---
_id: '65537'
abstract:
- lang: eng
text: 'It is a widely accepted standard practice to implement cryptographic
software so that secret inputs do not influence the cycle count. Software following
this paradigm is often referred to as “constant-time” software and typically involves
following three rules: 1) never branch on a secret-dependent condition, 2) never
access memory at a secret-dependent location, and 3) avoid variable-time arithmetic
operations on secret data. The third rule requires knowledge about such variable-time
arithmetic instructions, or vice versa, which operations are safe to use on secret
inputs. For a long time, this knowledge was based on either documentation or microbenchmarks,
but critically, there were never any guarantees for future microarchitectures.
This changed with the introduction of the data-operand-independent-timing (DOIT)
mode on Intel CPUs and, to some extent, the data-independent-timing (DIT) mode
on Arm CPUs. Both Intel and Arm document a subset of their respective instruction
sets that are intended to leak no information about their inputs through timing,
even on future microarchitectures if the CPU is set to run in a dedicated DOIT
(or DIT) mode.In this paper, we present a principled solution that leverages DOIT
to enable cryptographic software that is future-proof constant-time, in the sense
that it ensures that only instructions from the DOIT subset are used to operate
on secret data, even during speculative execution after a mispredicted branch
or function return location. For this solution, we build on top of existing security
type systems in the Jasmin framework for high-assurance cryptography.We then use
our solution to evaluate the extent to which existing cryptographic software built
to be “constant-time” is already secure in this stricter paradigm implied by DOIT
and what the performance impact is to move from constant-time to future-proof
constant-time.'
author:
- first_name: Santiago
full_name: Arranz-Olmos, Santiago
last_name: Arranz-Olmos
- first_name: Gilles
full_name: Barthe, Gilles
last_name: Barthe
- first_name: Benjamin
full_name: Grégoire, Benjamin
last_name: Grégoire
- first_name: Jan
full_name: Jancar, Jan
last_name: Jancar
- first_name: Vincent
full_name: Laporte, Vincent
last_name: Laporte
- first_name: Tiago
full_name: Oliveira, Tiago
last_name: Oliveira
- first_name: Peter
full_name: Schwabe, Peter
last_name: Schwabe
citation:
ama: 'Arranz-Olmos S, Barthe G, Grégoire B, et al. Let’s DOIT: Using Intel’s Extended
HW/SW Contract for Secure Compilation of Crypto Code. IACR Transactions on
Cryptographic Hardware and Embedded Systems. 2025;2025(3):644-667. doi:10.46586/tches.v2025.i3.644-667'
apa: 'Arranz-Olmos, S., Barthe, G., Grégoire, B., Jancar, J., Laporte, V., Oliveira,
T., & Schwabe, P. (2025). Let’s DOIT: Using Intel’s Extended HW/SW Contract
for Secure Compilation of Crypto Code. IACR Transactions on Cryptographic Hardware
and Embedded Systems, 2025(3), 644–667. https://doi.org/10.46586/tches.v2025.i3.644-667'
bibtex: '@article{Arranz-Olmos_Barthe_Grégoire_Jancar_Laporte_Oliveira_Schwabe_2025,
title={Let’s DOIT: Using Intel’s Extended HW/SW Contract for Secure Compilation
of Crypto Code}, volume={2025}, DOI={10.46586/tches.v2025.i3.644-667},
number={3}, journal={IACR Transactions on Cryptographic Hardware and Embedded
Systems}, publisher={Universitatsbibliothek der Ruhr-Universitat Bochum}, author={Arranz-Olmos,
Santiago and Barthe, Gilles and Grégoire, Benjamin and Jancar, Jan and Laporte,
Vincent and Oliveira, Tiago and Schwabe, Peter}, year={2025}, pages={644–667}
}'
chicago: 'Arranz-Olmos, Santiago, Gilles Barthe, Benjamin Grégoire, Jan Jancar,
Vincent Laporte, Tiago Oliveira, and Peter Schwabe. “Let’s DOIT: Using Intel’s
Extended HW/SW Contract for Secure Compilation of Crypto Code.” IACR Transactions
on Cryptographic Hardware and Embedded Systems 2025, no. 3 (2025): 644–67.
