This talk presents ongoing work in the PROACT project focused on circuit design and design automation. Our approach involves developing benchmark circuits for training simulators and creating a design flow that integrates physical security protections early in the process. The emphasis is on optimizing for low energy consumption and minimal area overhead. Key achievements include complete circuit design, FPGA prototyping, a user-friendly GUI, and power trace collection to evaluate various cryptographic algorithms. By incorporating physical security simulation prior to chip fabrication, we reduce time to market and enable early detection of vulnerabilities, facilitating informed trade-offs between security and performance.

We investigate the density of the ANF of reduced-round iterated permutations with a non-linear layer based on the so-called $\chi$ mapping. This includes the permutations underlying Keccak, Ascon, Xoodoo, Subterranean and Koala. In particular, we investigate density of the monomials of highest degree, namely $2^r$, with $r$ the number of rounds. This allows comparing the different design strategies and to get a better idea of the security margins these permutations offer against cube attacks or more general integral cryptanalysis.

The widespread adoption of FPGA-accelerated computing in embedded and cloud environments introduces new side-channel threats due to shared hardware resources. This work investigates DRAM access patterns as a leakage source to fingerprint CPU activity, examining both SoC-FPGA and cloud- based co-processor models. In SoC environments, cache-miss- induced DRAM activity generates measurable power fluctuations that can be remotely observed. While previous research has detected these fluctuations using external electromagnetic probes for side-channel-based disassembly, we assess whether embedded FPGA sensors can achieve similar results, enabling attackers to infer CPU operations without physical access. However, in cloud-based co-processor models, where FPGA-CPU interactions occur over PCIe and RDMA, large-scale power management appears to significantly lower the Signal-to-Noise Ratio (SNR), potentially making power side channels more challenging to exploit compared to SoC-FPGAs. Given this uncertainty, we investigate the feasibility of power-based leakage while also exploring timing-based side channels leveraging PCIe contention and RDMA latency variations, which have been shown to reveal workload characteristics. By evaluating both power and timing leakage across these architectures, we comprehensively assess side-channel risks in FPGA-accelerated platforms and emphasize the need for stronger isolation mechanisms.

In deep learning side-channel analysis, a neural network is employed to develop a profile of our target device. Data from a similar dummy device is used to construct the profile. However, when the profiling device differs from the target device, the profile may not be accurate enough for a successful attack. The gap between the profiling device and the target device is called the portability problem. In this work, we investigated the effect of manufacturing discrepancies on the portability of 32-bit identical devices for profiled deep-learning side-channel analysis.

This talk presents my current work on hardware implementations related to the post-quantum cryptographic algorithm ML-KEM. As part of a research collaboration and my undergraduate thesis, I am developing digital self-tests for ML-KEM modules, which are required by NIST to ensure correct circuit behavior before performing sensitive cryptographic operations. I also implement an optimized version of the Number Theoretic Transform (NTT), a key building block in lattice-based schemes. Additionally, I conduct clock glitching fault injection experiments to assess vulnerability and to explore hardware-level countermeasures. The aim is to develop efficient, secure, and self-verifying cryptographic hardware for post-quantum applications.

The world is changing at a very fast pace. Quantum computing, AI, new hardware hacking tools and emerging threats are of concern to all scientists because of the new potential security risks. Currently, new technologies are being developed with focus on these new security challenges, such as new post-quantum cryptography algorithms (e.g. Kyber) or new architectures (e.g. RISC-V). However, all of these technologies are still susceptible to physical attacks. Over the last few years, the scientific community has published several ideas, countermeasures and design techniques to improve Hardware Security, especially in critical digital circuits such as cryptographic accelerators, but the implementation of these protections must be verified even before the manufacturing of the circuit. For this reason, Formal Verification presents a great opportunity for contribution in this field. It's crucial to check the security countermeasures implemented in a critical digital microelectronic design from the earliest stages of development. For this reason, formal verification has become a significant area of study. The state of the art shows that the scientific community has already published numerous studies on Formal Verification of Countermeasures against Fault Injection and Side-Channel attacks. These studies include different mathematical modeling techniques, metrics, and solvers. Some of them are implemented in software tools to formally verify RTL designs in Hardware Description Languages. The problem with these state-of-the-art tools is that they are designed for purely academic purposes and cannot be effectively used with real cryptographic circuits. That's why this thesis has focused on finding a solution that allows applying Formal Verification in industrial design flows with large and complex circuit designs. Our contribution goal is to create a novel tool called VeriSec based on AIG models and SAT solvers that enables the Formal Verification of security countermeasures against fault injection attacks in complex cryptographic circuits in a way that can be useful and help designers during industrial development processes.

Power contracts represent a novel way of formalizing architectural leakage for SCA evaluation for software implementations. This talk gives a brief introduction to the topic, together with possible directions for future research.

Side-channel attacks pose a serious risk to cryptographic implementations, particularly in embedded systems. While current methods, such as test vector leakage assessment~(TVLA), can identify leakage points, they do not provide insights into their root causes. We propose ARCHER, an architecture-level tool designed to perform side-channel analysis and root cause identification for software cryptographic implementations on RISC-V processors. ARCHER has two main components: (1) Side-Channel Analysis to identify leakage using TVLA and its variants, and (2) Data Flow Analysis to track intermediate values across instructions, explaining observed leaks. Taking the binary file of the target implementation as input, ARCHER generates interactive visualizations and a detailed report highlighting execution statistics, leakage points, and their causes. It is the first architecture-level tool tailored for the RISC-V architecture to guide the implementation of cryptographic algorithms resistant to power side-channel attacks. ARCHER is algorithm-agnostic, supports pre-silicon analysis for both high-level and assembly code, and enables efficient root cause identification. We demonstrate ARCHER's effectiveness through case studies on unprotected and protected AES and unprotected Ascon implementations, where it accurately traces the source of side-channel leaks. We report previously undocumented vulnerabilities due to architectural register usage in the ShiftRows operation of the protected AES implementation. For the Ascon implementation, we report leaks both in the substitution layer and in the diffusion layer, thus reflecting its susceptibility to data-dependent side-channel leakage.

In recent years, deep learning has emerged as a prominent method for SCA, achieving state-of-the-art attack performance at the cost of interpretability. Understanding how neural networks extract secrets is crucial for security evaluators aiming to defend against such attacks, as only by understanding the attack can one propose better countermeasures. In this talk we will showcase applying modern interpretability methods to gain a better understanding DLSCA.

Deep learning-based side-channel analysis has become a popular and powerful option for side-channel attacks in recent years. One of the main directions that the side-channel community explores is how to design efficient architectures that can break the targets with as little as possible attack traces, but also how to consistently build such architectures. In this work, we explore the usage of the JumpReLU activation function, which was designed to improve the robustness of neural networks. Intuitively speaking, improving the robustness seems a natural requirement for side-channel analysis, as hiding countermeasures could be considered adversarial attacks. We present three different strategies that were explored, along with their corresponding results, highlighting the scenarios in which JumpReLU proves to be a beneficial option for improving the stability of attack results.