Tamper-Proof Circuits: How to Trade Leakage for Tamper-Resilience

Tampering attacks are cryptanalytic attacks on the implementation of cryptographic algorithms (e.g., smart cards), where an adversary introduces faults with the hope that the tampered device will reveal secret information. Inspired by the work of Ishai et al. [Eurocrypt' 06], we propose a compiler that transforms any circuit into a new circuit with the same functionality, but which is resilient against a welldefined and powerful tampering adversary. More concretely, our transformed circuits remain secure even if the adversary can adaptively tamper with every wire in the circuit as long as the tampering fails with some probability δ > 0. This additional requirement is motivated by practical tampering attacks, where it is often difficult to guarantee the success of a specific attack. Formally, we show that a q-query tampering attack against the transformed circuit can be "simulated" with only black-box access to the original circuit and log(q) bits of additional auxiliary information. Thus, if the implemented cryptographic scheme is secure against log(q) bits of leakage, then our implementation is tamper-proof in the above sense. Surprisingly, allowing for this small amount of information leakage allows for much more efficient compilers, which moreover do not require randomness during evaluation. Similar to earlier works our compiler requires small, stateless and computation-independent tamper-proof gadgets. Thus, our result can be interpreted as reducing the problem of shielding arbitrary complex computation to protecting simple components.

[1]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[2]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[3]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[4]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[5]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[6]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[7]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[8]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[9]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[10]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[11]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[12]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[13]  Hovav Shacham,et al.  Advances in Cryptology – CRYPTO 2018 , 2002, Lecture Notes in Computer Science.

[14]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[15]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[16]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[17]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[18]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[19]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[20]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[21]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[22]  Stefan Lucks Ciphers Secure against Related-Key Attacks , 2004, FSE.

[23]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[24]  Moses D. Liskov,et al.  On Related-Secret Pseudorandomness , 2010, TCC.

[25]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[26]  Martin Otto,et al.  Fault attacks and countermeasures , 2005 .