https://doi.org/10.46586/tches.v2025.i3.644-667.'
ieee: 'S. Arranz-Olmos et al., “Let’s DOIT: Using Intel’s Extended HW/SW
Contract for Secure Compilation of Crypto Code,” IACR Transactions on Cryptographic
Hardware and Embedded Systems, vol. 2025, no. 3, pp. 644–667, 2025, doi: 10.46586/tches.v2025.i3.644-667.'
mla: 'Arranz-Olmos, Santiago, et al. “Let’s DOIT: Using Intel’s Extended HW/SW Contract
for Secure Compilation of Crypto Code.” IACR Transactions on Cryptographic
Hardware and Embedded Systems, vol. 2025, no. 3, Universitatsbibliothek der
Ruhr-Universitat Bochum, 2025, pp. 644–67, doi:10.46586/tches.v2025.i3.644-667.'
short: S. Arranz-Olmos, G. Barthe, B. Grégoire, J. Jancar, V. Laporte, T. Oliveira,
P. Schwabe, IACR Transactions on Cryptographic Hardware and Embedded Systems 2025
(2025) 644–667.
date_created: 2026-04-30T09:31:53Z
date_updated: 2026-04-30T09:32:27Z
doi: 10.46586/tches.v2025.i3.644-667
intvolume: ' 2025'
issue: '3'
page: 644-667
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
issn:
- 2569-2925
publication_status: published
publisher: Universitatsbibliothek der Ruhr-Universitat Bochum
status: public
title: 'Let’s DOIT: Using Intel’s Extended HW/SW Contract for Secure Compilation of
Crypto Code'
type: journal_article
user_id: '125442'
volume: 2025
year: '2025'
...
---
_id: '65538'
abstract:
- lang: eng
text: Developers implementing elliptic curve cryptography (ECC) face a wide
range of implementation choices created by decades of research into elliptic curves.
The literature on elliptic curves offers a plethora of curve models, scalar multipliers,
and addition formulas, but this comes with the price of enabling attacks to also
use the rich structure of these techniques. Navigating through this area is not
an easy task and developers often obscure their choices, especially in black-box
hardware implementations. Since side-channel attackers rely on the knowledge of
the implementation details, reverse engineering becomes a crucial part of attacks.This
work presents ECTester – a tool for testing black-box ECC implementations. Through
various test suites, ECTester observes the behavior of the target implementation
against known attacks but also non-standard inputs and elliptic curve parameters.
We analyze popular ECC libraries and smartcards and show that some libraries and
most smartcards do not check the order of the input points and improperly handle
the infinity point. Based on these observations, we design new techniques for
reverse engineering scalar randomization countermeasures that are able to distinguish
between group scalar randomization, additive, multiplicative or Euclidean splitting.
Our techniques do not require side-channel measurements; they only require the
ability to set custom domain parameters, and are able to extract not only the
size but also the exact value of the random mask used. Using the techniques, we
successfully reverse-engineered the countermeasures on 13 cryptographic smartcards
from 5 major manufacturers – all but one we tested on. Finally, we discuss what
mitigations can be applied to prevent such reverse engineering, and whether it
is possible at all.
author:
- first_name: Vojtech
full_name: Suchanek, Vojtech
last_name: Suchanek
- first_name: Jan
full_name: Jancar, Jan
last_name: Jancar
- first_name: Jan
full_name: Kvapil, Jan
last_name: Kvapil
- first_name: Petr
full_name: Svenda, Petr
last_name: Svenda
- first_name: Łukasz
full_name: Chmielewski, Łukasz
last_name: Chmielewski
citation:
ama: 'Suchanek V, Jancar J, Kvapil J, Svenda P, Chmielewski Ł. ECTester: Reverse-engineering
side-channel countermeasures of ECC implementations. IACR Transactions on Cryptographic
Hardware and Embedded Systems. 2025;2025(4):290-316. doi:10.46586/tches.v2025.i4.290-316'
apa: 'Suchanek, V., Jancar, J., Kvapil, J., Svenda, P., & Chmielewski, Ł. (2025).
