Ing. Vít Mašek from the Faculty of Information Technology at the Czech Technical University in Prague (FIT CTU) succeeded with his master’s thesis in the IT SPY 2025 competition, where he placed 3rd among hundreds of IT final theses from Czech and Slovak universities. His work focuses on one of the most fascinating yet most dangerous areas of modern cryptography – attacks that target not the mathematics, but the physical behavior of devices. He also received the Dean’s Award for the summer semester of 2024/2025.
Vít’s thesis deals with so-called side-channel attacks. These attacks do not break cryptographic algorithms through complex calculations, but instead exploit subtle physical manifestations of devices during encryption – for example, tiny changes in power consumption or electromagnetic emissions. Even such faint signals can help an attacker reveal a secret key. This area is becoming increasingly important because cryptography is part of almost every modern device – from smart cards and mobile phones to industrial systems.
In his work, Vít focused on the security of the SipHash algorithm, which is used to ensure data integrity and authenticity. In practice, it is used for example in transportation systems, where it is crucial to ensure that the data exchanged between control units has not been altered and originates from an authorized source. SipHash is known as a cryptographic function based on the so-called ARX structure (Addition-Rotation-XOR). These structures are often considered inherently resistant to side-channel attacks, but current research shows that this may not always be the case.
Vít therefore created a complete implementation of the SipHash algorithm on an FPGA platform that enables precise power-consumption measurements and is designed specifically for the analysis of physical attacks. After thorough measurement and statistical evaluation, it turned out that the implementation indeed exhibits measurable information leakage. He was then able to use this leakage in a practical side-channel attack aimed at obtaining the secret key solely based on analyzing the device’s power consumption during computation.
Although the attack was not fully completed on a real device, the results clearly demonstrated that even SipHash is not automatically protected against physical attacks.
“The results show that even modern, computationally simple cryptographic algorithms can be vulnerable in practice. It is important to consider not only the mathematical aspects of cryptography, but also the physical leakages that may compromise otherwise secure systems,” says Vít Mašek.
“Taking 3rd place in the IT SPY competition means to me that even amid the flood of AI and machine-learning-related topics, IT security remains recognized as an important research area. I am currently considering pursuing a PhD, where I would like to focus on securing post-quantum cryptography against physical attacks,” Vít adds.
The IT SPY (IT Student Project of the Year) competition annually selects the best and most innovative master’s theses in the field of information technology from universities in the Czech Republic and Slovakia. Entries are evaluated based on technical quality, originality, and potential for real-world application.
