Lecture Notes in Computer Science 6225 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Stefan Mangard François-Xavier Standaert (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2010 12th International Workshop Santa Barbara, USA, August 17-20, 2010 Proceedings 1 3 VolumeEditors StefanMangard ChipCard&Security,InfineonTechnologies AmCampeon1-12,85579Neubiberg,Germany E-mail:stefan.mangard@infineon.com François-XavierStandaert UCLCryptoGroup,UniversitécatholiquedeLouvain PlaceduLevant3,1348Louvain-la-Neuve,Belgium E-mail:[email protected] LibraryofCongressControlNumber:Appliedfor CRSubjectClassification(1998):E.3,D.4.6,K.6.5,E.4,C.2,H.2.7,G.2.1 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-642-15030-6SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-15030-2SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©InternationalAssociationforCryptologicResearch2010 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper 06/3180 Preface Since 1999, the workshop on Cryptographic Hardware and Embedded Systems (CHES) is the foremost international scientific event dedicated to all aspects of cryptographic hardware and security in embedded systems. Its 12th edition washeld in Santa Barbara,California,USA, August17–20,2010.Exceptionally this year, it was co-located with the 30th International Cryptology Conference (CRYPTO). This co-location provided unique interaction opportunities for the communities of both events. As in previous years, CHES was sponsored by the International Association for Cryptologic Research (IACR). Theworkshopreceived108submissions,from28differentcountries,ofwhich the Program Committee selected 30 for presentation. Each submission was re- viewedbyatleast4committee members,foratotalof468reviews.Twoinvited talks completed the technical program. The first one, given by Ivan Damg˚ard and Markus Kuhn, was entitled “Is Theoretical Cryptography Any Good in Practice?”, and presented jointly to the CRYPTO and CHES audiences, on Wednesday, August 18, 2010. The second one, given by Hovav Shacham, was entitled “Cars and Voting Machines: Embedded Systems in the Field.” The ProgramCommittee agreed on giving a best paper award to Alexandre Berzati, C´ecile Canovas-Dumas and Louis Goubin, for their work “Public Key PerturbationofRandomizedRSAImplementations.” Theseauthorswillalsobe invitedtosubmitanextendedversionoftheirpapertotheJournalofCryptology, together with the authors of two other contributions. First, Jean-Philippe Au- masson,LucaHenzen,WilliMeierandMar´ıaNaya-Plasencia,authorsof“Quark: aLightweightHash.”Second,LucaHenzen,PietroGendotti,PatriceGuillet,En- rico Pargaetzi, Martin Zoller and Frank K. Gu¨rkaynak, for their paper entitled “Developing a HardwareEvaluationMethod for SHA-3 Candidates.” These pa- persillustratethreedistinctareasofcryptographicengineeringresearch,namely: physical (aka implementation) security, the design of lightweight primitives and the efficient hardware implementation of cryptographic algorithms. We would like to express our deepest gratitude to the various people who helped in the organization of the conference and made it a successful event. In the first place, we thank the authors who submitted their works.The quality of the submissions and the variety of the topics that they coverarereflective of an evolvingandgrowingresearcharea,tryingtobridgethegapbetweentheoretical advances and their practical application in commercial products. The selection of 30 papers out of these strong submissions was a challenging task and we sin- cerely thank the 41 Program Committee members, as well as the 158 external reviewers, who volunteered to read and discuss the papers over several months. They all contributed