This is a comprehensive description of the cryptographic hash function BLAKE, one of the five final contenders in the NIST SHA3 competition, and of BLAKE2, an improved version popular among developers. It describes how BLAKE was designed and why BLAKE2 was developed, and it offers guidelines on implementing and using BLAKE, with a focus on software implementation. In the first two chapters, the authors offer a short introduction to cryptographic hashing, the SHA3 competition and BLAKE. They review applications of cryptographic hashing, they describe some basic notions such as security definitions and state-of-the-art collision search methods and they present SHA1, SHA2 and the SHA3 finalists. In the chapters that follow, the authors give a complete description of the four instances BLAKE-256, BLAKE-512, BLAKE-224 and BLAKE-384; they describe applications of BLAKE, including simple hashing with or without a salt and HMAC and PBKDF2 constructions; they review implementation techniques, from portable C and Python to AVR assembly and vectorized code using SIMD CPU instructions; they describe BLAKE’s properties with respect to hardware design for implementation in ASICs or FPGAs; they explain BLAKE's design rationale in detail, from NIST’s requirements to the choice of internal parameters; they summarize the known security properties of BLAKE and describe the best attacks on reduced or modified variants; and they present BLAKE2, the successor of BLAKE, starting with motivations and also covering its performance and security aspects. The book concludes with detailed test vectors, a reference portable C implementation of BLAKE, and a list of third-party software implementations of BLAKE and BLAKE2. The book is oriented towards practice – engineering and craftsmanship – rather than theory. It is suitable for developers, engineers and security professionals engaged with BLAKE and cryptographic hashing in general and for applied cryptography researchers and students who need a consolidated reference and a detailed description of the design process, or guidelines on how to design a cryptographic algorithm.

This book constitutes the refereed proceedings of the 15th International Conference on Cryptology in India, INDOCRYPT 2014, held in New Delhi, India, in December 2014. The 25 revised full papers presented together with 4 invited papers were carefully reviewed and selected from 101 submissions. The papers are organized in topical sections on side channel analysis; theory; block ciphers; cryptanalysis; efficient hardware design; protected hardware design; elliptic curves.

2.1 Di?erential Power Analysis Di?erential Power Analysis (DPA) was introduced by Kocher, Ja?e and Jun in 1998 [13] and published in 1999 [14]. The basic idea is to make use of potential correlations between the data handled by the micro-controller and the electric consumption measured values. Since these correlations are often very low, s- tistical methods must be applied to deduce su?cient information from them. Theprinciple ofDPAattacksconsistsincomparingconsumptionvalues m- suredonthe real physical device (for instance a GSM chip or a smart card)with values computed in an hypothetical model of this device (the hypotheses being made among others on the nature of the implementation, and chie?y on a part of the secret key). By comparing these two sets of values, the attacker tries to recover all or part of the secret key. The initial target of DPA attacks was limited to symmetric algorithms. V- nerability of DES - ?rst shown by Kocher, Ja?e and Jun [13, 14]-wasfurther studied by Goubin and Patarin [11, 12], Messerges, Dabbish, Sloan [16]and Akkar, B' evan, Dischamp, Moyart [2]. Applications of these attacks were also largely taken into account during the AES selection process, notably by Biham, Shamir [4], Chari, Jutla, Rao, Rohatgi [5] and Daemen, Rijmen [8].

Willi Meier geht mit 61 in den vorgezogenen Ruhestand." Der Padagoge aus Leidenschaft geht nicht wegen der Belastung, nicht wegen den Kollegen und auch nicht wegen seiner Kundschaft," den Schulerinnen und Schuler. Er will bei bester Gesundheit, zusammen mit seiner lieben Gattin, seine zwei Tochter bei dem Bau" ihrer Familien vom Start an begleiten und mithelfen, da wo das erwunscht ist. Er will vor allem seine Enkel vom ersten Tag an unbelastet vom taglichen beruflichen Stress begleiten und sie aufwachsen sehen. Daneben will er die vielen, auch neben dem Beruf immer noch vorhandenen Aktivitaten ohne Zeitdruck dazwischen streuen und frei planen konnen und neue, andere Herausforderungen suchen. In funf Schritten beschreibt er die funf Jahre, in denen er nicht nur seine Vorsatze umsetzt, sondern mit dem zielgerichteten Druck" seiner lieben Gattin mit einem Wochenendhaus" den Sprung aus der Kleinstadt in die Dorfidylle wagt. Hier schafft er sich das ideale Umfeld fur seine Grossfamilie." Und ausserdem findet er auch noch eine uberhaupt nicht vorsehbare, fur ihn aussergewohnlich tolle Dorfgemeinschaft. Er vergisst dabei nie, immer wieder seine Heimat, die schone Eifel, mit zu beschreiben. Fur ihn macht alter werden Spass. Das will er als Gebrauchsanweisung" in Sechzig Plus" weiter vermitteln."