论文信息 - Verified Proofs of Higher-Order Masking

Verified Proofs of Higher-Order Masking

In this paper, we study the problem of automatically verifying higher-order masking countermeasures. This problem is important in practice, since weaknesses have been discovered in schemes that were thought secure, but is inherently exponential: for \(t\)-order masking, it involves proving that every subset of \(t\) intermediate variables is distributed independently of the secrets. Some tools have been proposed to help cryptographers check their proofs, but are often limited in scope.

[1] Stefan Mangard,et al. Power analysis attacks - revealing the secrets of smart cards , 2007 .

[2] David S. Johnson,et al. Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[3] Claude Carlet,et al. Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[4] Silvio Micali,et al. Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[5] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[6] Benjamin Grégoire,et al. EasyCrypt: A Tutorial , 2013, FOSAD.

[7] Lejla Batina,et al. A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[8] Somesh Jha,et al. Satisfiability modulo counting: a new approach for analyzing privacy properties , 2014, CSL-LICS.

[9] David Novo,et al. Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[10] Eric Peeters,et al. Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[11] Benjamin Grégoire,et al. Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[12] Jean-Sébastien Coron,et al. Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[13] Chao Wang,et al. Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[14] Xavier Leroy,et al. Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[15] Stefan Mangard,et al. Template Attacks on Masking - Resistance Is Futile , 2007, CT-RSA.

[16] Alexander I. Barvinok,et al. A Polynomial Time Algorithm for Counting Integral Points in Polyhedra when the Dimension Is Fixed , 1993, FOCS.

[17] Patrick Schaumont,et al. QMS: Evaluating the side-channel resistance of masked software from source code , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[18] Emmanuel Prouff,et al. Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[19] Vinod Vaikuntanathan,et al. Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[20] Patrick Schaumont,et al. SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.

[21] Michael Tunstall,et al. Compiler Assisted Masking , 2012, CHES.

[22] Peeter Laud,et al. Automatic Proofs of Privacy of Secure Multi-party Computation Protocols against Active Adversaries , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[23] Pankaj Rohatgi,et al. Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[24] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[25] George C. Necula,et al. The design and implementation of a certifying compiler , 1998, PLDI.

[26] Rupak Majumdar,et al. Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[27] Seokhie Hong,et al. A Fast and Provably Secure Higher-Order Masking of AES S-Box , 2011, CHES.

[28] Jean-Sébastien Coron,et al. Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[29] Stefan Dziembowski,et al. Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[30] Johannes Blömer,et al. Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[31] Vincent Rijmen,et al. A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[32] Josep Balasch,et al. On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[33] Yuval Ishai,et al. Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[34] Christof Paar,et al. Higher Order Masking of the AES , 2006, CT-RSA.

[35] Markus G. Kuhn,et al. Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[36] François-Xavier Standaert,et al. Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[37] Benjamin Grégoire,et al. Certified Synthesis of Efficient Batch Verifiers , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[38] Rohit Chadha,et al. Reasoning about probabilistic sequential programs , 2007, Theor. Comput. Sci..

[39] Sumit Gulwani,et al. From relational verification to SIMD loop synthesis , 2013, PPoPP '13.

[40] Bruce M. Kapron,et al. On the Equality of Probabilistic Terms , 2010, LPAR.

[41] Emmanuel Prouff,et al. Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[42] Emmanuel Prouff,et al. Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[43] Bart Selman,et al. Model Counting , 2021, Handbook of Satisfiability.

[44] Emmanuel Prouff,et al. Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[45] Emmanuel Prouff,et al. Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[46] Benjamin Grégoire,et al. Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[47] Amir Pnueli,et al. Translation Validation , 1998, TACAS.

[48] Michaël Quisquater,et al. Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings , 2011, CHES.

[49] Benjamin Grégoire,et al. Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler , 2015, IACR Cryptol. ePrint Arch..

[50] Jean-Sébastien Coron,et al. Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.