ASEC 2018
Australian Summer School on Embedded Cryptography
Adelaide, Australia, 9–11 December, 2018


Information for the excursion.
Registration site open.
Initial speakers list.


Sunday 9 December

Touring the Adelaide Hills.

Monday 10 December

9:00 Talk:  Debdeep Mukhopadhyay — Micro-architectural Attacks: Where Architecture meets Cryptography
10:20 Coffee Break
10:40  Talk: Peter Schwabe — Optimizing cryptography on embedded microcontrollers
12:00 Lunch
1:00 Talk: Lejla Batina — Side-channel attacks in the wild: recent advances and countermeasures
2:20Coffe Break
2:40 Talk: Nadia Heninger — How to recover cryptographic keys from partial information
4:00 Talk: Craig Costello — Classical cryptanalysis of supersingular isogenies

Tuesday 11 December

9:00 Talk: Nele Mentens — Configurable computing for cryptographic implementations
10:20 Coffee Break
10:40 Talk: Stjepan Picek — Machine Learning for Side-channel Analysis
12:00 Lunch
1:00 Talk: Tanja Lange — Code-Based Crypto
2:20Coffee Break
2:40 Talk: Francesco Regazzoni — Towards the Automatic Applications of Physical Attacks Countermeasures

Important Dates



Lejla Batina: Side-channel attacks in the wild: recent advances and countermeasures

Abstract: Physical attacks are a continuous and present threat for embedded devices. In this talk I will survey relevant issues with side-channel and fault attacks on embedded crypto implementation and adequate countermeasures. I will also present some recent attacks on real-world implementations and in particular some attacks on ECC.

Bio: Lejla Batina is a full professor at the Institute of Computer and Information Sciences at the Radboud University in Nijmegen, the Netherlands. Her research focuses on applied cryptography and hardware security. She received her Ph.D. from Katholieke Universiteit Leuven, Belgium in 2005 where she worked as a postdoc until 2009. Before that she has studied at the Eindhoven University of Technology and worked in industry as a cryptographer.She has published more than 100 refereed papers, served at 70+ program committees and gave more than 40 invited talks at conferences and summer schools. She has chaired CHES 2012 (as general co-chair) she was a program co-chair of CHES 2014. For more information see:

Craig Costello: Classical cryptanalysis of supersingular isogenies

Abstract: SIDH is a popular post-quantum key exchange protocol whose security relies on the problem of finding the unique shortest path between two nodes in the supersingular isogeny graph. This talk will give a detailed overview of the best known classical algorithm(s) for solving this problem, and will pay particular attention to the subtleties that arise when trying to implement it at a large scale. The good news is the algorithm is a generic collision finding algorithm, meaning that no background on elliptic curves is needed to understand the talk. This is joint work with Patrick Longa, Michael Naehrig, Joost Renes, and Fernando Virdia.

Bio: Craig Costello is a researcher in the Security and Cryptography Group at Microsoft Research in Redmond, USA. He is primarily interested in cryptographic applications of computational number theory; most recently he has focused on post-quantum key exchange using isogenies.

Nadia Heninger: How to recover cryptographic keys from partial information

Tanja Lange: Code-Based Crypto

Abstract: This tutorial will start with the basics of coding theory and code-based cryptography and build up to explaining some of the submissions to NIST's post-quantum project. This will include detailed explanations of Goppa codes, generic attacks against code-based cryptography and some more specialized attacks against concrete systems.

Preknowledge: basic linear algebra and computations modulo 2

Nele Mentens: Configurable computing for cryptographic implementations

Abstract: The security strength and the implementation security of cryptographic algorithms are continuously analyzed and improved. Therefore, cryptographic agility is desirable, i.e. the ability of cryptographic algorithms and implementations to cope with changing attack scenarios and security requirements. In this talk, cryptographic agility is addressed from the implementation perspective, namely through configurable computing. The talk will cover both commercial off-the-shelf and application-specific configurable computing platforms. The differences in design approach and efficiency will be discussed.

Bio: Nele Mentens received her master and Ph.D. degree from KU Leuven in 2003 and 2007, respectively. Her Ph.D. focused on secure and efficient coprocessor design for cryptographic applications on FPGAs. Currently, Nele is an associate professor at KU Leuven in the COSIC group at the Electrical Engineering Department (ESAT). Her research interests are in the domains of reconfigurable platforms for security purposes, design automation for cryptographic hardware and security in constrained environments. Nele was a visiting researcher for 3 months at the Ruhr University Bochum in 2013 and at EPFL in 2017. She was/is the PI in around 15 finished and ongoing research projects with national and international funding. She served as a reviewer for many international conferences and journals and was/is part of the program committee of around 50 international conferences. Nele is (co-)author in approximately 100 publications in international journals, conferences and books.

Debdeep Mukhopadhyay: Micro-architectural Attacks: Where Architecture meets Cryptography

Abstract: Cryptography plays a vital role in securing e-business and e-commerce transactions. However, in spite of their mathematical robustness when these algorithms are implemented they may leak sensitive information via unintended side channels. The focus of this workshop is to delve into these side channels which exist when these ciphers are executed on computers which are built utilizing modern day computer architectures. It has been actively researched that with the advancement of such architectures, which has primarily been driven by performance, efficient attacks are possible leading to devastating attacks. The workshop focusses on cache attacks and its influence on timing side channels. Cache memories are a fast form of memory implemented widely in modern day processors to bridge the memory wall between the CPU and the main memory. We address the timing channels leakages possible on cryptographic implementations due to the presence of cache memories. We also address the effect of the presence in several contemporary architectural artefacts, which includes out of order execution, hardware prefetchers, etc. Finally, we conclude the talk with a discussion on an ideal quest for cipher implementations and show that if studied well the influence of micro-architecture on leakage can be capitalized to develop robust implementations.

