USUBA's Blog

Future directions for Usuba

Published on the 2020-08-16 by Darius Mercadier

We propose in this post some additional ideas to improve Usuba, such as extending vslicing and hslicing to allow parallelism even on general purpose registers, combining vslicing and hslicing to achieve an "hybrid" mslicing (useful to implement ciphers like Chacha20 and Gimli), incorporating modes of operations in Usuba rather than focussing solely on primitives, targeting other SIMD architectures (e.g. Neon and AltiVec), achieving end-to-end correctness of Usubac's pipeline, and, finally, targetting GPUs. Read More...

Evaluation of Usuba-generated ciphers on Intel CPUs

Published on the 2020-08-09 by Darius Mercadier

One could expect the offered by SIMD extensions to be linear in the size of registers, but the reality is more complex. Spilling wider registers puts more pressure on the L1 data-cache, leading to more frequent misses. AVX and AVX512 registers need tens of thousands warm-up cycles before being used, since they are not powered when no instruction uses them. SSE instructions take two operands and overwrite one to store the result, while AVX offer 3-operand non destructive instructions, thus reducing register spilling. Read More...

SKIVA, Flexible and Modular Side-channel and Fault Countermeasures

Published on the 2020-07-13 by Darius Mercadier

Fault attacks consist in tampering with a device in order to induce faults in its computations. The most common ways to do so consist in under-powering or over-powering, blasting ionizing light (e.g. lasers), inducing clock glitches, or using electromagnetic (EM) impulsions, even though some more exotic attacks can be designed, like heating up or cooling down, or using X-rays or ion beams. Read More...

Tornado, Automatic Generation of Probing-Secure Masked Sliced Implementations

Published on the 2020-07-02 by Darius Mercadier

CPU leak information through timings, caches accesses, power consumption, electromagnetic radiations or other compromising emanations. One very powerful way to recover this leaked information is to design a Simple Power Analysis (SPA) or a more powerful Differential Power Analysis (DPA) attack, which work by analyzing power or EM traces from a cipher's execution to recover the key and plaintext. Several approaches to mitigate SPA and DPA have been proposed Read More...

Usubac - backend

Published on the 2020-06-06 by Darius Mercadier

Usubac's backend is responsible of optimizing the Usuba0 code and utlimately generating C code. Masking is also done in the backend, but will be presented in a later post. Read More...

Page 1 of 3