Making Masking Security Proofs Concrete

详细信息    查看全文

• 作者：Alexandre Duc (15)
  Sebastian Faust (15) (16)
  Fran莽ois-Xavier Standaert (17)
  
  15. EPFL ; Lausanne ; Switzerland
  16. Horst G枚rtz Institute ; Ruhr-University Bochum ; Bochum ; Germany
  17. ICTEAM/ELEN/Crypto Group ; Universit茅 catholique de Louvain ; Louvain-la-neuve ; Belgium
  
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9056
• 期：1
• 页码：401-429
• 全文大小：2,944 KB
• 参考文献：1. http://perso.uclouvain.be/fstandae/PUBLIS/154.zip
  2. Archambeau, C, Peeters, E, Standaert, F-X, Quisquater, J-J Template attacks in principal subspaces. In: Goubin, L, Matsui, M eds. (2006) Cryptographic Hardware and Embedded Systems - CHES 2006. Springer, Heidelberg, pp. 1-14 CrossRef
  3. Baign猫res, T, Junod, P, Vaudenay, S How far can we go beyond linear cryptanalysis?. In: Lee, PJ eds. (2004) Advances in Cryptology - ASIACRYPT 2004. Springer, Heidelberg, pp. 432-450 CrossRef
  4. Balasch, J., Faust, S., Gierlichs, B., Verbauwhede, I.: Theory and practice of a leakage resilient masking scheme. In: Wang and Sako [67], pp. 758鈥?75
  5. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the Cost of Lazy Engineering for Masked Software Implementations. IACR Cryptology ePrint Archive 2014:413 (2014)
  6. Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731. Springer, Heidelberg (2014)
  7. Bela茂d, S, Grosso, V, Standaert, F-X (2015) Masking and Leakage-Resilient Primitives: One, the Other(s) or Both?. Cryptography and Communications 7: pp. 163-184 CrossRef
  8. Bellare, M., Tessaro, S., Vardy, A.: A Cryptographic Treatment of the Wiretap Channel. IACR Cryptology ePrint Archive 2012:15 (2012)
  9. Bellare, M, Tessaro, S, Vardy, A Semantic security for the wiretap channel. In: Safavi-Naini, R, Canetti, R eds. (2012) Advances in Cryptology 鈥?CRYPTO 2012. Springer, Heidelberg, pp. 294-311 CrossRef
  10. Bertsekas, D.P.: Nonlinear Programming. Athena Scientific (1999)
  11. Brier, E, Clavier, C, Olivier, F Correlation power analysis with a leakage model. In: Joye, M, Quisquater, J-J eds. (2004) Cryptographic Hardware and Embedded Systems - CHES 2004. Springer, Heidelberg, pp. 16-29 CrossRef
  12. Carlet, C, Danger, J-L, Guilley, S, Maghrebi, H (2014) Leakage Squeezing: Optimal Implementation and Security Evaluation. J. Mathematical Cryptology 8: pp. 249-295
  13. Carlet, C, Goubin, L, Prouff, E, Quisquater, M, Rivain, M Higher-order masking schemes for S-boxes. In: Canteaut, A eds. (2012) Fast Software Encryption. Springer, Heidelberg, pp. 366-384 CrossRef
  14. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener [69], pp. 398鈥?12
  15. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Ko莽, C.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13鈥?8. Springer, Heidelberg (2003)
  16. Coron, J-S, Giraud, C, Prouff, E, Renner, S, Rivain, M, Vadnala, PK Conversion of security proofs from one leakage model to another: A new issue. In: Schindler, W, Huss, SA eds. (2012) Constructive Side-Channel Analysis and Secure Design. Springer, Heidelberg, pp. 69-81 CrossRef
  17. Coron, J-S, Prouff, E, Rivain, M Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P, Verbauwhede, I eds. (2007) Cryptographic Hardware and Embedded Systems - CHES 2007. Springer, Heidelberg, pp. 28-44 CrossRef
  18. Coron, J-S, Prouff, E, Rivain, M, Roche, T Higher-order side channel security and mask refreshing. In: Moriai, S eds. (2014) Fast Software Encryption. Springer, Heidelberg, pp. 410-424 CrossRef
  19. Cover, T.M., Thomas, J.A.: Elements of Information Theory 2 edn. Wiley (2006)
  20. Ding, A.A., Zhang, L., Fei, Y., Luo, P.: A statistical model for higher order DPA on masked devices. In: Batina and Robshaw [6], pp. 147鈥?69
  21. Dodis, Y Shannon impossibility, revisited. In: Smith, A eds. (2012) Information Theoretic Security. Springer, Heidelberg, pp. 100-110 CrossRef
  22. Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: From probing attacks to noisy leakage. In: Nguyen and Oswald [45], pp. 423鈥?40
  23. Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to Certify the Leakage of a Chip? In: Nguyen and Oswald [45], pp. 459鈥?76
