Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Leakage-resilient cryptosystems aim to maintain security in situations where their implementation leaks physical information about their internal secrets. Because of their efficiency and usability on a wide range of platforms, solutions based on symmetric primitives (such as block ciphers) are particularly attractive in this context. So far, the literature has mostly focused on the design of leakage-resilient pseudorandom objects (e.g. PRGs, PRFs, PRPs). In this paper, we consider the complementary and practically important problem of designing secure authentication and encryption schemes. For this purpose, we follow a pragmatic approach based on the advantages and limitations of existing leakage-resilient pseudorandom objects, and rely on the (arguably necessary, yet minimal) use of a leak-free component. The latter can typically be instantiated with a block cipher implementation protected by traditional countermeasures, and we investigate how to combine it with the more intensive use of a much more efficient (less protected) block cipher implementation. Based on these premises, we propose and analyse new constructions of leakage-resilient MAC and encryption schemes, which allow fixing security and efficiency drawbacks of previous proposals in this direction. For encryption, we additionally provide a detailed discussion of why previously proposed (indistinguishability based) security definitions cannot capture actual side-channel attacks, and suggest a relaxed and more realistic way to quantify leakage-resilience in this case, by reducing the security of many iterations of the primitive to the security of a single iteration, independent of the security notion guaranteed by this single iteration (that remains hard to define).

[1]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[2]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[3]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[4]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[5]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[6]  François-Xavier Standaert,et al.  Masking and leakage-resilient primitives: One, the other(s) or both? , 2015, Cryptography and Communications.

[7]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[8]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[9]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[10]  Ariel Hamlin,et al.  Unifying Leakage Classes: Simulatable Leakage and Pseudoentropy , 2015, ICITS.

[11]  Joachim Schipper,et al.  Leakage-resilient authentication. , 2011 .

[12]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[13]  François-Xavier Standaert,et al.  Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness , 2013, CT-RSA.

[14]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[15]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[16]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[17]  François-Xavier Standaert,et al.  Masking vs. multiparty computation: how large is the gap for AES? , 2013, Journal of Cryptographic Engineering.

[18]  Matthew J. B. Robshaw,et al.  The Block Cipher Companion , 2011, Information Security and Cryptography.

[19]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[20]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[21]  Elisabeth Oswald,et al.  A Leakage Resilient MAC , 2015, IMACC.

[22]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[23]  Pierre-Alain Fouque,et al.  Leakage-Resilient Symmetric Encryption via Re-keying , 2013, CHES.

[24]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2015, Journal of Cryptology.

[25]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[26]  Michael Tunstall,et al.  Simulatable Leakage: Analysis, Pitfalls, and New Constructions , 2014, ASIACRYPT.

[27]  Yi Wang,et al.  FPGA Implementations of the AES Masked Against Power Analysis Attacks , 2011 .

[28]  Sebastian Faust,et al.  Practical Leakage-Resilient Symmetric Cryptography , 2012, CHES.

[29]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[30]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[31]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[32]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[33]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[34]  Srinivas Vivek,et al.  A Leakage-Resilient Pairing-Based Variant of the Schnorr Signature Scheme , 2013, IMACC.

[35]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[36]  Moti Yung,et al.  A block cipher based pseudo random number generator secure against side-channel key recovery , 2008, ASIACCS '08.