Towards side-channel secure block ciphers

Since the late 90's side-channel attacks have been a threat for cryptographic implementations. They use observations of physical features of a device while it computes cryptographic algorithms. These leakages can give information about the key. A common countermeasure against such attacks is masking. The main idea of masking is to randomize the internal state. In consequence an adversary must combine of several leakages to mount the attack. Masking schemes have an impact on the efficiency of the implementations. In this thesis, we explore different solutions to improve the efficiency of masking implementations. Firstly, we explore solutions for masking implementations for the AES. We investigate the use of amortization technique to reduce the cost of polynomial masking. We also propose a new way to combine Boolean secure multiplications to reduce the cost of masking. Next, we focus on the assumptions used for proofs of masking. We show that the use of low entropy masking schemes can ... Document type : Thèse (Dissertation) Référence bibliographique Grosso, Vincent. Towards side-channel secure block ciphers. Prom. : Standaert, François-Xavier Ecole polytechnique de Louvain ICTEAM Institute UCL Crypto Group Towards Side-Channel Secure Block Ciphers

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[3]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[4]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[5]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[6]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[7]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[8]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[9]  Yi Wang,et al.  FPGA Implementations of the AES Masked Against Power Analysis Attacks , 2011 .

[10]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[11]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[12]  Sylvain Guilley,et al.  Leakage Squeezing Countermeasure against High-Order Attacks , 2011, WISTP.

[13]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[14]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002: 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers , 2003 .

[15]  Matthew J. B. Robshaw,et al.  The Block Cipher Companion , 2011, Information Security and Cryptography.

[16]  Oscar Reparaz A note on the security of Higher-Order Threshold Implementations , 2015, IACR Cryptol. ePrint Arch..

[17]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[18]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[19]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[20]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[21]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[22]  Tommaso Toffoli,et al.  Reversible Computing , 1980, ICALP.

[23]  Marcel Keller,et al.  Secure Multiparty AES (full paper) , 2009, IACR Cryptol. ePrint Arch..

[24]  Joan Boyar,et al.  A New Combinational Logic Minimization Technique with Applications to Cryptology , 2010, SEA.

[25]  Thomas Johansson,et al.  A Framework for Chosen IV Statistical Analysis of Stream Ciphers , 2007, INDOCRYPT.

[26]  Elisabeth Oswald,et al.  Advances in Cryptology – EUROCRYPT 2014 , 2014, Lecture Notes in Computer Science.

[27]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[28]  Claude Carlet,et al.  Leakage Squeezing of Order Two , 2012, INDOCRYPT.

[29]  Bahram Honary,et al.  Cryptography and Coding: 8th IMA International Conference Cirencester, UK, December 17-19, 2001 Proceedings , 2002 .

[30]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[31]  François-Xavier Standaert,et al.  Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version , 2012, Journal of Cryptographic Engineering.

[32]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[33]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[34]  Guido Bertoni,et al.  Cryptographic Hardware and Embedded Systems - CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings , 2013, Lecture Notes in Computer Science.

[35]  Kazue Sako,et al.  Advances in cryptology -- ASIACRYPT 2012 : 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6 2012 : proceedings , 2012 .

[36]  Aurélien Francillon,et al.  Smart Card Research and Advanced Applications , 2013, Lecture Notes in Computer Science.

[37]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[38]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[39]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[40]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[41]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[42]  Jean-Sébastien Coron,et al.  Conversion of Security Proofs from One Leakage Model to Another: A New Issue , 2012, COSADE.

[43]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[44]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[45]  Florian Mendel,et al.  Higher-Order Cryptanalysis of LowMC , 2015, ICISC.

[46]  David Novo,et al.  Automatic Application of Power Analysis Countermeasures , 2015, IEEE Transactions on Computers.

[47]  Masayuki Abe Advances in Cryptology - ASIACRYPT 2010 - 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5-9, 2010. Proceedings , 2010, ASIACRYPT.

[48]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[49]  Claude Carlet,et al.  Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions , 2013, IACR Cryptol. ePrint Arch..

[50]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[51]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[52]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[53]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[54]  Thomas Peyrin,et al.  Cryptanalysis of Zorro , 2013, IACR Cryptol. ePrint Arch..

[55]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[56]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[57]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[58]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[59]  Emmanuel Prouff,et al.  A Generic Method for Secure SBox Implementation , 2007, WISA.

[60]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[61]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[62]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[63]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[64]  Daesung Kwon,et al.  New Block Cipher: ARIA , 2003, ICISC.

[65]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[66]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[67]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[68]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[69]  Michaël Quisquater,et al.  Montgomery's Trick and Fast Implementation of Masked AES , 2011, AFRICACRYPT.

[70]  Marcel Keller,et al.  Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol , 2012, SCN.

[71]  Xiaoli Yu,et al.  Differential Cryptanalysis and Linear Distinguisher of Full-Round Zorro , 2014, ACNS.

[72]  Patrick Schaumont,et al.  Cryptographic hardware and embedded systems : CHES 2012 : 14th International Workshop, Leuven, Belgium, September 9-12, 2012 : proceedings , 2012 .

[73]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[74]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[75]  Amir Moradi,et al.  Glitch-free implementation of masking in modern FPGAs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[76]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[77]  Donald Ervin Knuth,et al.  The Art of Computer Programming, Volume II: Seminumerical Algorithms , 1970 .

[78]  Stefan Mangard,et al.  Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis , 2014, Journal of Cryptographic Engineering.

[79]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[80]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[81]  François-Xavier Standaert,et al.  Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks , 2011, CARDIS.

[82]  Begül Bilgin,et al.  Higher-Order Glitch Resistant Implementation of the PRESENT S-Box , 2014, BalkanCryptSec.

[83]  François-Xavier Standaert,et al.  Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness , 2013, CT-RSA.

[84]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[85]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[86]  Vincent Rijmen,et al.  The KHAZAD Legacy-Level Block Cipher , 2001 .

[87]  Srinivas Vivek,et al.  Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012 , 2013, CHES.

[88]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[89]  Sylvain Guilley,et al.  Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks , 2011, INDOCRYPT.

[90]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[91]  Nils J. Nilsson,et al.  A Formal Basis for the Heuristic Determination of Minimum Cost Paths , 1968, IEEE Trans. Syst. Sci. Cybern..

[92]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[93]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[94]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[95]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[96]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[97]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[98]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[99]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[100]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[101]  Marc Fischlin,et al.  Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I , 2015, EUROCRYPT.

[102]  David Pointcheval,et al.  Progress in cryptology : AFRICACRYPT 2014 : 7th international conference on cryptology in Africa Marrakesh, Morocco, May 28-30, 2014 : proceedings , 2014 .