combined Masking and Shuffling for Side-Channel Secure Ascon on RISC-V
19:00 - 23:00	Social diner la vinifacture

Friday, April 4

Conference at Telecom Saint-Etienne

09:50 - 10:30	Session 6: Side-Channel Attacks, Room: J022 Session chair: TBD Aymeric Hiltenbrand (Inria), Julien Eynard (Rambus, Inc.), Romain Poussier (Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)) On the asymptotic success rate of simple side-channel attack against masking  Stian Husum (Simula UiB), Håvard Raddum (Simula UiB), Martijn Stam (Simula UiB) A Comparison of Graph-Inference Side-Channel Attacks Against SKINNY
10:30 - 11:00	Coffee Break, Room: D03
11:00 - 12:00	Keynote 3, Room: J022 Session chair: Pascal Sasdrich Chitchanok Chuengsatiansup CryptOpt: Verified Compilation with Randomized Program Search for Cryptographic Primitives Cryptography has been extensively used to protect digital information on a wide range of devices. Therefore, the correctness, efficiency, and portability of cryptographic software are of utmost importance. While relying on a compiler-based code generation achieves portability, the efficiency of the produced code usually underperforms compared to the code written directly in assembly. On the other hand, writing code manually achieves high performance while costing experts' time, particularly when the target platform has changed. Regardless, either approach may still produce incorrect code. This talk presents CryptOpt, a verified compilation code generator that produces efficient code tailored to the architecture it runs on. On the optimization side, CryptOpt applies randomized search through the space of assembly program. On the formal-verification side, CryptOpt connects to the Fiat Cryptography framework and extends it with a new formally verified program-equivalence checker. The benchmark shows that CryptOpt produces fastest-known implementations of finite-field arithmetic for both Curve25519 and the Bitcoin elliptic curve secp256k1 for the relatively new Intel 12th and 13th generations.
12:00 - 14:00	Lunch, Room: D03
14:00 - 15:15	Session 7: Physical security, Room: J022 Session chair: TBD TBD: conditionally accepted Julien Toulemont (ANSSI), Geoffrey Chancel (LIRMM), Frederick Mailly (LIRMM), Philippe Maurine (LIRMM), Pascal Nouet (LIRMM) Towards package opening detection at power-up by monitoring thermal dissipation TBD: conditionally accepted
15:15 -15:45	Coffee Break, Room: D03
15:45 - 16:35	Session 8: Homomorphic Encryption, Room: J022 Session chair: TBD Pierugo Pace (Nagra Kudelski Group / EPFL), Hervé Pelletier (Nagra Kudelski Group), Serge Vaudenay (EPFL)  Hybrid homomorphic encryption resistance to side-channel attacks Pierre Galissant (University of Versailles-St-Quentin-en-Yvelines), Louis Goubin (University of Versailles-St-Quentin-en-Yvelines) White-Box Implementation Techniques for the HFE family
16:35 - 17:00	Closing remarks, Room: J022