×

Towards tight random probing security. (English) Zbl 1486.94083

Malkin, Tal (ed.) et al., Advances in cryptology – CRYPTO 2021. 41st annual international cryptology conference, CRYPTO 2021, virtual event, August 16–20, 2021. Proceedings. Part III. Cham: Springer. Lect. Notes Comput. Sci. 12827, 185-214 (2021).
Summary: Proving the security of masked implementations in theoretical models that are relevant to practice and match the best known attacks of the side-channel literature is a notoriously hard problem. The random probing model is a promising candidate to contribute to this challenge, due to its ability to capture the continuous nature of physical leakage (contrary to the threshold probing model), while also being convenient to manipulate in proofs and to automate with verification tools. Yet, despite recent progress in the design of masked circuits with good asymptotic security guarantees in this model, existing results still fall short when it comes to analyze the security of concretely useful circuits under realistic noise levels and with low number of shares. In this paper, we contribute to this issue by introducing a new composability notion, the Probe Distribution Table (PDT), and a new tool (called STRAPS, for the Sampled Testing of the RAndom Probing Security). Their combination allows us to significantly improve the tightness of existing analyses in the most practical (low noise, low number of shares) region of the design space. We illustrate these improvements by quantifying the random probing security of an AES S-box circuit, masked with the popular multiplication gadget of Y. Ishai et al. [Lect. Notes Comput. Sci. 2729, 463–481 (2003; Zbl 1122.94378)], with up to six shares.
For the entire collection see [Zbl 1484.94002].

MSC:

94A60 Cryptography

Citations:

Zbl 1122.94378

Software:

maskVerif
PDF BibTeX XML Cite
Full Text: DOI

References:

