English
Related papers

Related papers: Util::Lookup: Exploiting key decoding in cryptogra…

200 papers

Cryptographic libraries are a main target of timing side-channel attacks. A practical means to protect against these attacks is to adhere to the constant-time (CT) policy. However, it is hard to write constant-time code, and even…

Programming Languages · Computer Science 2025-10-15 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Youcef Bouzid , Sören van der Wall , Zhiyuan Zhang

Recent years have seen an increased interest towards strong security primitives for encrypted databases (such as oblivious protocols), that hide the access patterns of query execution, and reveal only the volume of results. However, recent…

Cryptography and Security · Computer Science 2020-08-18 Rishabh Poddar , Stephanie Wang , Jianan Lu , Raluca Ada Popa

Implementation flaws in cryptographic libraries, design flaws in underlying cryptographic primitives, and weaknesses in protocols using both, can all lead to exploitable vulnerabilities in software. Manually fixing such issues is…

Cryptography and Security · Computer Science 2020-04-23 Karim Eldefrawy , Michael Locasto , Norrathep Rattanavipanon , Hassen Saidi

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of…

Cryptography and Security · Computer Science 2018-11-20 Ahmad Moghimi , Thomas Eisenbarth , Berk Sunar

Evaluating the effectiveness of software protection is crucial for selecting the most effective methods to safeguard assets within software applications. Obfuscation involves techniques that deliberately modify software to make it more…

Cryptography and Security · Computer Science 2025-11-27 Leonardo Regano , Daniele Canavese , Cataldo Basile , Marco Torchiano

The timing characteristics of cache, a high-speed storage between the fast CPU and the slowmemory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting…

Cryptography and Security · Computer Science 2018-07-10 Shengjian Guo , Meng Wu , Chao Wang

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li

Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously exploited, reported, and patched in high-profile cryptography libraries. Nevertheless, researchers continue to find and exploit the same…

Over the last two decades, the danger of sharing resources between programs has been repeatedly highlighted. Multiple side-channel attacks, which seek to exploit shared components for leaking information, have been devised, mostly targeting…

Cryptography and Security · Computer Science 2022-01-28 Daniel Genkin , William Kosasih , Fangfei Liu , Anna Trikalinou , Thomas Unterluggauer , Yuval Yarom

Transient execution attacks have been one of the widely explored microarchitectural side channels since the discovery of Spectre and Meltdown. However, much of the research has been driven by manual discovery of new transient paths through…

Cryptography and Security · Computer Science 2024-06-17 Anirban Chakraborty , Nimish Mishra , Debdeep Mukhopadhyay

Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a victim program via side-channel observations. Linearization (i.e., elimination) of secret-dependent control flow is the main countermeasure against…

Cryptography and Security · Computer Science 2025-02-12 Hans Winderix , Marton Bognar , Lesly-Ann Daniel , Frank Piessens

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such…

Cryptography and Security · Computer Science 2023-10-13 Antoine Geimer , Mathéo Vergnolle , Frédéric Recoules , Lesly-Ann Daniel , Sébastien Bardin , Clémentine Maurice

Existing tools to detect side-channel attacks on Intel SGX are grounded on the observation that attacks affect the performance of the victim application. As such, all detection tools monitor the potential victim and raise an alarm if the…

Cryptography and Security · Computer Science 2022-07-01 Jianyu Jiang , Claudio Soriente , Ghassan Karame

Enforcing integrity and confidentiality of users' application code and data is a challenging mission that any software developer working on an online production grade service is facing. Since cryptology is not a widely understood subject,…

Cryptography and Security · Computer Science 2018-04-04 Mohammad Hasanzadeh Mofrad , Adam Lee

Security critical software, e.g., OpenSSL, comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying…

Cryptography and Security · Computer Science 2023-08-28 M. Caner Tol , Berk Sunar

Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offers smaller cryptographic primitives such as shorter key sizes,…

Cryptography and Security · Computer Science 2021-12-24 Nilupulee A. Gunathilake , Ahmed Al-Dubai , William J. Buchanan , Owen Lo

Large language models (LLMs) have demonstrated immense utility across various industries. However, as LLMs advance, the risk of harmful outputs increases due to incorrect or malicious instruction prompts. While current methods effectively…

Computation and Language · Computer Science 2025-06-19 Xinyi Zeng , Yuying Shang , Jiawei Chen , Jingyuan Zhang , Yu Tian

Since 2016, multiple microarchitectural attacks have exploited an effect that is attributed to prefetching. These works observe that certain user-space operations can fetch kernel addresses into the cache. Fetching user-inaccessible data…

Cryptography and Security · Computer Science 2020-08-07 Martin Schwarzl , Thomas Schuster , Michael Schwarz , Daniel Gruss

Much software, whether beneficent or malevolent, is distributed only as binaries, sans source code. Absent source code, understanding binaries' behavior can be quite challenging, especially when compiled under higher levels of compiler…

Software Engineering · Computer Science 2021-09-20 Toufique Ahmed , Premkumar Devanbu , Anand Ashok Sawant

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may…

Cryptography and Security · Computer Science 2019-08-13 Peter McLaren , William J Buchanan , Gordon Russell , Zhiyuan Tan