Conference Papers

Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2

FortifyIQ provides full mathematical analysis of the method and shows that, under certain assumptions and with a sufficient amount of traces, any key can be revealed. In the experimental part of the paper, FortifyIQ demonstrates a successful application of the attack both in software simulation and on an FPGA board using power consumption measurements.

Presented at the CHES 2023 conference

Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2

In this paper, FortifyIQ introduces Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes involving arithmetical addition. This methodology is applied to what is believed to be the first published full-fledged attack on HMAC-SHA-2 which does not require a profiling stage.

Presented at COSADE 2021 conference

FortifyIQ presents a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware.

First Full-Fledged Side Channel Attack on HMAC-SHA-2

Side-channel attacks pose a threat to cryptographic algorithms. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker. Despite a few publications that discuss applications of power analysis techniques to attack HMAC-SHA-2, this is the first generic method that shows a full attack on its hardware implementation.

Presented at the CHES 2022 conference

FortifyIQ presents RAMBAM - a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements.

Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)

A fundamental property of RAMBAM is a security parameter that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to first-order and to higher-order side-channel attacks, and protection against SIFA-1. From this concept, FortifyIQ derives a family of protected hardware implementations of AES.