Side-Channel Protections for Picnic Signatures

We study masking countermeasures for side-channel attacks against signature schemes constructed from the MPC-in-the-head paradigm, specifically when the MPC protocol uses preprocessing. This class of signature schemes includes Picnic, an alternate candidate in the third round of the NIST post-quantum standardization project. The only previously known approach to masking MPC-in-the-head signatures suffers from interoperability issues and increased signature sizes. Further, we present a new attack to demonstrate that known countermeasures are not sufficient when the MPC protocol uses a preprocessing phase, as in Picnic3.We overcome these challenges by showing how to mask the underlying zero-knowledge proof system due to Katz–Kolesnikov–Wang (CCS 2018) for any masking order, and by formally proving that our approach meets the standard security notions of non-interference for masking countermeasures. As a case study, we apply our masking technique to Picnic. We then implement different masked versions of Picnic signing providing first order protection for the ARM Cortex M4 platform, and quantify the overhead of these different masking approaches. We carefully analyze the side-channel risk of hashing operations, and give optimizations that reduce the CPU cost of protecting hashing in Picnic by a factor of five. The performance penalties of the masking countermeasures ranged from 1.8 to 5.5, depending on the degree of masking applied to hash function invocations.

[1]  Jean-Jacques Quisquater,et al.  Electromagnetic Attack , 2005, Encyclopedia of Cryptography and Security.

[2]  Fatemeh Ganji,et al.  Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[3]  Diego F. Aranha,et al.  Curve25519 for the Cortex-M4 and Beyond , 2017, LATINCRYPT.

[4]  Joan Daemen,et al.  Changing of the Guards: A Simple and Efficient Method for Achieving Uniformity in Threshold Sharing , 2017, CHES.

[5]  Itai Dinur,et al.  Multi-Target Attacks on the Picnic Signature Scheme and Related Protocols , 2019, IACR Cryptol. ePrint Arch..

[6]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[7]  Daniel Kales,et al.  Improving the Performance of the Picnic Signature Scheme , 2020, IACR Cryptol. ePrint Arch..

[8]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[9]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[10]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[11]  Benjamin Grégoire,et al.  Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[12]  Ko Stoffelen,et al.  First-Order Masking with Only Two Random Bits , 2019, TIS@CCS.

[13]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[14]  Jean-Sébastien Coron,et al.  Faster Evaluation of SBoxes via Common Shares , 2016, CHES.

[15]  Mehdi Tibouchi,et al.  Masking Dilithium: Efficient Implementation and Side-Channel Evaluation , 2019, IACR Cryptol. ePrint Arch..

[16]  Michael Tunstall,et al.  Applying TVLA to Public Key Cryptographic Algorithms , 2016, IACR Cryptol. ePrint Arch..

[17]  Carsten Baum,et al.  Concretely-Efficient Zero-Knowledge Arguments for Arithmetic Circuits and Their Application to Lattice-Based Cryptography , 2020, IACR Cryptol. ePrint Arch..

[18]  G. V. Assche,et al.  Building power analysis resistant implementations of Keccak , 2010 .

[19]  Björn Haase,et al.  AuCPace: Efficient verifier-based PAKE protocol tailored for the IIoT , 2019, IACR Cryptol. ePrint Arch..

[20]  Mehdi Tibouchi,et al.  GALACTICS: Gaussian Sampling for Lattice-Based Constant- Time Implementation of Cryptographic Signatures, Revisited , 2019, IACR Cryptol. ePrint Arch..

[21]  Stefan Mangard,et al.  Higher-Order Side-Channel Protected Implementations of KECCAK , 2017, 2017 Euromicro Conference on Digital System Design (DSD).

[22]  François Gérard,et al.  An Efficient and Provable Masked Implementation of qTESLA , 2019, IACR Cryptol. ePrint Arch..

[23]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[24]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[25]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[26]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[27]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[28]  Sebastian Berndt,et al.  SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis , 2020, IACR Cryptol. ePrint Arch..

[29]  Diego F. Aranha,et al.  Security of Hedged Fiat-Shamir Signatures under Fault Attacks , 2020, IACR Cryptol. ePrint Arch..

[30]  Emmanuela Orsini,et al.  BBQ: Using AES in Picnic Signatures , 2019, IACR Cryptol. ePrint Arch..

[31]  Thomas Eisenbarth,et al.  Faster Hash-Based Signatures with Bounded Leakage , 2013, Selected Areas in Cryptography.

[32]  Matthias J. Kannwischer,et al.  Differential Power Analysis of XMSS and SPHINCS , 2018, COSADE.

[33]  Benjamin Grégoire,et al.  Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler , 2015, IACR Cryptol. ePrint Arch..

[34]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[35]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[36]  Kasteelpark Arenberg,et al.  Sigma protocols for MQ, PKP and SIS, and fishy signature schemes , 2020 .

[37]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[38]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[39]  Matthias J. Kannwischer,et al.  Single-Trace Attacks on Keccak , 2020, IACR Cryptol. ePrint Arch..

[40]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[41]  Mehdi Tibouchi,et al.  Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices , 2022, Journal of Cryptology.

[42]  Benjamin Grégoire,et al.  maskVerif: Automated Verification of Higher-Order Masking in Presence of Physical Defaults , 2019, ESORICS.

[43]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[44]  Thomas Eisenbarth,et al.  Differential Power Analysis of the Picnic Signature Scheme , 2020, IACR Cryptol. ePrint Arch..

[45]  François-Xavier Standaert,et al.  Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference , 2020, IEEE Transactions on Information Forensics and Security.

[46]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[47]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[48]  Maciej Liskiewicz,et al.  A White-Box Masking Scheme Resisting Computational and Algebraic Attacks , 2021, IACR Cryptol. ePrint Arch..

[49]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[50]  François Durvaux,et al.  Towards Sound and Optimal Leakage Detection Procedure , 2017, IACR Cryptol. ePrint Arch..

[51]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[52]  Mehdi Tibouchi,et al.  Masking the GLP Lattice-Based Signature Scheme at Any Order , 2018, EUROCRYPT.