SoK: Computer-aided cryptography
Computer-aided cryptography is an active area of research that develops and applies
formal, machine-checkable approaches to the design, analysis, and implementation of …
formal, machine-checkable approaches to the design, analysis, and implementation of …
Constant-time foundations for the new spectre era
S Cauligi, C Disselkoen, K Gleissenthall… - Proceedings of the 41st …, 2020 - dl.acm.org
The constant-time discipline is a software-based countermeasure used for protecting high
assurance cryptographic implementations against timing side-channel attacks. Constant …
assurance cryptographic implementations against timing side-channel attacks. Constant …
Hardware-software contracts for secure speculation
Since the discovery of Spectre, a large number of hardware mechanisms for secure
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
“They're not that hard to mitigate”: What cryptographic library developers think about timing attacks
Timing attacks are among the most devastating side-channel attacks, allowing remote
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
Formal verification of a constant-time preserving C compiler
Timing side-channels are arguably one of the main sources of vulnerabilities in
cryptographic implementations. One effective mitigation against timing side-channels is to …
cryptographic implementations. One effective mitigation against timing side-channels is to …
Constantine: Automatic side-channel resistance using efficient control and data flow linearization
In the era of microarchitectural side channels, vendors scramble to deploy mitigations for
transient execution attacks, but leave traditional side-channel attacks against sensitive …
transient execution attacks, but leave traditional side-channel attacks against sensitive …
Automatically eliminating speculative leaks from cryptographic code with blade
We introduce Blade, a new approach to automatically and efficiently eliminate speculative
leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative …
leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative …
Visor:{Privacy-Preserving} video analytics as a cloud service
Video-analytics-as-a-service is becoming an important offering for cloud providers. A key
concern in such services is privacy of the videos being analyzed. While trusted execution …
concern in such services is privacy of the videos being analyzed. While trusted execution …
A systematic evaluation of automated tools for side-channel vulnerabilities detection in cryptographic libraries
A Geimer, M Vergnolle, F Recoules, LA Daniel… - Proceedings of the …, 2023 - dl.acm.org
To protect cryptographic implementations from side-channel vulnerabilities, developers must
adopt constant-time programming practices. As these can be error-prone, many side …
adopt constant-time programming practices. As these can be error-prone, many side …
SoK: Practical foundations for software Spectre defenses
S Cauligi, C Disselkoen, D Moghimi… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions,
allowing attackers to steal sensitive data despite previously state-of-the-art …
allowing attackers to steal sensitive data despite previously state-of-the-art …