  24. Dziembowski, S., Faust, S., Skorski, M.: Noisy leakage revisited. In: The Proceedings of EUROCRYPT (to appear 2015)
  25. Faust, S, Rabin, T, Reyzin, L, Tromer, E, Vaikuntanathan, V Protecting circuits from leakage: The computationally-bounded and noisy cases. In: Gilbert, H eds. (2010) Advances in Cryptology 鈥?EUROCRYPT 2010. Springer, Heidelberg, pp. 135-156 CrossRef
  26. Fei, Y, Luo, Q, Ding, AA A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E, Schaumont, P eds. (2012) Cryptographic Hardware and Embedded Systems 鈥?CHES 2012. Springer, Heidelberg, pp. 233-250 CrossRef
  27. Fumaroli, G, Martinelli, A, Prouff, E, Rivain, M Affine masking against higher-order side channel analysis. In: Biryukov, A, Gong, G, Stinson, DR eds. (2011) Selected Areas in Cryptography. Springer, Heidelberg, pp. 262-280 CrossRef
  28. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald and Rohatgi [47], pp. 426鈥?42
  29. Glowacz, C., Grosso, V., Poussier, R., Schueth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: IACR Cryptology ePrint Archive 2014:920 (2014)
  30. Goubin, L., Martinelli, A.: Protecting AES with Shamir鈥檚 secret sharing scheme. In: Preneel and Takagi [48], pp. 79鈥?4
  31. Grosso, V, Prouff, E, Standaert, F-X Efficient masked s-boxes processing 鈥?A step forward 鈥? In: Pointcheval, D, Vergnaud, D eds. (2014) Progress in Cryptology 鈥?AFRICACRYPT 2014. Springer, Heidelberg, pp. 251-266 CrossRef
  32. Grosso, V, Standaert, F-X, Prouff, E Low entropy masking schemes, revisited. In: Francillon, A, Rohatgi, P eds. (2014) Smart Card Research and Advanced Applications. Springer, Heidelberg, pp. 33-43 CrossRef
  33. Ishai, Y, Sahai, A, Wagner, D Private circuits: Securing hardware against probing attacks. In: Boneh, D eds. (2003) Advances in Cryptology - CRYPTO 2003. Springer, Heidelberg, pp. 463-481 CrossRef
  34. Johansson, T., Nguyen, P.Q. (eds.): EUROCRYPT 2013. LNCS, vol. 7881. Springer, Heidelberg (2013)
  35. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener [69], pp. 388鈥?97
  36. Li, D., Sun, X.: Nonlinear knapsack problems. In: Nonlinear Integer Programming. International Series in Operations Research & Management Science, vol. 84, pp. 149鈥?07. Springer, US (2006)
  37. Lomn茅, V., Prouff, E., Rivain, M., Roche, T., Thillard, A.: How to estimate the success rate of higher-order side-channel attacks. In: Batina and Robshaw [6], pp. 35鈥?4
  38. Mangard, S Hardware countermeasures against DPA 鈥?A statistical analysis of their effectiveness. In: Okamoto, T eds. (2004) Topics in Cryptology 鈥?CT-RSA 2004. Springer, Heidelberg, pp. 222-235 CrossRef
  39. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer (2007)
  40. Mangard, S, Oswald, E, Standaert, F-X (2011) One for All - All for One: Unifying Standard Differential Power Analysis Attacks. IET Information Security 5: pp. 100-110 CrossRef
  41. Mangard, S, Popp, T, Gammel, BM Side-channel leakage of masked CMOS gates. In: Menezes, A eds. (2005) Topics in Cryptology 鈥?CT-RSA 2005. Springer, Heidelberg, pp. 351-365 CrossRef
  42. Medwed, M, Standaert, F-X (2011) Extractors against Side-Channel Attacks: Weak or Strong?. J. Cryptographic Engineering 1: pp. 231-241 CrossRef
  43. Moradi, A., Mischke, O.: Glitch-Free implementation of masking in modern FPGAs. In: HOST, pp. 89鈥?5. IEEE (2012)
  44. Moradi, A., Standaert, F.-X.: Moments-correlating DPA. In: IACR Cryptology ePrint Archive, 2014:409 (2014)
  45. Nguyen, P.Q., Oswald, E. (eds.): EUROCRYPT 2014. LNCS, vol. 8441. Springer, Heidelberg (2014)
  46. Nikova, S, Rijmen, V, Schl盲ffer, M (2011) Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J. Cryptology 24: pp. 292-321 CrossRef
  47. Oswald, E., Rohatgi, P. (eds.): CHES 2008. LNCS, vol. 5154. Springer, Heidelberg (2008)
  48. Preneel, B., Takagi, T. (eds.): CHES 2011. LNCS, vol. 6917. Springer, Heidelberg (2011)
  49. Prouff, E., Rivain, M.: Masking against side-channel attacks: A formal security proof. In: Johansson and Nguyen [34], pp. 142鈥?59
  50. Prouff, E, Roche, T Attack on a higher-order masking of the AES based on homographic functions. In: Gong, G, Gupta, KC eds. (2010) Progress in Cryptology - INDOCRYPT 2010. Springer, Heidelberg, pp. 262-281 CrossRef
