Invited Talks

Peter Schwabe: Post-quantum crypto on ARM Cortex-M


Asymmetric crypto deployed today is essentially completely based on RSA, and (elliptic-curve) discrete logarithms. It is long known that these cryptosystems are no longer secure in a world where attackers are equipped with a large universal quantum computer. This is why not only academic researchers, but also government agencies, standardization bodies, and industry are putting effort into transitioning our cryptographic infrastructure to post-quantum primitives. Probably the most prominent effort in this field is the NIST post-quantum crypto (PQC) project, which started in 2016 and aims at selecting and eventually standardizing several suitable post-quantum signatures and key-encapsulation schemes. This effort by NIST is supported by the international research community. In my talk I will first present the pqm4 project, a library, testing, and benchmarking framework for post-quantum cryptography on the ARM Cortex M4. The long-term goal of this framework is to collect optimized and also side-channel-protected implementations of all NIST PQC candidates. In the second part of my talk I will zoom into the optimzation effort for some of these schemes, specifically lattice-based key-encapsulation mechanisms.


Peter Schwabe is an associate professor at Radboud University Nijmegen. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research is in the area of cryptographic engineering, in particular the design and secure implementation of cryptographic primitives and protcols for real-world applications. In recent years his research has mainly focused on post-quantum cryptography. He is co-submitter of seven round-2 candidates in the NIST PQC project and since 2018 he is leading research in the project "EPOQUE -- Engineering post-quantum cryptography", which is supported by the European Research Council through an ERC Starting Grant.

Gilles Barthe: Formal Verification of Side-Channel Resistance


Side-channel attacks exploit physical information (e.g., timing or power) that can be observed from the execution of implementations, to retrieve key material and more generally secret information from cryptographic implementations. Successful forms of side-channel attacks include differential power analysis attacks, and cache-based timing attacks. Protecting against such attacks is therefore a major theoretical and practical concern, and has been the subject of a long line of research. In the talk, I shall review some existing models and countermeasures and show how formal verification methods can be used for ensuring that countermeasures are correctly implemented, focusing on masked implementations and constant-time implementations.


Gilles Barthe is a scientific director at MPI-SP and a part-time research professor at the IMDEA Software Institute. His research interests include logic, formal verification, programming languages, security and privacy. His current work focuses on formal approaches for high-assurance cryptographic algorithms and implementations.


Viktor Fischer: True random number generators for cryptography – design and evaluation


Random numbers are crucial in cryptography: they are used as confidential keys, initialization vectors, nonces in challenge-response protocols, padding values, and as masks in side channel attack countermeasures. Random number generators (RNGs) must generate random numbers that have good statistical properties and the generated numbers must not be predictable and manipulable.

Stringent security evaluation of RNGs is not straightforward. This is because it necessitates expertise in several scientific fields such as: microelectronics and physics to understand random physical processes in electronic circuits; mathematics and statistics for constructing simple, but sufficiently precise stochastic models; information processing and information theory to estimate and manage entropy; and cryptography for dealing with security and cryptographic post-processing.


The objective of this tutorial is to introduce participants to implementation of true random number generators aimed at cryptographic applications in logic devices as well as to their security evaluation. Strong and weak ways of generating random numbers in hardware will be illustrated on state-of-the-art designs. Finally, a comprehensive example of a complete TRNG design including embedded randomness testing will be given and practically demonstrated on dedicated evaluation boards.

Of interest to:

Engineers and young researchers in cryptography engineering and embedded security.

Preliminary skills:

Basics in cryptography, electronics, mathematics and probability (Bachelors Degree).


Part 1 – Basics on random number generation for cryptography. Introduction to random number generation. Sources of randomness. Entropy extraction. Statistical models and entropy estimators. Post-processing. RNG evaluation and testing.

Part2 – State of the art and pitfalls in TRNG designs. “Maximum entropy” TRNGs. Non-testable TRNGs. Internally testable TRNGs.

Part3 – Practical example: design and evaluation of a secure TRNG. Example of an internally testable TRNG. Statistical modeling and entropy estimation of the proposed TRNG. Proposition of a model-based online test. RNG calibration and testing.


Viktor Fischer received his M.S. and Ph.D. degrees in Electrical Engineering from Technical University of Kosice in Slovakia. From 1981 to 1991 he held an Assistant Professor position at the Department of Electronics of the Technical University of Kosice, Slovakia. From 1991 to 2006 he was a part-time invited professor at the University of Saint-Etienne, France. From 1999 to 2006 he was also a consultant with Micronic Slovakia, oriented in hardware data security systems. From 2006 he is a full-time Professor at the University of Saint-Etienne and from 2018 he is also visiting professor at the Czech Technical University in Prague. From 2012 he gives lectures on the TRNG design organized by MEAD Education at EPFL Lausanne. His research interests include cryptographic engineering, secure embedded systems, cryptographic processors and especially true random number generators embedded in logic devices. He is author and co-author of many scientific publications in this field.