CASCADE Technical Program

This is a provisional program and may change over time.

Wednesday, April 2

Conference at Telecom Saint-Etienne, 25 Rue Dr Rémy Annino, 42000 Saint-Étienne

09:30 - 10:15

Registration Atrium / Coffee, Room: D03

10:15 - 10:30

Opening / Welcome Room: J022

10:30 - 11:30

Keynote 1, Room: J022

Session chair: Pascal Sasdrich

Ileana Buhan

Detecting and Mitigating Side-Channel Leaks in Software Implementation: Challenges, Automation, and Tools

Certification of cryptographic implementations handling critical assets, including post-quantum cryptography, is mandated in various industries. A common countermeasure to protect against side-channel attacks is masking. However, the effectiveness of a masked implementation depends on the hardware of the target platform. Mitigating side channel leaks resulting from the interaction of masked implementations with the target platform requires expert knowledge. Leakage simulators offer an alternative by modeling power consumption from a sequence of instructions with the help of a leakage model. This function describes how the target devices consume power. Without tools such as leakage simulators, a security researcher tasked with hardening a cryptographic implementation will measure traces, detect leakage, change the implementation, and reiterate until the implementation stops leaking. The process is slow, error-prone, and expensive. A leakage simulator can automate the detection of side-channel leaks and, more importantly, can be used to explain the cause of a leak. This talk will explore the role of side-channel leakage simulators in detecting, and mitigating side channel leaks.

11:30 - 12:00

Industrial Session, Room: J022

Session chair: TBD
12:00 - 14:00

Lunch, Room: D03

14:00 - 16:10

Session 1: Attacks on PQC, Room: J022

Session chair: Melissa Azouaoui
  • Alexandre Berzati (Thales DIS), Andersson Calle Viera (Lip6 Sorbonne Université, Thales DIS) Maya Chartouny (Université de Versailles Saint-Quentin-en-Yvelines, Thales DIS), David Vigilant (Thales DIS)Simple Power Analysis assisted Chosen Cipher-Text Attack on ML-KEM 
  • Jonas Schupp (Technical University of Munich, Germany, TUM School of Computation, Information and Technology), Georg Sigl (Technical University of Munich, Germany; TUM School of Computation, Information and Technology and Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany) A Horizontal Attack on the Codes and Restricted Objects Signature Scheme (CROSS) 
  • Vladimir Sarde (Université de Versailles – Saint-Quentin-en-Yvelines, Idemia) Nicolas Debande (Idemia) Improvement of Side-Channel Attacks on Mitaka
  • Brice Colombier (Laboratoire Hubert Curien, Université Jean Monnet, Saint-Étienne, France) Vincent Grosso (Laboratoire Hubert Curien, CNRS, Saint-Étienne, France) Pierre-Louis Cayrel (Laboratoire Hubert Curien, Université Jean Monnet, Saint-Étienne, France) Vlad-Florin Drăgoi (Aurel Vlaicu University, Arad, Romania) Message-recovery Horizontal Correlation Attack on Classic McEliece
  • Julien Devevey (ANSSI (Paris, France)), Morgane Guerreau (CryptoNext Security (Paris, France), Thomas Legavre (Thales (Gennevilliers, France), Université Sorbonne LIP6 (Paris, France), ANSSI (Paris, France)), Ange Martinelli (ANSSI (Paris, France)), Thomas Ricosset (Thales (Gennevilliers, France) Breaking HuFu with 0 Leakage: A Side-Channel Analysis 
16:10 - 16:40

Coffee Break, Room: D03

16:40 - 17:30

Session 2: Attacks on Symmetric Crypto, Room: J022

Session chair: Gaëtan Cassiers
  • Antoine Wurcker (SERMA Safety and Security), David Marcais (SERMA Safety and Security) The Dangerous Message/Key Swap in HMAC 
  • Viet Sang Nguyen (Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France), Vincent Grosso (CNRS and Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France), Pierre-Louis Cayrrel (Laboratoire Hubert Curien, Universtié Jean Monnet, Saint-Etienne, France) Practical Second-Order CPA Attack on Ascon with Proper Selection Function 
18:00 - 23:59