ECTester: Reverse-engineering side-channel countermeasures of ECC implementations.
IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(4),
290–316. https://doi.org/10.46586/tches.v2025.i4.290-316'
bibtex: '@article{Suchanek_Jancar_Kvapil_Svenda_Chmielewski_2025, title={ECTester:
Reverse-engineering side-channel countermeasures of ECC implementations}, volume={2025},
DOI={10.46586/tches.v2025.i4.290-316},
number={4}, journal={IACR Transactions on Cryptographic Hardware and Embedded
Systems}, publisher={Universitatsbibliothek der Ruhr-Universitat Bochum}, author={Suchanek,
Vojtech and Jancar, Jan and Kvapil, Jan and Svenda, Petr and Chmielewski, Łukasz},
year={2025}, pages={290–316} }'
chicago: 'Suchanek, Vojtech, Jan Jancar, Jan Kvapil, Petr Svenda, and Łukasz Chmielewski.
“ECTester: Reverse-Engineering Side-Channel Countermeasures of ECC Implementations.”
IACR Transactions on Cryptographic Hardware and Embedded Systems 2025,
no. 4 (2025): 290–316. https://doi.org/10.46586/tches.v2025.i4.290-316.'
ieee: 'V. Suchanek, J. Jancar, J. Kvapil, P. Svenda, and Ł. Chmielewski, “ECTester:
Reverse-engineering side-channel countermeasures of ECC implementations,” IACR
Transactions on Cryptographic Hardware and Embedded Systems, vol. 2025, no.
4, pp. 290–316, 2025, doi: 10.46586/tches.v2025.i4.290-316.'
mla: 'Suchanek, Vojtech, et al. “ECTester: Reverse-Engineering Side-Channel Countermeasures
of ECC Implementations.” IACR Transactions on Cryptographic Hardware and Embedded
Systems, vol. 2025, no. 4, Universitatsbibliothek der Ruhr-Universitat Bochum,
2025, pp. 290–316, doi:10.46586/tches.v2025.i4.290-316.'
short: V. Suchanek, J. Jancar, J. Kvapil, P. Svenda, Ł. Chmielewski, IACR Transactions
on Cryptographic Hardware and Embedded Systems 2025 (2025) 290–316.
date_created: 2026-04-30T09:31:59Z
date_updated: 2026-04-30T09:32:25Z
doi: 10.46586/tches.v2025.i4.290-316
intvolume: ' 2025'
issue: '4'
page: 290-316
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
issn:
- 2569-2925
publication_status: published
publisher: Universitatsbibliothek der Ruhr-Universitat Bochum
status: public
title: 'ECTester: Reverse-engineering side-channel countermeasures of ECC implementations'
type: journal_article
user_id: '125442'
volume: 2025
year: '2025'
...
---
_id: '65535'
abstract:
- lang: eng
text: 'Side-channel attacks on elliptic curve cryptography (ECC) often assume
a white-box attacker who has detailed knowledge of the implementation choices
taken by the target implementation. Due to the complex and layered nature of ECC,
there are many choices that a developer makes to obtain a functional and interoperable
implementation. These include the curve model, coordinate system, addition formulas,
and the scalar multiplier, or lower-level details such as the finite-field multiplication
algorithm. This creates a gap between the attack requirements and a real-world
attacker that often only has black-box access to the target – i.e., has no access
to the source code nor knowledge of specific implementation choices made. Yet,
when the gap is closed, even real-world implementations of ECC succumb to side-channel
attacks, as evidenced by attacks such as TPM-Fail, Minerva, the Side Journey to
Titan, or TPMScan [MSE+20; JSS+20; RLM+21; SDB+24].We study this gap by first
analyzing open-source ECC libraries for insight into realworld implementation
choices. We then examine the space of all ECC implementations combinatorially.
Finally, we present a set of novel methods for automated reverse engineering of
black-box ECC implementations and release a documented and usable open-source
toolkit for side-channel analysis of ECC called pyecsca.Our methods turn attacks
around: instead of attempting to recover the private key, they attempt to recover
the implementation configuration given control over the private and public inputs.
