The 2020 Cryptographic Chip Academic Conference (CryptoIC2020) was held online on October 27, 2020. The conference was hosted by the Cryptographic Chip Professional Committee of the Chinese Cryptographic Society and undertaken by Harbin University of Science and Technology and Harbin Institute of Technology. The conference aims to focus on the latest scientific research and technological development results in the design, security analysis and implementation of crypto chip software and hardware, and its engineering applications. Establish an exchange platform for experts, scholars, industry elites, engineering and technical personnel and graduate students from academia, industry and government agencies to discuss the main theoretical and practical issues and academic hotspots of crypto chip technology in various industries , Engineering realization and development trend, provide convenient communication opportunities for the collaborative innovation of production, learning, research and use of security chips. The conference invited internationally renowned scholars to give special lectures, and invited well-known experts from academia, industry and evaluation institutions to give special reports.
Post-Quantum Cryptography -- Having it implemented rightAuteur : Sylvain GUILLEY 巴黎高等电信学院 教授
Post-Quantum Cryptography (PQC) refers to novel requirements in asymmetric cryptography, namely key exchange, asymmetric encryption and digital signature. Namely, the computation shall resist not only attacks from classic computers, but also from quantum computers. Still, PQC are mathematical algorithms which are implemented conventionally (as software, hardware, etc.). Therefore, regular implementation-level attacks apply. In this paper, we list the challenges associated with the implementation of PQC, in particular vulnerabilities related to side-channel analyses. Some features in PQC, such as modular arithmetic in finite fields, inversions, non-uniform random numbers sampling, decoding algorithms, are intrinsically hard to evaluate in constant-time. First, we detail the detection and the prevention of leakage arising from conditional control-flow and from conditional access to data structures. Second, we apply the same methodology to data leakage, in the situation where the manipulated data is randomly spit in several shares (protection known as masking). Conventional detection of vertical leakage is not appropriate in the presence of countermeasures, such as masking. This paper shows that proper implementation of PQC requires knowledge of security evaluation and of secure coding. Owing to the large variety of PQC algorithms (key generation, encapsulation/decapsulation, signature verification/generation), classes (lattice-based, code-based, multivariate, etc.) and their configurations (key size, conforming to IND-CCA or IND-CPA security, etc.), generic methods shall be available. Those are overviewed in this paper, which is intended to provide to the readers with a comprehensive coverage about secure code evaluation and design.