Masking and leakage-resilient primitives: One, the other(s) or both?

Securing cryptographic implementations against side-channel attacks is one of the most important challenges in modern cryptography. Many countermeasures have been introduced for this purpose, and analyzed in specialized security models. Formal solutions have also been proposed to extend the guarantees of provable security to physically observable devices. Masking and leakage-resilient cryptography are probably the most investigated and best understood representatives of these two approaches. Unfortunately, claims whether one, the other or their combination provides better security at lower cost remained vague so far. In this paper, we provide the first comprehensive treatment of this important problem. For this purpose, we analyze whether cryptographic implementations can be security-bounded, in the sense that the time complexity of the best side-channel attack is lower-bounded, independent of the number of measurements performed. Doing so, we first put forward a significant difference between stateful primitives such as leakage-resilient PRGs (that easily ensure bounded security), and stateless ones such as leakage-resilient PRFs (that hardly do). We then show that in practice, leakage-resilience alone provides the best security vs. performance tradeoff when bounded security is achievable, while masking alone is the solution of choice otherwise. That is, we highlight that one (x)or the other approach should be privileged, which contradicts the usual intuition that physical security is best obtained by combining countermeasures. Besides, our experimental results underline that despite defined in exactly the same way, the bounded leakage requirement in leakage-resilient PRGs and PRFs imply significantly different challenges for hardware designers. Namely, such a bounded leakage is much harder to guarantee for stateless primitives (like PRFs) than for statefull ones (like PRGs). As a result, constructions of leakage-resilient PRGs and PRFs proven under the same bounded leakage assumption, and instantiated with the same AES implementation, may lead to different practical security levels.

[1]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[2]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[3]  Amir Moradi,et al.  Glitch-free implementation of masking in modern FPGAs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[4]  Michael J. Wiener,et al.  Advances in cryptology, CRYPTO '99 : 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999 : proceedings , 1999, CRYPTO 1999.

[5]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[6]  François-Xavier Standaert,et al.  Masking vs. multiparty computation: how large is the gap for AES? , 2013, Journal of Cryptographic Engineering.

[7]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[8]  François-Xavier Standaert,et al.  Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness , 2013, CT-RSA.

[9]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[10]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[11]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[12]  Antoine Joux,et al.  Advances in cryptology : EUROCRYPT 2009 : 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009 : proceedings , 2009 .

[13]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[14]  Phong Q. Nguyen,et al.  Advances in cryptology - EUROCRYPT 2013 : 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques Athens, Greece, May 26-30, 2013 : proceedings , 2013 .

[15]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[16]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[17]  Antoine Joux,et al.  Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs , 2012, CHES.

[18]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[19]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[20]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[21]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[22]  David Bol,et al.  Towards Green Cryptography: A Comparison of Lightweight Ciphers from the Energy Viewpoint , 2012, CHES.

[23]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[24]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[25]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[26]  Antoine Joux,et al.  Advances in Cryptology - EUROCRYPT 2009 , 2009, Lecture Notes in Computer Science.

[27]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[28]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002: 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers , 2003 .

[29]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[30]  Michaël Quisquater,et al.  Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings , 2011, CHES.

[31]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[32]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[33]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[34]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[35]  Yi Wang,et al.  FPGA Implementations of the AES Masked Against Power Analysis Attacks , 2011 .

[36]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[37]  Daniel Page,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005 , 2004 .

[38]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[39]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[40]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[41]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[42]  Pierre-Alain Fouque,et al.  Leakage-Resilient Symmetric Encryption via Re-keying , 2013, CHES.

[43]  Guido Bertoni,et al.  Cryptographic Hardware and Embedded Systems - CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings , 2013, Lecture Notes in Computer Science.

[44]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[45]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[46]  Sebastian Faust,et al.  Practical Leakage-Resilient Symmetric Cryptography , 2012, CHES.

[47]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[48]  François Durvaux,et al.  Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models , 2012, CARDIS.

[49]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[50]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[51]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[52]  Stefan Mangard,et al.  Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis , 2014, Journal of Cryptographic Engineering.

[53]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[54]  S. Micali,et al.  How To Construct Randolli Functions , 1984, FOCS 1984.

[55]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[56]  François-Xavier Standaert,et al.  Masking vs. Multiparty Computation: How Large Is the Gap for AES? , 2013, CHES.

[57]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[58]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[59]  Eric Peeters,et al.  Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[60]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[61]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[62]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[63]  Patrick Schaumont,et al.  Cryptographic hardware and embedded systems : CHES 2012 : 14th International Workshop, Leuven, Belgium, September 9-12, 2012 : proceedings , 2012 .

[64]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[65]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[66]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.