Bio:Bio: Debdeep Mukhopadhyay} is currently a full Professor at the Department of Computer Science and Engineering, IIT-Kharagpur, India. At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory (SEAL), with a focus on Embedded Security and Side Channel Attacks ( . Prior to this he worked as Associate Professor at IIT Kharagpur, visiting scientist at NTU Singapore, a visiting Associate Professor of NYU-Shanghai, Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU Tandon-School-of-Engineering, USA. He holds a PhD, an MS, and a B. Tech from IIT Kharagpur, India. Dr. Mukhopadhyay's research interests are Cryptography, Hardware Security, and VLSI. His books include Fault Tolerant Architectures for Cryptography and Hardware Security (Springer), Cryptography and Network Security (Mc Graw Hills), Hardware Security: Design, Threats, and Safeguards (CRC Press), and Timing Channels in Cryptography (Springer). He has written more than 150 papers in peer-reviewed conferences and journals and has collaborated with several Indian and Foreign Organizations. He has been in the program committee of several top International conferences and is an Associate Editor of the International Association of Cryptologic Research (IACR) Transactions of CHES, Journal of Hardware and Systems Security, Journal of Cryptographic Engineering, Springer. He has given several invited talks in industry and academia, including tutorial talks at premier conferences like CHES, WIFS, VLSID. Dr. Mukhopadhyay is the recipient of the prestigious Swarnajayanti DST Fellowship 2015-16, Young Scientist award from the Indian National Science Academy, the Young Engineer award from the Indian National Academy of Engineers, and is a Young Associate of the Indian Academy of Science. He was also awarded the Outstanding Young Faculty fellowship in 2011 from IIT Kharagpur, and the Techno-Inventor Best PhD award by the Indian Semiconductor Association. He has recently incubated a start-up on Hardware Security, ESP Pvt Ltd at IIT Kharagpur (

Stjepan Picek: Machine Learning for Side-channel Analysis

Abstract: Recent years showed that machine learning techniques can be a powerful paradigm for side-channel attacks (SCA), especially profiling SCA. Still, despite all the success, we are limited in our understanding when and how to select appropriate machine learning techniques. Additionally, the results we can obtain are empirical and valid for specific cases where generalization is often difficult. We start this talk with a short introduction to side-channel analysis and profiling attacks. Next, we discuss several well-known ML techniques, the results obtained, and their limitations. We cover not only the classification part of the attack but also topics like feature selection, pre-processing of data, and hyper-parameter tuning. Finally, the last part of the talk concentrates on deep learning techniques and potential benefits such techniques can bring to SCA.

Bio: Stjepan Picek is an assistant professor at the Cyber Security group of the Faculty of Electrical Engineering, Mathematics and Computer Science, TU Delft, The Netherlands. In July 2015, he completed his PhD at Radboud University Nijmegen, The Netherlands, and Faculty of Electrical Engineering and Computing, Zagreb, Croatia. Following that, he first worked as a postdoctoral researcher at KU Leuven, Belgium and after that, at CSAIL/MIT, USA. Stjepan also worked for a number of years in the industry. His research interests are at the intersection of cryptography, cybersecurity, evolutionary computation, and machine learning. He currently serves as a president of IEEE CIS Croatia chapter and program committee member and reviewer for a number of conferences and journals.

Francesco Regazzoni: Towards the Automatic Applications of Physical Attacks Countermeasures

Abstract: Physical attacks exploit the physical weaknesses of cryptographic devices to reveal the secret information stored on them. Countermeasures against these attacks are often considered only in the later stages of the full design flow, and applied manually by designers with strong security expertise. This approach, however, negatively affects the robustness, the cost, and the production time of secure devices. A more effective way to implement secure cryptographic algorithms would enable the automatic application of side channel countermeasures and would support the verification of their correct application. This talk will revise and summarize the research efforts in this important research direction, from the first works implementing hardware design flow for security to the initial steps of automatically driving design tools using security variables, and it will highlight future research direction in design automation for security.

Bio: Dr. Francesco Regazzoni is a senior researcher at the ALaRI Institute of University of Lugano. He received his Master of Science degree from Politecnico di Milano and his PhD degree from University of Lugano. He has been assistant researcher at the Université Catholique de Louvain and at Technical University of Delft, and visiting researcher at several institutions, including NEC Labs America, Ruhr University of Bochum, and EPFL Lausanne. His research interests are mainly focused on secure IoT devices and embedded systems, covering in particular design automation for security, physical attacks and countermeasures, post-quantum cryptography, and efficient implementation of cryptographic primitives.

Peter Schwabe: Optimizing cryptography on embedded microcontrollers

Abstract: In my talk I will give a brief general introduction to software development on embedded microcontrollers and then explain specific issues and techniques relating to implemeting cryptgraphic algorithms in a secure and efficient way.

Bio: Peter Schwabe is associate professor at Radboud University Nijmegen, The Netherlands. He is working on secure and efficient cryptographic software, targeting a broad range of architectures ranging from small 8-bit microcontrollers to high-end desktop and server CPUs and GPUs. His most recent work is mainly focused on post-quantum cryptography. He is co-submitter of 7 proposals to the NIST post-quantum submission, which include lattice-based, code-based, multivariate-based and hash-based constructions.