"The NIST PQC Standards: light at the end of the tunnel"

Abstract: Seven years ago, the NIST Post-Quantum Cryptography standardization process launched, with the goal of selecting quantum-resistant algorithms for standardization. Last summer, NIST selected four algorithms: CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS+ for standardization. In addition, four other algorithms continued on into a fourth round of evaluation for further study. NIST also announced a new call for additional PQC signatures to complement the ones selected already. In this talk, I'll recap where we are with the NIST PQC process, particularly with the algorithms being standardized. In particular, we will examine the security, performance, robustness against side-channel attacks, and the coming migration to these algorithms.

Bio: Dustin Moody is a mathematician at the Computer Security Division, National Institute of Standards and Technology (NIST), and he leads the post-quantum cryptography project at NIST, Gaithersburg, MD 20877 USA. His research interests include elliptic curves and their applications in cryptography. Moody received a Ph.D. from the University of Washington.

"Pensieve: Microarchitectural Modeling for Formal Security Evaluation"

Abstract: Traditional microarchitectural modeling aims to obtain an accurate estimation of performance, area, and energy of a processor design. With the advent of speculative execution attacks and their security concerns, these traditional ways of modeling microarchitectures fall short when used for security evaluation of defenses against these attacks. In this talk, I will present Pensieve, a security evaluation framework targeting early-stage microarchitectural defenses against speculative execution attacks. At the core, it introduces a modeling discipline for systematically studying early-stage defenses. This discipline allows us to cover a space of designs that are functionally equivalent while precisely capturing timing variations due to resource contention and microarchitectural optimizations. We implement a model checking framework to automatically find vulnerabilities in designs. We use Pensieve to evaluate a series of state-of-the-art invisible speculation defense schemes and find Spectre-like attacks, including a new speculative interference attack variant bypassing the GhostMinion defense.

Bio: Yuheng Yang is a Ph.D. student at MIT advised by Prof. Mengjia Yan. He works on using formal methods to design secure hardware, with a focus on mitigating timing side channels and speculative execution attacks. He has been studying various microarchitecture modeling approaches and developing a security-oriented microarchitecture model to assist early-stage security evaluation with model checking. Before starting his Ph.D., he received a B.S. degree from the University of Chinese Academy of Sciences with RISC-V core tape-out experience.

"Post-Quantum Cybersecurity in the Real World"

Abstract: In recent years, the possible emergence of a cryptographically relevant quantum computer (CRQC), a device that exploits quantum-mechanical phenomena to break cryptographic systems, has become more of a reality. If fully realized, a CRQC would be capable of undermining the security of digital communications on the Internet and elsewhere. On July 5, 2022, after a 7 year-long international process, the National Institute of Standards and Technology announced its first standardization selections for quantum-resistant key exchange mechanisms and digital signatures. This event has triggered the beginning of the PQC Migration -- the worldwide exodus from traditional, pre-quantum cybersecurity toward a new quantum-resistant future. This migratory process will take many years -- perhaps seven years for early-adopters, and up to a decade or more for the trillion devices deployed in the real world that require rigorous cyber defense. In this talk, I will survey some of the practical issues that have already arisen at the outset of the Migration (nearly a year before the final NIST PQC standards documents are published!). Some challenges involve incorporating the new post-quantum library suites into modern protocols, perhaps involving the redesign of fundamental telecommunication protocols like TLS, DNSSEC, IKE, etc. Others involve the side-channel-resistance issues that arise from the new PQC algorithms; for example, how to shield devices running these algorithms from power analysis, or ensure proper countermeasures are in place against active physical effects.

Bio: Daniel Apon is Cryptography Lead at MITRE Labs, based in McLean, Virginia, and is Adjunct Professor at the University of Maryland, College Park. He is currently involved in MITRE's effort to stand up a long-term and full-scope industry coalition to accelerate the real-world adoption of Post Quantum Cryptography. Recently, he played a central role in standing up the 1st annual Real World Post Quantum Cryptography workshop in Tokyo (March 2023), which aims to bring together industry, academia, and standardization bodies to help address the core challenges involved in migrating modern computing systems and architectures to total quantum-resistance. Prior to that, he was a member of the National Institute of Standards and Technology's Cryptographic Technologies Group working on the Post Quantum Cryptography standardization project, where he specialized in novel cryptanalyses of Lattice-based Cryptography, Hash-based Cryptography, Code-based Cryptography, and Multivariate-based Cryptography plus a focus on hardware side-channel analysis. Daniel holds a Ph.D. in Computer Science with a focus on Cryptography from the University of Maryland, College Park. After that, he held a Postdoctoral Scholar position at the University of California, Berkeley.