Social diner (rehearsal)

la fabuleuse cantine

Thursday, April 3

Conference at Telecom Saint-Etienne

09:00 - 10:40

Session 3: Securing PQC, Room: J022

Session chair: Loïc Masure
  • Quinten Norga (COSIC, KU Leuven), Jan-Pieter D'Anvers (COSIC, KU Leuven), Suparna Kundu (COSIC, KU Leuven), Ingrid Verbauwhede (COSIC, KU Leuven) X2X: Low-Randomness and High-Throughput A2B and B2A conversions for d+1 shares in Hardware
  • Dina KAMEL (UCLouvain, ICTEAM, Crypto Group), Françoix-Xavier STANDAERT (UCLouvain, ICTEAM, Crypto Group) Area Efficient Hardware Architecture of a Modular Polynomial Arithmetic Unit for Post-Quantum Digital Signatures and KEMs 
  • Mohamed Abdelmonem (Simula UiB), Lukas Holzbaur (Infineon Technologies AG), Håvard Raddum (Simula UiB), Alexander Zeh (Infineon Technologies AG) Efficient Error Detection Methods for the Number Theoretic Transforms in Lattice-Based Algorithms
  • Sven Bauer (Siemens AG), Fabrizio De Santis (Siemens AG), Kristjane Koleci (Siemens AG), Anita Aghaie (Siemens AG) A Fault-Resistant NTT by Polynomial Evaluation and Interpolation 
10:40 - 11:10

Coffee Break, Room: D03

11:10 - 12:10

Industrial Forum 2, Room: J022

Session chair: Vincent Grosso

Thomas Prest

Masking-Friendly Lattice Schemes and Lattice-Friendly Masking Schemes

Masking is the most common countermeasure to protect cryptosystems against side-channel attacks. Unfortunately, lattice cryptosystems such as the recent NIST standards ML-DSA and ML-KEM are difficult to mask efficiently, resulting in poor performance when masked.

What happens when we incorporate masking-friendliness as a design criteria? In this talk, I will discuss how this methodology can lead to lattice cryptosystems that can be masked extremely efficiently -- I will illustrate this point with the Raccoon signature scheme.

Conversely, masking schemes can be adapted to fit the quirks of lattice cryptosystems -- I will illustrate this will a technique called "mask compression" which allows to implement masked lattice cryptosystems on memory-constrained devices.

12:10 - 14:10

Lunch, Room: D03

14:10 - 15:50

Session 4: Machine learning, Room: J022

Session chair: Gabriel Zaid
  • Lucas David MEIER (CSEM), Damian VIZÁR (CSEM), Felipe VALENCIA (CSEM), Cristian-Alexandru BOTOCAN (CSEM) Taking AI-Based Side-Channel Attacks to a New Dimension 
  • Minghui Zhao (Nanyang Technological University), Trevor Yap (Nanyang Technological University) Avenger Ensemble: Genetic Algorithm-Driven Ensemble Selection for Deep Learning-based Side-Channel Analysis
  • Gauthier Cler (SERMA Safety & Security, France), Sebastien Ordas (SERMA Safety & Security, France), Philippe Maurine (LIRMM, France) Improving Leakage Exploitability in Horizontal Side Channel Attacks through Anomaly Mitigation with Unsupervised Neural Networks
  • Tomáš Rabas (Czech Technical University in Prague), Jiří Buček (Czech Technical University in Prague), Vincent Grosso (Université Jean Monnet), Karolína Zenknerová (National Cyber and Information Security Agency), Róbert Lórencz (Czech Technical University in Prague) Profiling Side-Channel Attack on HQC Polynomial Multiplication Using Machine Learning Methods 
15:50 - 16:20