to the review process with a high level of professionalism, expertise and fairness. We also acknowledge the great contribution of our in- vited speakers. We highly appreciated the assistance of C¸etin Kaya Koc¸ and VI Preface Jean-JacquesQuisquater, the General Co-chairs of CHES 2010,and the help of the localstaffatthe UniversityofCaliforniaSantaBarbara.Abig thank-youto TalRabin,theProgramChairofCRYPTO2010,forthegoodcollaborationand discussions which allowed a nice interaction between CRYPTO and CHES. We owe our gratitude to Shai Halevi, for maintaining the review website, to Jens- Peter Kaps,for maintaining the CHES website, and to the staff at Springer,for making the finalization of these proceedings an easy task. We also express our gratitude to our generous sponsors, namely: Cryptography Research, Riscure, Technicolor, Oberthur Technologies, the Research Center for Information Se- curity and Telecom ParisTech. And finally, we would like to thank the CHES Steering Committee for allowing us to serve at such a prestigious workshop. August 2010 Stefan Mangard Franc¸ois-XavierStandaert CHES 2010 Workshop on Cryptographic Hardware and Embedded Systems Santa Barbara,California, USA, August 17–20,2010 Sponsored by International Association for Cryptologic Research General Co-chairs C¸etin Kaya Koc¸ University of California Santa Barbara, USA Jean-Jacques Quisquater Universit´e catholique de Louvain, Belgium Program Co-chairs Stefan Mangard Infineon Technologies,Germany Franc¸ois-Xavier Standaert Universit´e catholique de Louvain, Belgium Program Committee Lejla Batina Radboud University Nijmegen, The Netherlands and KU Leuven, Belgium Daniel J. Bernstein University of Illinois at Chicago, USA Guido Bertoni STMicroelectronics, Italy Jean-Luc Beuchat University of Tsukuba, Japan Christophe Clavier Universit´e de Limoges, France and Institut d’Ing´enierie Informatique de Limoges, France Jean-S´ebastienCoron University of Luxembourg, Luxembourg Josep Domingo-Ferrer Universiat Rovira i Virgili, Catalonia Hermann Drexler Giesecke & Devrient, Germany Viktor Fischer Universit´e de Saint-E´tienne, France Wieland Fischer Infineon Technologies,Germany Pierre-Alain Fouque ENS, France Kris Gaj George Mason University, USA Louis Goubin Universit´e de Versailles, France Aline Gouget Gemalto, France Johann Großscha¨dl University of Luxembourg, Luxembourg Jorge Guajardo Philips Research, The Netherlands Kouichi Itoh Fujitsu Laboratories,Japan Marc Joye Technicolor, France VIII Organization C¸etin Kaya Koc¸ University of California Santa Barbara, USA Franc¸ois Koeune Universit´e catholique de Louvain, Belgium Soonhak Kwon Sungkyunkwan University, South Korea Kerstin Lemke-Rust University of Applied Sciences Bonn-Rhein-Sieg, Germany Marco Macchetti NagravisionSA, Switzerland Mitsuru Matsui Mitsubishi Electric, Japan Michael Neve Intel, USA Elisabeth Oswald University of Bristol, UK Ma´ire O’Neill Queens University Belfast,UK Christof Paar Ruhr-Universita¨t Bochum, Germany Eric Peeters Texas Instruments, Germany Axel Poschmann Nanyang TechnologicalUniversity, Singapore Emmanuel Prouff Oberthur Technologies, France Pankaj Rohatgi Cryptography Research, USA Akashi Satoh Research Center for Information Security, Japan Erkay Savas Sabanci University, Turkey Patrick Schaumont Virginia Tech, USA Werner Schindler Bundesamt fu¨r Sicherheit in der Informationstechnik (BSI), Germany Sergei Skorobogatov University of Cambridge, UK Tsuyoshi Takagi Kyushu University, Japan Stefan Tillich Graz University of Technology, Austria Mathias Wagner NXP Semiconductors, Germany Colin Walter Royal Holloway, UK External Reviewers Manfred Aigner David A. Brown Junfeng Fan Abdulkadir Akin C´ecile