Noisy Leakage Revisited

Physical side-channel leakages are an important threat for cryptographic implementations. One of the most prominent countermeasures against such leakage attacks is the use of a masking scheme. A masking scheme conceals the sensitive information by randomizing intermediate values thereby making the physical leakage independent of the secret. An important practical leakage model to analyze the security of a masking scheme is the so-called noisy leakage model of Prouff and Rivain (Eurocrypt’13). Unfortunately, security proofs in the noisy leakage model require a technically involved information theoretic argument. Very recently, Duc et al. (Eurocrypt’14) showed that security in the probing model of Ishai et al. (Crypto’03) implies security in the noisy leakage model. Unfortunately, the reduction to the probing model is non-tight and requires a rather counter-intuitive growth of the amount of noise, i.e., the Prouff-Rivain bias parameter decreases proportional to the size of the set \({\mathcal X}\) of the elements that are leaking (e.g., if the leaking elements are bytes, then \(\left| {\mathcal X}\right| = 256\)). The main contribution of our work is to eliminate this non-optimality in the reduction by introducing an alternative leakage model, that we call the average probing model. We show a tight reduction between the noisy leakage model and the much simpler average random probing model; in fact, we show that these two models are essentially equivalent. We demonstrate the potential of this equivalence by two applications: We show security of the additive masking scheme used in many previous works for a constant bias parameter. We show that the compiler of Ishai et al. (Crypto’03) is secure in the average probing model (assuming a simple leak free component). This results into security with an optimal bias parameter of the noisy leakage for the ISW construction.

[1]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[2]  G. Rothblum How to Compute under AC 0 Leakage without Secure Hardware , 2012 .

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[5]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[6]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[7]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[8]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[9]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[10]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[11]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[12]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[13]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[14]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[15]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[16]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[17]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[18]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography in the Standard Model , 2008, IACR Cryptol. ePrint Arch..

[19]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[20]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[21]  Devdatt P. Dubhashi,et al.  Concentration of Measure for the Analysis of Randomized Algorithms: Contents , 2009 .

[22]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[23]  Stefan Dziembowski,et al.  Leakage-Resilient Circuits without Computational Assumptions , 2012, TCC.

[24]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[25]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[26]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[27]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[28]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[29]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[30]  Guy N. Rothblum,et al.  How to Compute under ${\cal{AC}}^{\sf0}$ Leakage without Secure Hardware , 2012, CRYPTO.

[31]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.