Share-slicing: Friend or Foe?

Masking is a well loved and widely deployed countermeasure against side channel attacks, in particular in software. Under certain assumptions (w.r.t. independence and noise level), masking provably prevents attacks up to a certain security order and leads to a predictable increase in the number of required leakages for successful attacks beyond this order. The noise level in typical processors where software masking is used may not be very high, thus low masking orders are not sufficient for real world security. Higher order masking however comes at a great cost, and therefore a number techniques have been published over the years that make such implementations more efficient via parallelisation in the form of bit or share slicing. We take two highly regarded schemes (ISW and Barthe et al.), and some corresponding open source implementations that make use of share slicing, and discuss their true security on an ARM Cortex-M0 and an ARM Cortex-M3 processor (both from the LPC series). We show that micro-architectural features of the M0 and M3 undermine the independence assumptions made in masking proofs and thus their theoretical guarantees do not translate into practice (even worse it seems unpredictable at which order leaks can be expected). Our results demonstrate how difficult it is to link theoretical security proofs to practical real-world security guarantees.

[1]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[2]  François-Xavier Standaert,et al.  Very High Order Masking: Efficient Implementation and Security Evaluation , 2017, IACR Cryptol. ePrint Arch..

[3]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[4]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[5]  François-Xavier Standaert,et al.  Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison , 2018, COSADE.

[6]  Yuan Yao,et al.  Fault-assisted side-channel analysis of masked implementations , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[7]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[8]  Adrian Thillard,et al.  Randomness Complexity of Private Circuits for Multiplication , 2016, EUROCRYPT.

[9]  François-Xavier Standaert,et al.  Reducing a Masked Implementation's Effective Security Order with Setup Manipulations And an Explanation Based on Externally-Amplified Couplings , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[10]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[11]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[12]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[13]  Kostas Papagiannopoulos,et al.  Bitsliced Masking and ARM: Friends or Foes? , 2016, LightSec.

[14]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[15]  Vincent Rijmen,et al.  Does Coupling Affect the Security of Masked Implementations? , 2017, COSADE.

[16]  Elisabeth Oswald,et al.  Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction Leakages , 2017, USENIX Security Symposium.

[17]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[18]  Emmanuel Prouff,et al.  A Generic Method for Secure SBox Implementation , 2007, WISA.

[19]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[20]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[21]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[22]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[23]  Amir Moradi,et al.  Threshold Implementation in Software - Case Study of PRESENT , 2018, IACR Cryptol. ePrint Arch..

[24]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[25]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[26]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[27]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[28]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[29]  Amir Moradi,et al.  Hardware Masking, Revisited , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[30]  Martin,et al.  The Designer's Guide to the Cortex-M Processor Family: A Tutorial Approach , 2013 .

[31]  Stefan Mangard,et al.  Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order , 2016, IACR Cryptol. ePrint Arch..

[32]  Steve Furber ARM System-on-Chip Architecture , 2000 .