We evaluate them on two simulation levels and study the effect of noise on their
performance. Our methods are able to 1) reverse-engineer the scalar multiplication
algorithm completely and 2) infer significant information about the coordinate
system and addition formulas used in a target implementation. Furthermore, they
can bypass coordinate and curve randomization countermeasures.'
author:
- first_name: Jan
full_name: Jancar, Jan
last_name: Jancar
- first_name: Vojtech
full_name: Suchanek, Vojtech
last_name: Suchanek
- first_name: Petr
full_name: Svenda, Petr
last_name: Svenda
- first_name: Vladimir
full_name: Sedlacek, Vladimir
last_name: Sedlacek
- first_name: Łukasz
full_name: Chmielewski, Łukasz
last_name: Chmielewski
citation:
ama: 'Jancar J, Suchanek V, Svenda P, Sedlacek V, Chmielewski Ł. pyecsca: Reverse
engineering black-box elliptic curve cryptography via side-channel analysis. IACR
Transactions on Cryptographic Hardware and Embedded Systems. 2024;2024(4):355-381.
doi:10.46586/tches.v2024.i4.355-381'
apa: 'Jancar, J., Suchanek, V., Svenda, P., Sedlacek, V., & Chmielewski, Ł.
(2024). pyecsca: Reverse engineering black-box elliptic curve cryptography via
side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded
Systems, 2024(4), 355–381. https://doi.org/10.46586/tches.v2024.i4.355-381'
bibtex: '@article{Jancar_Suchanek_Svenda_Sedlacek_Chmielewski_2024, title={pyecsca:
Reverse engineering black-box elliptic curve cryptography via side-channel analysis},
volume={2024}, DOI={10.46586/tches.v2024.i4.355-381},
number={4}, journal={IACR Transactions on Cryptographic Hardware and Embedded
Systems}, publisher={Universitatsbibliothek der Ruhr-Universitat Bochum}, author={Jancar,
Jan and Suchanek, Vojtech and Svenda, Petr and Sedlacek, Vladimir and Chmielewski,
Łukasz}, year={2024}, pages={355–381} }'
chicago: 'Jancar, Jan, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek, and Łukasz
Chmielewski. “Pyecsca: Reverse Engineering Black-Box Elliptic Curve Cryptography
via Side-Channel Analysis.” IACR Transactions on Cryptographic Hardware and
Embedded Systems 2024, no. 4 (2024): 355–81. https://doi.org/10.46586/tches.v2024.i4.355-381.'
ieee: 'J. Jancar, V. Suchanek, P. Svenda, V. Sedlacek, and Ł. Chmielewski, “pyecsca:
Reverse engineering black-box elliptic curve cryptography via side-channel analysis,”
IACR Transactions on Cryptographic Hardware and Embedded Systems, vol.
2024, no. 4, pp. 355–381, 2024, doi: 10.46586/tches.v2024.i4.355-381.'
mla: 'Jancar, Jan, et al. “Pyecsca: Reverse Engineering Black-Box Elliptic Curve
Cryptography via Side-Channel Analysis.” IACR Transactions on Cryptographic
Hardware and Embedded Systems, vol. 2024, no. 4, Universitatsbibliothek der
Ruhr-Universitat Bochum, 2024, pp. 355–81, doi:10.46586/tches.v2024.i4.355-381.'
short: J. Jancar, V. Suchanek, P. Svenda, V. Sedlacek, Ł. Chmielewski, IACR Transactions
on Cryptographic Hardware and Embedded Systems 2024 (2024) 355–381.
date_created: 2026-04-30T09:31:41Z
date_updated: 2026-04-30T09:32:37Z
doi: 10.46586/tches.v2024.i4.355-381
intvolume: ' 2024'
issue: '4'
page: 355-381
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
issn:
- 2569-2925
publication_status: published
publisher: Universitatsbibliothek der Ruhr-Universitat Bochum
status: public
title: 'pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel
analysis'
type: journal_article
user_id: '125442'
volume: 2024
year: '2024'
...