Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version

We investigate the relationship between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between the measurement complexity and the key enumeration time complexity in divide-and-conquer side-channel attacks and show that these complexities can be lower bounded based on the mutual information metric, using simple and efficient algorithms. The combination of these observations enables significant reductions of the evaluation costs for certification bodies.

[1]  Elisabeth Oswald,et al.  Advances in Cryptology – EUROCRYPT 2014 , 2014, Lecture Notes in Computer Science.

[2]  Liwei Zhang,et al.  A Statistical Model for Higher Order DPA on Masked Devices , 2014, IACR Cryptol. ePrint Arch..

[3]  K. Schittkowski,et al.  NONLINEAR PROGRAMMING , 2022 .

[4]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[5]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[6]  François-Xavier Standaert,et al.  Masking Proofs are Tight (and How to Exploit it in Security Evaluations) , 2018, IACR Cryptol. ePrint Arch..

[7]  Kazue Sako,et al.  Advances in cryptology -- ASIACRYPT 2012 : 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6 2012 : proceedings , 2012 .

[8]  Aurélien Francillon,et al.  Smart Card Research and Advanced Applications , 2013, Lecture Notes in Computer Science.

[9]  François-Xavier Standaert,et al.  Masking with Randomized Look Up Tables - Towards Preventing Side-Channel Attacks of All Orders , 2012, Cryptography and Security.

[10]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[11]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[12]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[13]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[14]  François-Xavier Standaert,et al.  Efficient Masked S-Boxes Processing - A Step Forward - , 2014, AFRICACRYPT.

[15]  François Durvaux,et al.  Towards easy leakage certification: extended version , 2017, Journal of Cryptographic Engineering.

[16]  Emmanuel Prouff,et al.  Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols , 2012, Journal of Cryptographic Engineering.

[17]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[18]  Romain Poussier,et al.  Comparing Approaches to Rank Estimation for Side-Channel Security Evaluations , 2015, CARDIS.

[19]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[20]  Alexander Vardy,et al.  A Cryptographic Treatment of the Wiretap Channel , 2012, IACR Cryptol. ePrint Arch..

[21]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[22]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[23]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[24]  Jean-Sébastien Coron,et al.  Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme , 2016, CHES.

[25]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[26]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[27]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[28]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[29]  Cécile Canovas,et al.  Kernel Discriminant Analysis for Information Extraction in the Presence of Masking , 2016, CARDIS.

[30]  Adrian Thillard,et al.  How to Estimate the Success Rate of Higher-Order Side-Channel Attacks , 2014, IACR Cryptol. ePrint Arch..

[31]  Romain Poussier,et al.  Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment , 2015, FSE.

[32]  Denis Flandre,et al.  Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box , 2011, CHES.

[33]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[34]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[35]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[36]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[37]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[38]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[39]  François-Xavier Standaert,et al.  Masking and leakage-resilient primitives: One, the other(s) or both? , 2015, Cryptography and Communications.

[40]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[41]  Thomas Eisenbarth,et al.  Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery , 2014, CARDIS.

[42]  Elisabeth Oswald,et al.  Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.

[43]  Yevgeniy Dodis,et al.  Shannon Impossibility, Revisited , 2012, ICITS.

[44]  Pankaj Rohatgi,et al.  Cryptographic Hardware and Embedded Systems Ches 2008 , 2009 .

[45]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[46]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[47]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[48]  Emmanuel Prouff,et al.  Attack on a Higher-Order Masking of the AES Based on Homographic Functions , 2010, INDOCRYPT.

[49]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[50]  François-Xavier Standaert,et al.  Extractors against side-channel attacks: weak or strong? , 2011, Journal of Cryptographic Engineering.

[51]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[52]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[53]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[54]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[55]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[56]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[57]  Jean-Sébastien Coron,et al.  Conversion of Security Proofs from One Leakage Model to Another: A New Issue , 2012, COSADE.

[58]  Maciej Skorski,et al.  Noisy Leakage Revisited , 2015, EUROCRYPT.

[59]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[60]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[61]  Thomas M. Cover,et al.  Elements of Information Theory: Cover/Elements of Information Theory, Second Edition , 2005 .

[62]  S. Griffis EDITOR , 1997, Journal of Navigation.

[63]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[64]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[65]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[66]  Claude Carlet,et al.  Leakage squeezing: Optimal implementation and security evaluation , 2014, J. Math. Cryptol..

[67]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[68]  Amir Moradi,et al.  Glitch-free implementation of masking in modern FPGAs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[69]  Alexander Vardy,et al.  Semantic Security for the Wiretap Channel , 2012, CRYPTO.

[70]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[71]  Vincent Rijmen,et al.  Does Coupling Affect the Security of Masked Implementations? , 2017, COSADE.

[72]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[73]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[74]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[75]  Gerhard Goos,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999, Lecture Notes in Computer Science.

[76]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[77]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[78]  Matthew J. B. Robshaw,et al.  Cryptographic hardware and embedded systems - CHES 2014: 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings , 2014 .

[79]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[80]  Elisabeth Oswald,et al.  Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer , 2014, ASIACRYPT.

[81]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[82]  R. Walker β ℕ Revisited , 1974 .

[83]  Louis Goubin,et al.  Protecting AES with Shamir's Secret Sharing Scheme , 2011, CHES.

[84]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[85]  François Durvaux,et al.  How to Certify the Leakage of a Chip? , 2014, IACR Cryptol. ePrint Arch..

[86]  Tanja Lange,et al.  Tighter, faster, simpler side-channel security evaluations beyond computing power , 2015, IACR Cryptol. ePrint Arch..

[87]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.