论文信息 - Side-channel Masking with Pseudo-Random Generator

Side-channel Masking with Pseudo-Random Generator

High-order masking countermeasures against side-channel attacks usually require plenty of randomness during their execution. For security against t probes, the classical ISW countermeasure requires \(\mathcal{O}(t^2 s)\) random bits, where s is the circuit size. However running a True Random Number Generator (TRNG) can be costly in practice and become a bottleneck on embedded devices. In [IKL+13] the authors introduced the notion of robust pseudo-random number generator (PRG), which must remain secure even against an adversary who can probe at most t wires. They showed that when embedding a robust PRG within a private circuit, the number of random bits can be reduced to \(\mathcal{\tilde{O}}(t^{4})\), that is independent of the circuit size s (up to a logarithmic factor). Using bipartite expander graphs, this can be further reduced to \(\mathcal{\tilde{O}}(t^{3+\varepsilon })\); however the resulting construction is impractical.

[1] Rafail Ostrovsky,et al. Robust Pseudorandom Generators , 2013, ICALP.

[2] Jean-Sébastien Coron,et al. Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations , 2018, IACR Cryptol. ePrint Arch..

[3] Sebastian Faust,et al. Amortizing Randomness Complexity in Private Circuits , 2017, IACR Cryptol. ePrint Arch..

[4] Benjamin Grégoire,et al. Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[5] Adrian Thillard,et al. Randomness Complexity of Private Circuits for Multiplication , 2016, EUROCRYPT.

[6] Enkatesan G Uruswami. Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes , 2008 .

[7] François-Xavier Standaert,et al. Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference , 2020, IEEE Transactions on Information Forensics and Security.

[8] Yuval Ishai,et al. Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[9] Emmanuel Prouff,et al. Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[10] Benjamin Grégoire,et al. Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[11] Yuval Ishai,et al. Private Circuits: A Modular Approach , 2018, IACR Cryptol. ePrint Arch..

[12] Stefan Mangard,et al. Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.