Yuval Yarom

"Automating cryptographic code generation"

( MPI-SWS talk in Kooperation mit dem Fachbereich Informatik)

Cryptography provides the data protection mechanisms that underlie security and privacy in the modern connected world. Given this pivotal role, implementations of cryptographic code must not only be correct, but also meet stringent performance and security requirements. Achieving these aims is often difficult and requires significant investment in software development and manual tuning.

This talk presents two approaches for automating the task of generating correct, secure, and efficient cryptographic code. The first, Rosita, uses a power consumption emulator to detect unintended leaky interactions between values in the microarchitecture. It then rewrites the code to eliminate these interactions and produce code that is resistant to power analysis. The second, CryptOpt, uses evolutionary computation to search for the most efficient constant-time implementation of a cryptographic function. It then formally verifies that the produced implementation is semantically equivalent to the original code.

Rosita is a joint work with Lejla Batina, Łukasz Chmielewski, Francesco Regazzoni, Niels Samwel, Madura A. Shelton, and Markus Wagner.

CryptOpt is a joint work with Adam Chlipala, Chitchanok Chuengsatiansup, Owen Conoly, Andres Erbsen, Daniel Genkin, Jason Gross, Joel Kuepper, Chuyue Sun, Samuel Tian, Markus Wagner, and David Wu.

Bio: Yuval Yarom is a Professor of Computer Science at Ruhr University Bochum (RUB). Before joining RUB, he was an Associate Professor at the School of Computer and Mathematical Sciences at the University of Adelaide. He earned a Ph.D. in Computer Science from the University of Adelaide in 2014. Earlier, he was the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of Girafa.com. Yuval is well-known as a co-discoverer of the Spectre family of microarchitectural side-channel attacks, and has won numerous awards for his research.

Termin als Datei downloaden und in den Kalender importieren.