[1] Ajtai, M.: Secure computation with information leaking to an adversary. In: STOC, pp. 715-724. ACM (2011) · Zbl 1288.94047
[2] Ananth, P.; Ishai, Y.; Sahai, A.; Shacham, H.; Boldyreva, A., Private circuits: a modular approach, Advances in Cryptology, 427-455 (2018), Cham: Springer, Cham · Zbl 1462.94028
[3] Andrychowicz, M.; Dziembowski, S.; Faust, S.; Fischlin, M.; Coron, J-S, Circuit compilers with \(O(1/\log (n))\) leakage rate, Advances in Cryptology, 586-615 (2016), Heidelberg: Springer, Heidelberg · Zbl 1371.94620
[4] Barthe, G.; Belaïd, S.; Cassiers, G.; Fouque, P-A; Grégoire, B.; Standaert, F-X; Sako, K.; Schneider, S.; Ryan, PYA, maskVerif: automated verification of higher-order masking in presence of physical defaults, Computer Security, 300-318 (2019), Cham: Springer, Cham
[5] Barthe, G., et al.: Strong non-interference and type-directed higher-order masking. In: CCS, pp. 116-129. ACM (2016)
[6] Barthe, G.; Gourjon, M.; Grégoire, B.; Orlt, M.; Paglialonga, C.; Porth, L., Masking in fine-grained leakage models: construction, implementation and verification, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021, 2, 189-228 (2021)
[7] Battistello, A.; Coron, J-S; Prouff, E.; Zeitoun, R.; Gierlichs, B.; Poschmann, AY, Horizontal side-channel attacks and countermeasures on the ISW masking scheme, Cryptographic Hardware and Embedded Systems, 23-39 (2016), Heidelberg: Springer, Heidelberg · Zbl 1380.94071
[8] Belaïd, S.; Coron, J-S; Prouff, E.; Rivain, M.; Taleb, AR; Micciancio, D.; Ristenpart, T., Random probing security: verification, composition, expansion and new constructions, Advances in Cryptology, 339-368 (2020), Cham: Springer, Cham
[9] Belaïd, S.; Rivain, M.; Taleb, AR, On the power of expansion: more efficient constructions in the random probing model, IACR Cryptol. ePrint Arch., 2021, 434 (2021)
[10] Bloem, R.; Gross, H.; Iusupov, R.; Könighofer, B.; Mangard, S.; Winter, J.; Nielsen, JB; Rijmen, V., Formal verification of masked hardware implementations in the presence of glitches, Advances in Cryptology, 321-353 (2018), Cham: Springer, Cham · Zbl 1428.94062
[11] Brier, E.; Clavier, C.; Olivier, F.; Joye, M.; Quisquater, J-J, Correlation power analysis with a leakage model, Cryptographic Hardware and Embedded Systems, 16-29 (2004), Heidelberg: Springer, Heidelberg · Zbl 1104.68467
[12] Cassiers, G., Grégoire, B., Levi, I., Standaert, F.X:. Hardware private circuits: From trivial composition to full verification. IEEE Trans. Comput. 1 (2020) · Zbl 07497397
[13] Cassiers, G.; Standaert, F., Towards globally optimized masking: from low randomness to low noise rate or probe isolating multiplications with reduced randomness and security against horizontal attacks, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2019, 2, 162-198 (2019)
[14] Chari, S.; Jutla, CS; Rao, JR; Rohatgi, P.; Wiener, M., Towards sound approaches to counteract power-analysis attacks, Advances in Cryptology, 398-412 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.68045
[15] Chari, S.; Rao, JR; Rohatgi, P.; Kaliski, BS; Koç, K.; Paar, C., Template attacks, Cryptographic Hardware and Embedded Systems, 13-28 (2003), Heidelberg: Springer, Heidelberg
[16] Coron, J-S; Prouff, E.; Rivain, M.; Roche, T.; Moriai, S., Higher-order side channel security and mask refreshing, Fast Software Encryption, 410-424 (2014), Heidelberg: Springer, Heidelberg · Zbl 1321.94052
[17] Duc, A.; Dziembowski, S.; Faust, S., Unifying leakage models: from probing attacks to noisy leakage, J. Cryptol., 32, 1, 151-177 (2019) · Zbl 1435.94128
[18] Duc, A.; Faust, S.; Standaert, F., Making masking security proofs concrete (or how to evaluate the security of any leaking device), extended version, J. Cryptol., 32, 4, 1263-1297 (2019) · Zbl 1435.94145
[19] Dziembowski, S.; Faust, S.; Skorski, M.; Oswald, E.; Fischlin, M., Noisy leakage revisited, Advances in Cryptology, 159-188 (2015), Heidelberg: Springer, Heidelberg · Zbl 1326.94089
[20] Dziembowski, S.; Faust, S.; Żebrowski, K.; Galbraith, SD; Moriai, S., Simple refreshing in the noisy leakage model, Advances in Cryptology, 315-344 (2019), Cham: Springer, Cham · Zbl 1455.94150
[21] Faust, S.; Grosso, V.; Pozo, SMD; Paglialonga, C.; Standaert, F., Composable masking schemes in the presence of physical defaults & the robust probing model, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018, 3, 89-120 (2018)
[22] Gandolfi, K.; Mourtel, C.; Olivier, F.; Koç, ÇK; Naccache, D.; Paar, C., Electromagnetic analysis: concrete results, Cryptographic Hardware and Embedded Systems, 251-261 (2001), Heidelberg: Springer, Heidelberg · Zbl 1006.68705
[23] Goudarzi, D.; Joux, A.; Rivain, M.; Peyrin, T.; Galbraith, S., How to securely compute with noisy leakage in quasilinear complexity, Advances in Cryptology, 547-574 (2018), Cham: Springer, Cham · Zbl 1446.94131
[24] Ishai, Y.; Sahai, A.; Wagner, D.; Boneh, D., Private circuits: securing hardware against probing attacks, Advances in Cryptology, 463-481 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94378
[25] Knichel, D.; Sasdrich, P.; Moradi, A.; Moriai, S.; Wang, H., SILVER - statistical independence and leakage verification, Advances in Cryptology, 787-816 (2020), Cham: Springer, Cham
[26] Kocher, P.; Jaffe, J.; Jun, B.; Wiener, M., Differential power analysis, Advances in Cryptology, 388-397 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.94501
[27] Mangard, S.; Popp, T.; Gammel, BM; Menezes, A., Side-channel leakage of masked CMOS gates, Topics in Cryptology, 351-365 (2005), Heidelberg: Springer, Heidelberg · Zbl 1079.94561
[28] Nikova, S.; Rijmen, V.; Schläffer, M., Secure hardware implementation of nonlinear functions in the presence of glitches, J. Cryptol., 24, 2, 292-321 (2011) · Zbl 1239.94060
[29] Prest, T.; Goudarzi, D.; Martinelli, A.; Passelègue, A.; Boldyreva, A.; Micciancio, D., Unifying leakage models on a Rényi day, Advances in Cryptology, 683-712 (2019), Cham: Springer, Cham · Zbl 1456.94108
[30] Prouff, E.; Rivain, M.; Johansson, T.; Nguyen, PQ, Masking against side-channel attacks: a formal security proof, Advances in Cryptology, 142-159 (2013), Heidelberg: Springer, Heidelberg · Zbl 1306.94087
[31] Rivain, M.; Prouff, E.; Mangard, S.; Standaert, F-X, Provably secure higher-order masking of AES, Cryptographic Hardware and Embedded Systems, 413-427 (2010), Heidelberg: Springer, Heidelberg · Zbl 1208.94052
[32] Schneider, T.; Moradi, A., Leakage assessment methodology - extended version, J. Crypt. Eng., 6, 2, 85-99 (2016)
[33] Scholz, F.: Confidence bounds & intervals for parameters relating to the binomial, negative binomial, poisson and hypergeometric distributions with applications to rare events (2008)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.