Canovas-Dumas Benoˆıt Feix Toru Akishita Jiun-Ming Chen Martin Feldhofer Jean-Philippe Aumasson Zhimin Chen Georges Gagnerot Aydin Aysu Chen-Mou Cheng Berndt Gammel Jean-Claude Bajard Jung Hee Cheon Max Gebhardt Sel¸cuk Baktir Sylvain Collange Laurie Genelle Brian Baldwin Guillaume Dabosville Benedikt Gierlichs Alessandro Barenghi Joan Daemen Christophe Giraud Timo Bartkewitz Jean-Luc Danger Tim Gu¨neysu Adolf Baumann Blandine Debraize Guy Gogniat Florent Bernard J´er´emie Detrey Gilbert Goodwill Alexandre Berzati Sandra Dominikus Sylvain Guilley Peter Birkner Emmanuelle Dottax Jian Guo Markus Bockes Benedikt Driessen Xu Guo Andrey Bogdanov Miloˇs Drutarovsky´ Dong-Guk Han Lilian Bossuet Nicolas Estibals Takuya Hayashi Organization IX Stefan Heyse Marine Minier Yannick Seurin Naofumi Homma Amir Moradi Martin Seysen Yohei Hori Ernst Mu¨lner Saloomeh Shariati Michael Hutter Elke De Mulder Hideo Shimizu Arni Ingimundarson Takao Ochiai Takeshi Shimoyama Josh Jaffe Rune Odegard Masaaki Shirase PascalJunod Siddika Berna O¨rs Abdulhadi Shoufan Marcelo Kaihara David Oswald Chang Shu Dina Kamel Pascal Paillier Herv´e Sibert Markus Kasper Young-Ho Park Yannick Sierra Michael Kasper Herv´e Pelletier Michal Sramka Timo Kasper Ludovic Perret Oliver Stein Toshihiro Katashita Carlo Peschke Marc Sto¨ttinger Tino Kaufmann Christophe Petit Takeshi Sugawara Yuto Kawahara Thomas Peyrin Daisuke Suzuki Chang Hoon Kim Gilles Piret Alexander Szekely Inyoung Kim Thomas Plos Robert Szerwinski Mario Kirschbaum Thomas Popp Masahiko Takenaka Ilya Kizhvatov Ju¨rgen Pulkus Yannick Teglia Miroslav Knezevic Bo Qin Arnaud Tisserand Kazuyuki Kobayashi Michael Quisquater Lionel Torres Noboru Kunihiro Denis R´eal Leif Uhsadel Taekyoung Kwon Francesco Regazzoni Gilles Van Assche Yun-Ki Kwon Christof Rempel J´erˆome Vasseur C´edric Lauradoux Mathieu Renauld Vincent Verneuil Mun-Kyu Lee Matthieu Rivain David Vigilant Manfred Lochter Thomas Roche Yi Wang Patrick Longa Francisco Rodr´ıguez-H. Lei Wei Liang Lu Myl`ene Roussellet Ralf-Philipp Weinmann Yingxi Lu Vladimir Roˇzi´c Jiang Wu Raimondo Luzzi Heuisu Ryu Qianhong Wu Abhranil Maiti Minoru Saeki Jun Yajima Marcel Medwed Kazuo Sakiyama Dai Yamamoto Nicolas Meloni Gokay Saldamli Lei Zhang Filippo Melzani Jo¨rn-Marc Schmidt Ralf Zimmermann Giacomo de Meulenaer Peter Schwabe Table of Contents Low Cost Cryptography QUARK: A Lightweight Hash ..................................... 1 Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Mar´ıa Naya-Plasencia PRINTcipher: A Block Cipher for IC-Printing ...................... 16 Lars Knudsen, Gregor Leander, Axel Poschmann, and Matthew J.B. Robshaw Sponge-Based Pseudo-Random Number Generators .................. 33 Guido Bertoni, Joan Daemen, Micha¨el Peeters, and Gilles Van Assche Efficient Implementations I A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over F ......................................................... 48 p Nicolas Guillermin Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves........ 65 Raveen R. Goundar, Marc Joye, and Atsuko Miyaji Efficient Techniques for High-Speed Elliptic Curve Cryptography....... 80 Patrick Longa and Catherine Gebotys Side-Channel Attacks and Countermeasures I Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 ..................................................... 95 Jean-S´ebastien Coron and Ilya Kizhvatov New Results on Instruction Cache Attacks .......................... 110 Onur Acıic¸mez, Billy Bob Brumley, and Philipp Grabher Correlation-EnhancedPower Analysis Collision Attack................ 125 Amir Moradi, Oliver Mischke, and Thomas Eisenbarth Side-Channel Analysis of Six SHA-3 Candidates ..................... 140 Olivier Benoˆıt and Thomas Peyrin