"Toward Protecting Hardware Implementations of Lattice-Based Cryptosystems Against Side-Channel Attacks"

Abstract: The Post-Quantum Cryptography (PQC) standardization process, launched by the National Institute of Standards and Technology (NIST) in 2016 has led to the selection of four algorithms for near-term standardization. Three of these algorithms, CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON, belong to the family of lattice-based cryptosystems. This family was determined to offer adequate security against both classical and quantum computers using medium-size keys comparable to those used in classical public-key schemes based on factorization and the discrete logarithm problem. At the same time, it is believed that implementations of these algorithms are significantly more challenging to protect against side-channel analysis (SCA) than their classical predecessors, such as RSA and Elliptic Curve Cryptography. The side-channel threat is particularly apparent for lightweight implementations intended for constrained environments like the Internet of Things. In this talk, we will describe the first lightweight SCA-protected hardware implementation of one of the leading lattice-based schemes, Saber. This implementation was developed by the George Mason University (GMU) team and evaluated in terms of information leakage using the Test Vector Leakage Assessment method and the in-house developed Flexible Open-source workBench fOr Side-channel analysis (FOBOS). We will then present a survey of countermeasures against simple and differential power analysis proposed for implementing near-term standards, CRYSTALS-Kyber and CRYSTALS-Dilithium, selected by NIST and National Security Agency (NSA) for widespread adoption in the U.S. National Security Systems, and recommended for protecting sensitive information worldwide.

Bio: Kris Gaj is a professor in the ECE Department at George Mason University. He is a co-director of the Cryptographic Engineering Research Group (CERG), involved in most previous and current competitions aimed at selecting and developing new cryptographic standards. In recent years, his team has been actively involved in implementing and benchmarking candidates for new American standards in post-quantum cryptography.

"Developing a Community Driven Cloud-Based Infrastructure for Post-Quantum Cryptography Side-Channel Attack Analysis"

Abstract: The emergence of quantum computing has led to the migration toward post-quantum cryptography (PQC) as classic cryptographic algorithms like AES and RSA have been successfully attacked using side-channel attacks (SCA). NIST is evaluating new cryptographic algorithms in the PQC standardization process to ensure resistance to a quantum computer. These algorithms are cutting-edge, and much research is necessary to help improve their security via side channels. Even though modern algorithms appear theoretically safe, they may be susceptible to SCA. So, these algorithms have been analyzed through multi-platform setups. However, a cloud-based infrastructure is still unavailable to analyze the behavior and response of the PQC. In this work, a prototype of a cloud-based infrastructure for a side-channel attack analysis of PQC algorithms is proposed where any user over the internet will be able to upload the bit streams into the system and utilize test vector leakage assessment (TVLA) to evaluate if possible leakage occurs in side-channel measurements with an oscilloscope. We document our engineering effort towards a multi-platform cloud-based research infrastructure tool to automate and standardize power and EM leakage assessments on PQC implementations. The goal of this work is to be able to test and compare PQC implementations to achieve high-levels of security and trust with little technical overhead compared to existing SCA testing mechanisms.

Bio: Miaoqing Huang is an Associate Professor at the University of Arkansas. His research interests include side-channel attack and analysis for hardware implementation of post-quantum cryptographic algorithms, performance acceleration for machine learning algorithms. He received a PhD degree from the George Washington University. Mayeesha Mahzabin is a PhD student at the University of Arkansas. She is currently developing hardware implementations for PQC algorithms and countermeasures for side-channel attacks. Tristen Teague (IEEE student member) is a Department of Education Graduate Assistant in Areas of National Need (GAANN) Fellow at the University of Arkansas, Fayetteville. He graduated with his B.S. with Honors in Computer Engineering in 2022, completing his honors thesis on power-based side channel analysis on PQC algorithms. He began his graduate studies at the University of Arkansas after an internship with ARM. His current work concerns developing an API to launch and evaluate post-quantum cryptography schemes on embedded microcontrollers and microcomputers to enable broad participation in the effort to secure our built infrastructure.