CASCADE Technical Program
This is a provisional program and may change over time.
Wednesday, April 2
Conference at Telecom Saint-Etienne, 25 Rue Dr Rémy Annino, 42000 Saint-Étienne
09:30 - 10:15 | Registration Atrium / Coffee, Room: D03 |
10:15 - 10:30 | Opening / Welcome Room: J022 |
10:30 - 11:30 |
Keynote 1, Room: J022Session chair: Pascal SasdrichIleana BuhanDetecting and Mitigating Side-Channel Leaks in Software Implementation: Challenges, Automation, and ToolsCertification of cryptographic implementations handling critical assets, including post-quantum cryptography, is mandated in various industries. A common countermeasure to protect against side-channel attacks is masking. However, the effectiveness of a masked implementation depends on the hardware of the target platform. Mitigating side channel leaks resulting from the interaction of masked implementations with the target platform requires expert knowledge. Leakage simulators offer an alternative by modeling power consumption from a sequence of instructions with the help of a leakage model. This function describes how the target devices consume power. Without tools such as leakage simulators, a security researcher tasked with hardening a cryptographic implementation will measure traces, detect leakage, change the implementation, and reiterate until the implementation stops leaking. The process is slow, error-prone, and expensive. A leakage simulator can automate the detection of side-channel leaks and, more importantly, can be used to explain the cause of a leak. This talk will explore the role of side-channel leakage simulators in detecting, and mitigating side channel leaks. |
11:30 - 12:00 |
Industrial Session, Room: J022Session chair: TBD |
12:00 - 14:00 | Lunch, Room: D03 |
14:00 - 16:10 |
Session 1: Attacks on PQC, Room: J022Session chair: Melissa Azouaoui
|
16:10 - 16:40 | Coffee Break, Room: D03 |
16:40 - 17:30 |
Session 2: Attacks on Symmetric Crypto, Room: J022Session chair: Gaëtan Cassiers
|
18:00 - 23:59 |
Social diner (rehearsal)la fabuleuse cantine |
Thursday, April 3
Conference at Telecom Saint-Etienne
09:00 - 10:40 |
Session 3: Securing PQC, Room: J022Session chair: Loïc Masure
|
10:40 - 11:10 | Coffee Break, Room: D03 |
11:10 - 12:10 |
Industrial Forum 2, Room: J022Session chair: Vincent GrossoThomas PrestMasking-Friendly Lattice Schemes and Lattice-Friendly Masking SchemesMasking is the most common countermeasure to protect cryptosystems against side-channel attacks. Unfortunately, lattice cryptosystems such as the recent NIST standards ML-DSA and ML-KEM are difficult to mask efficiently, resulting in poor performance when masked. What happens when we incorporate masking-friendliness as a design criteria? In this talk, I will discuss how this methodology can lead to lattice cryptosystems that can be masked extremely efficiently -- I will illustrate this point with the Raccoon signature scheme. Conversely, masking schemes can be adapted to fit the quirks of lattice cryptosystems -- I will illustrate this will a technique called "mask compression" which allows to implement masked lattice cryptosystems on memory-constrained devices. |
12:10 - 14:10 | Lunch, Room: D03 |
14:10 - 15:50 |
Session 4: Machine learning, Room: J022Session chair: Gabriel Zaid
|
15:50 - 16:20 | Coffee Break, Room: D03 |
16:20 - 17:00 |
Session 5: RISC-V, Room: J022Session chair: Jan Richter-Brockmann
|
19:00 - 23:59 |
Social dinerla vinifacture |
Friday, April 4
Conference at Telecom Saint-Etienne
09:50 - 10:30 |
Session 6: Side-Channel Attacks, Room: J022Session chair: François-Xavier Standaert
|
10:30 - 11:00 | Coffee Break, Room: D03 |
11:00 - 12:00 |
Keynote 3, Room: J022Session chair: Pascal SasdrichChitchanok ChuengsatiansupCryptOpt: Verified Compilation with Randomized Program Search for Cryptographic PrimitivesCryptography has been extensively used to protect digital information on a wide range of devices. Therefore, the correctness, efficiency, and portability of cryptographic software are of utmost importance. While relying on a compiler-based code generation achieves portability, the efficiency of the produced code usually underperforms compared to the code written directly in assembly. On the other hand, writing code manually achieves high performance while costing experts' time, particularly when the target platform has changed. Regardless, either approach may still produce incorrect code. This talk presents CryptOpt, a verified compilation code generator that produces efficient code tailored to the architecture it runs on. On the optimization side, CryptOpt applies randomized search through the space of assembly program. On the formal-verification side, CryptOpt connects to the Fiat Cryptography framework and extends it with a new formally verified program-equivalence checker. The benchmark shows that CryptOpt produces fastest-known implementations of finite-field arithmetic for both Curve25519 and the Bitcoin elliptic curve secp256k1 for the relatively new Intel 12th and 13th generations. |
12:00 - 14:00 | Lunch, Room: D03 |
14:00 - 15:15 |
Session 7: Physical security, Room: J022Session chair: Victor Lomné
|
15:15 -15:45 | Coffee Break, Room: D03 |
15:45 - 16:35 |
Session 8: Homomorphic Encryption, Room: J022Session chair: Jean-Claude Bajard
|
16:35 - 17:00 | Closing remarks, Room: J022 |