Coffee Break, Room: D03

16:20 - 17:00

Session 5: RISC-V, Room: J022

Session chair: Jan Richter-Brockmann
  • Mathieu Escouteloup (Universite de Bordeaux, Bordeaux INP, Laboratoire IMS, UMR CNRS 5218, France), Vincent Migliore (LAAS–CNRS, Univ. Toulouse, CNRS, INSA, Toulouse, France) A hardware design methodology to prevent microarchitectural transition leakages
  • Linus Mainka (Universiteit van Amsterdam), Kostas Papagiannopoulos (Universiteit van Amsterdam) Combined Masking and Shuffling for Side-Channel Secure Ascon on RISC-V 
19:00 - 23:59

Social diner

la vinifacture

Friday, April 4

Conference at Telecom Saint-Etienne

09:50 - 10:30

Session 6: Side-Channel Attacks, Room: J022

Session chair: François-Xavier Standaert
  • Aymeric Hiltenbrand (Inria), Julien Eynard (Rambus, Inc.), Romain Poussier (Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)) On the asymptotic success rate of simple side-channel attack against masking 
  • Stian Husum (Simula UiB), Håvard Raddum (Simula UiB), Martijn Stam (Simula UiB) A Comparison of Graph-Inference Side-Channel Attacks Against SKINNY
10:30 - 11:00

Coffee Break, Room: D03

11:00 - 12:00

Keynote 3, Room: J022

Session chair: Pascal Sasdrich

Chitchanok Chuengsatiansup

CryptOpt: Verified Compilation with Randomized Program Search for Cryptographic Primitives

Cryptography has been extensively used to protect digital information on a wide range of devices. Therefore, the correctness, efficiency, and portability of cryptographic software are of utmost importance. While relying on a compiler-based code generation achieves portability, the efficiency of the produced code usually underperforms compared to the code written directly in assembly. On the other hand, writing code manually achieves high performance while costing experts' time, particularly when the target platform has changed. Regardless, either approach may still produce incorrect code. This talk presents CryptOpt, a verified compilation code generator that produces efficient code tailored to the architecture it runs on. On the optimization side, CryptOpt applies randomized search through the space of assembly program. On the formal-verification side, CryptOpt connects to the Fiat Cryptography framework and extends it with a new formally verified program-equivalence checker. The benchmark shows that CryptOpt produces fastest-known implementations of finite-field arithmetic for both Curve25519 and the Bitcoin elliptic curve secp256k1 for the relatively new Intel 12th and 13th generations.

12:00 - 14:00

Lunch, Room: D03

14:00 - 15:15

Session 7: Physical security, Room: J022

Session chair: Victor Lomné
  • Neelam Nasir (Telecom Paris), Julien Béguinot (Télécom Paris), Wei Cheng (Secure-IC S.A.S and Télécom Paris), Ulrich Kühne (Télécom Paris), Jean-Luc Danger (Télécom Paris) Robust and Reliable PUF Protocol Exploiting Non-Monotonic Quantization and Neyman-Pearson Lemma 
  • Julien Toulemont (ANSSI), Geoffrey Chancel (LIRMM), Frederick Mailly (LIRMM), Philippe Maurine (LIRMM), Pascal Nouet (LIRMM) Towards package opening detection at power-up by monitoring thermal dissipation
  • pcy Sluys (COSIC, KU Leuven), Lennert Wouters (COSIC, KU Leuven), Benedikt Gierlichs (COSIC, KU Leuven), Ingrid Verbauwhede (COSIC, KU Leuven) Partial Key Overwrite attacks in microcontrollers 
15:15 -15:45

Coffee Break, Room: D03

15:45 - 16:35

Session 8: Homomorphic Encryption, Room: J022

Session chair: Jean-Claude Bajard
  • Pierugo Pace (Nagra Kudelski Group / EPFL), Hervé Pelletier (Nagra Kudelski Group), Serge Vaudenay (EPFL)  Hybrid homomorphic encryption resistance to side-channel attacks
  • Pierre Galissant (University of Versailles-St-Quentin-en-Yvelines), Louis Goubin (University of Versailles-St-Quentin-en-Yvelines) White-Box Implementation Techniques for the HFE family 
16:35 - 17:00

Closing remarks, Room: J022

Gold Sponsors

Exhibitors

Silver Sponsors

Bronze Sponsors