  51. Renauld, M., Kamel, D., Standaert, F.-X., Flandre, D.: Information theoretic and security analysis of a 65-Nanometer DDSLL AES S-box. In: Preneel and Takagi [48], pp. 223鈥?39
  52. Renauld, M, Standaert, F-X Algebraic side-channel attacks. In: Bao, F, Yung, M, Lin, D, Jing, J eds. (2010) Information Security and Cryptology. Springer, Heidelberg, pp. 393-410 CrossRef
  53. Renauld, M, Standaert, F-X, Veyrat-Charvillon, N Algebraic side-channel attacks on the AES: Why time also matters in DPA. In: Clavier, C, Gaj, K eds. (2009) Cryptographic Hardware and Embedded Systems - CHES 2009. Springer, Heidelberg, pp. 97-111 CrossRef
  54. Renauld, M, Standaert, F-X, Veyrat-Charvillon, N, Kamel, D, Flandre, D A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, KG eds. (2011) Advances in Cryptology 鈥?EUROCRYPT 2011. Springer, Heidelberg, pp. 109-128 CrossRef
  55. Rivain, M On the exact success rate of side channel analysis in the Gaussian model. In: Avanzi, RM, Keliher, L, Sica, F eds. (2009) Selected Areas in Cryptography. Springer, Heidelberg, pp. 165-183 CrossRef
  56. Rivain, M, Prouff, E Provably secure higher-order masking of AES. In: Mangard, S, Standaert, F-X eds. (2010) Cryptographic Hardware and Embedded Systems, CHES 2010. Springer, Heidelberg, pp. 413-427 CrossRef
  57. Roche, T, Prouff, E (2012) Higher-order Glitch Free Implementation of the AES using Secure Multi-Party Computation Protocols - Extended Version. J. Cryptographic Engineering 2: pp. 111-127 CrossRef
  58. Schindler, W, Lemke, K, Paar, C A stochastic model for differential side channel cryptanalysis. In: Rao, JR, Sunar, B eds. (2005) Cryptographic Hardware and Embedded Systems 鈥?CHES 2005. Springer, Heidelberg, pp. 30-46 CrossRef
  59. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald and Rohatgi [47], pp. 411鈥?25
  60. Standaert, F-X, Malkin, TG, Yung, M A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A eds. (2009) Advances in Cryptology - EUROCRYPT 2009. Springer, Heidelberg, pp. 443-461 CrossRef
  61. Standaert, F-X, Veyrat-Charvillon, N, Oswald, E, Gierlichs, B, Medwed, M, Kasper, M, Mangard, S The world is not enough: Another look on second-order DPA. In: Abe, M eds. (2010) Advances in Cryptology - ASIACRYPT 2010. Springer, Heidelberg, pp. 112-129 CrossRef
  62. Standaert, F-X, Peeters, E, Rouvroy, G, Quisquater, J-J (2006) An Overview of Power Analysis Attacks against Field Programmable Gate Arrays. Proceedings of the IEEE 94: pp. 383-394 CrossRef
  63. Standaert, F-X, Petit, C, Veyrat-Charvillon, N Masking with randomized look up tables - Towards preventing side-channel attacks of all orders. In: Naccache, D eds. (2012) Cryptography and Security: From Theory to Applications. Springer, Heidelberg, pp. 283-299 CrossRef
  64. Veyrat-Charvillon, N, G茅rard, B, Renauld, M, Standaert, F-X An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, LR, Wu, H eds. (2013) Selected Areas in Cryptography. Springer, Heidelberg, pp. 390-406 CrossRef
  65. Veyrat-Charvillon, N., G茅rard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson and Nguyen [34], pp. 126鈥?41
  66. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: A comprehensive study with cautionary note. In: Wang and Sako [67], pp. 740鈥?57
  67. Wang, X., Sako, K. (eds.): ASIACRYPT 2012. LNCS, vol. 7658. Springer, Heidelberg (2012)
  68. Whitnall, C, Oswald, E A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Rogaway, P eds. (2011) Advances in Cryptology 鈥?CRYPTO 2011. Springer, Heidelberg, pp. 316-334 CrossRef
  69. Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)
  
• 作者单位：Advances in Cryptology -- EUROCRYPT 2015
• 丛书名：978-3-662-46799-2
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

We investigate the relationships between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between measurement complexity and key enumeration in divide-and-conquer side-channel attacks, and show that it can be predicted based on the mutual information metric, by solving a non-linear integer programming problem for which efficient solutions exist. The combination of these observations enables significant reductions of the evaluation costs for certification bodies.