DESCRIPTION AND AIM
Physical attacks are cryptanalytic attacks against physical implementations of cryptosystems that exploit some kind of information leakage from the cryptodevice during its execution (called sidechannel attacks) or intentionally introduced errors to the computation (called tampering attacks). Traditional cryptographic security notions (which are mostly from the early eighties) do not provide any security guarantee against such attacks. This became evident when in the mid-nineties an attack was published that showed that the RSA cryptosystem can be completely broken by simply measuring the execution time of a cryptodevice. Since then, many more physical attacks have been proposed. Lightweight cryptographic devices like smart-cards or RFID-tags are particularly susceptible to physical attacks, and the fact that such systems get often broken largely hinders the proliferation of this techniques. As a result, much research has concentrated on finding countermeasures against physical attacks.
Only more recently, formal models where proposed which adapt the design principles of modern cryptography to the setting of physical attacks. That is, one requires that a cryptosystem is proven secure against all adversaries in a broad and well-defined attack scenario (as opposed to specific attacks). Several new cryptographic algorithms have been proposed which are provably secure against general classes of side-channel attacks. To this end, new design principles were introduced and popular techniques (like re-keying, one-time signature or secret sharing) that were traditionally used to improve side-channel resilience were given a better theoretical justification. Some cryptographic concepts developed for completely different purposes (like hash-proof systems and sigma-protocols) found surprising new applications in the realm of provable side-channel security. The recent rise of formal models and security proofs for physical attacks poses some important questions. First, it is not yet well understood to which extent the formal models sufficiently depict the physical reality. Second, provably secure cryptosystems are often less efficient than systems which make idealized assumptions or only heuristic security arguments. In order to construct cryptosystems which are attractive for implementation, the right balance between the strength of the model and the efficiency that can be achieved (in this model) has to be found.
The aim of this workshop is to bring together people from theory and applied research working on physical attacks as to advance the field and produce relevant, state-of-the-art methods and tools related to physical attacks. This workshop will be considered a success if it can considerably contribute to the development and dissemination to practice of cryptographic primitives and tools that come with provable security against physical attacks.