Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography: A Practical Guide Through the Leakage-Resistance Jungle

Triggered by the increasing deployment of embedded cryptographic devices (e.g., for the IoT), the design of authentication, encryption and authenticated encryption schemes enabling improved security against side-channel attacks has become an important research direction. Over the last decade, a number of modes of operation have been proposed and analyzed under different abstractions. In this paper, we investigate the practical consequences of these findings. For this purpose, we first translate the physical assumptions of leakage-resistance proofs into minimum security requirements for implementers. Thanks to this (heuristic) translation, we observe that (i) security against physical attacks can be viewed as a tradeoff between mode-level and implementation-level protection mechanisms, and (ii) security requirements to guarantee confidentiality and integrity in front of leakage can be concretely different for the different parts of an implementation. We illustrate the first point by analyzing several modes of operation with gradually increased leakage-resistance. We illustrate the second point by exhibiting leveled implementations, where different parts of the investigated schemes have different security requirements against leakage, leading to performance improvements when high physical security is needed. We finally initiate a comparative discussion of the different solutions to instantiate the components of a leakage-resistant authenticated encryption scheme.

[1]  Jean-Sébastien Coron,et al.  Conversion of Security Proofs from One Leakage Model to Another: A New Issue , 2012, COSADE.

[2]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[3]  Kan Yasuda,et al.  Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Pierre-Alain Fouque,et al.  Leakage-Resilient Symmetric Encryption via Re-keying , 2013, CHES.

[6]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[7]  Moti Yung,et al.  A block cipher based pseudo random number generator secure against side-channel key recovery , 2008, ASIACCS '08.

[8]  Thomas Peters,et al.  Spook : Sponge-Based Leakage-Resilient Authenticated Encryption with a Masked Tweakable Block Cipher , 2019 .

[9]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[10]  Ventzislav Nikov,et al.  Unknown-Input Attacks in the Parallel Setting: Improving the Security of the CHES 2012 Leakage-Resilient PRF , 2016, ASIACRYPT.

[11]  François-Xavier Standaert,et al.  Hardware Private Circuits: From Trivial Composition to Full Verification , 2020, IEEE Transactions on Computers.

[12]  Romain Poussier,et al.  Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach , 2016, CHES.

[13]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[14]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[15]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[16]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[17]  Thomas Peters,et al.  Ciphertext Integrity with Misuse and Leakage: Definition and Efficient Constructions with Symmetric Primitives , 2018, AsiaCCS.

[18]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[19]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[20]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[21]  François-Xavier Standaert,et al.  Masking and leakage-resilient primitives: One, the other(s) or both? , 2015, Cryptography and Communications.

[22]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[23]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..

[24]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[25]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device , 2015, EUROCRYPT.

[26]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[27]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[28]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[29]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[30]  François-Xavier Standaert,et al.  Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness , 2013, CT-RSA.

[31]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[32]  Bart Mennink,et al.  Security of Keyed Sponge Constructions Using a Modular Proof Approach , 2015, FSE.

[33]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[34]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[35]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[36]  François-Xavier Standaert,et al.  Towards Fair and Efficient Evaluations of Leaking Cryptographic Devices - Overview of the ERC Project CRASH, Part I (Invited Talk) , 2016, SPACE.

[37]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[38]  Bart Mennink,et al.  Leakage Resilience of the Duplex Construction , 2019, IACR Cryptol. ePrint Arch..

[39]  Yael Tauman Kalai,et al.  Multiparty computation secure against continual memory leakage , 2012, STOC '12.

[40]  Elisabeth Oswald,et al.  Authenticated Encryption in the Face of Protocol and Side Channel Leakage , 2017, ASIACRYPT.

[41]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[42]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[43]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[44]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[45]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[46]  Michael Tunstall,et al.  Simulatable Leakage: Analysis, Pitfalls, and New Constructions , 2014, ASIACRYPT.

[47]  Thomas Peters,et al.  On Leakage-Resilient Authenticated Encryption with Decryption Leakages , 2017, IACR Trans. Symmetric Cryptol..

[48]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[49]  Zhizhang Chen,et al.  Side channel power analysis of an AES-256 bootloader , 2015, 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE).

[50]  Patrick Struck,et al.  Sponges Resist Leakage: The Case of Authenticated Encryption , 2019, IACR Cryptol. ePrint Arch..

[51]  Srinivas Vivek,et al.  Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives , 2015, CCS.

[52]  François-Xavier Standaert,et al.  Authenticated Encryption with Nonce Misuse and Physical Leakage: Definitions, Separation Results and First Construction - (Extended Abstract) , 2019, LATINCRYPT.

[53]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[54]  François-Xavier Standaert,et al.  Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction , 2020, IACR Trans. Symmetric Cryptol..

[55]  Atul Luykx,et al.  Boosting Authenticated Encryption Robustness with Minimal Modifications , 2017, CRYPTO.

[56]  Bart Mennink,et al.  Full-State Keyed Duplex with Built-In Multi-user Support , 2017, ASIACRYPT.

[57]  Thomas Peters,et al.  TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications , 2019, IACR Cryptol. ePrint Arch..

[58]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[59]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[60]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[61]  Pierre-Évariste Dagand,et al.  Tornado: Automatic Generation of Probing-Secure Masked Bitsliced Implementations , 2020, EUROCRYPT.

[62]  David Bol,et al.  Towards Green Cryptography: A Comparison of Lightweight Ciphers from the Energy Viewpoint , 2012, CHES.

[63]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[64]  François-Xavier Standaert,et al.  Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction , 2020 .

[65]  Ingrid Verbauwhede,et al.  Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[66]  Ariel Hamlin,et al.  Unifying Leakage Classes: Simulatable Leakage and Pseudoentropy , 2015, ICITS.

[67]  Stefan Mangard,et al.  Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis , 2014, Journal of Cryptographic Engineering.

[68]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[69]  François-Xavier Standaert,et al.  Side-Channel Countermeasures' Dissection and the Limits of Closed Source Security Evaluations , 2019, IACR Cryptol. ePrint Arch..

[70]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[71]  Alex Biryukov,et al.  State of the Art in Lightweight Symmetric Cryptography , 2017, IACR Cryptol. ePrint Arch..

[72]  François-Xavier Standaert,et al.  ASCA, SASCA and DPA with Enumeration: Which One Beats the Other and When? , 2015, ASIACRYPT.

[73]  Sebastian Faust,et al.  Practical Leakage-Resilient Symmetric Cryptography , 2012, CHES.

[74]  Yael Tauman Kalai,et al.  Public-Key Encryption Schemes with Auxiliary Inputs , 2010, TCC.

[75]  Georg Sigl,et al.  High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained - And An Improved Construction , 2018, IACR Cryptol. ePrint Arch..

[76]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[77]  Yael Tauman Kalai,et al.  A Survey of Leakage-Resilient Cryptography , 2019, IACR Cryptol. ePrint Arch..

[78]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[79]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[80]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[81]  François-Xavier Standaert,et al.  Strong Authenticity with Leakage under Weak and Falsifiable Physical Assumptions , 2019, IACR Cryptol. ePrint Arch..

[82]  Matthias J. Kannwischer,et al.  Single-Trace Attacks on Keccak , 2020, IACR Cryptol. ePrint Arch..

[83]  Thomas Shrimpton,et al.  Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[84]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[85]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.