Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device

We investigate the relationships between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between measurement complexity and key enumeration in divide-and-conquer side-channel attacks, and show that it can be predicted based on the mutual information metric, by solving a non-linear integer programming problem for which efficient solutions exist. The combination of these observations enables significant reductions of the evaluation costs for certification bodies.

[1]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[2]  Stefan Mangard,et al.  Power Analysis Attacks and Countermeasures , 2007, IEEE Design & Test of Computers.

[3]  François Durvaux,et al.  How to Certify the Leakage of a Chip? , 2014, IACR Cryptol. ePrint Arch..

[4]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[5]  Tanja Lange,et al.  Tighter, faster, simpler side-channel security evaluations beyond computing power , 2015, IACR Cryptol. ePrint Arch..

[6]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[7]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[8]  Elisabeth Oswald,et al.  Advances in Cryptology – EUROCRYPT 2014 , 2014, Lecture Notes in Computer Science.

[9]  Matthew J. B. Robshaw,et al.  Cryptographic hardware and embedded systems - CHES 2014: 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings , 2014 .

[10]  Kazue Sako,et al.  Advances in cryptology -- ASIACRYPT 2012 : 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6 2012 : proceedings , 2012 .

[11]  François-Xavier Standaert,et al.  Masking with Randomized Look Up Tables - Towards Preventing Side-Channel Attacks of All Orders , 2012, Cryptography and Security.

[12]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[13]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[14]  中嶋 純子,et al.  Cryptographic Hardware and Embedded Systems (CHES'99)国際会議参加報告 , 1999 .

[15]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[16]  François-Xavier Standaert,et al.  Security Evaluations beyond Computing Power , 2013, EUROCRYPT.

[17]  François-Xavier Standaert,et al.  Efficient Masked S-Boxes Processing - A Step Forward - , 2014, AFRICACRYPT.

[18]  Amir Moradi,et al.  Glitch-free implementation of masking in modern FPGAs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[19]  Alexander Vardy,et al.  Semantic Security for the Wiretap Channel , 2012, CRYPTO.

[20]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[21]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[22]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[23]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[24]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[25]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[26]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[27]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[28]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[29]  Adrian Thillard,et al.  How to Estimate the Success Rate of Higher-Order Side-Channel Attacks , 2014, IACR Cryptol. ePrint Arch..

[30]  Thomas M. Cover,et al.  Elements of Information Theory 2006 , 2009 .

[31]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[32]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[33]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[34]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[35]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[36]  Elisabeth Oswald,et al.  Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.

[37]  Yevgeniy Dodis,et al.  Shannon Impossibility, Revisited , 2012, ICITS.

[38]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[39]  Louis Goubin,et al.  Protecting AES with Shamir's Secret Sharing Scheme , 2011, CHES.

[40]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[41]  Liwei Zhang,et al.  A Statistical Model for Higher Order DPA on Masked Devices , 2014, IACR Cryptol. ePrint Arch..

[42]  Jean-Sébastien Coron,et al.  Conversion of Security Proofs from One Leakage Model to Another: A New Issue , 2012, COSADE.

[43]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[44]  Maciej Skorski,et al.  Noisy Leakage Revisited , 2015, EUROCRYPT.

[45]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[46]  Thomas M. Cover,et al.  Elements of Information Theory: Cover/Elements of Information Theory, Second Edition , 2005 .

[47]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[48]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[49]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[50]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[51]  Claude Carlet,et al.  Leakage squeezing: Optimal implementation and security evaluation , 2014, J. Math. Cryptol..

[52]  Emmanuel Prouff,et al.  Attack on a Higher-Order Masking of the AES Based on Homographic Functions , 2010, INDOCRYPT.

[53]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[54]  Romain Poussier,et al.  Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment , 2015, FSE.

[55]  Romain Poussier,et al.  Comparing Approaches to Rank Estimation for Side-Channel Security Evaluations , 2015, CARDIS.

[56]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[57]  Denis Flandre,et al.  Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box , 2011, CHES.

[58]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[59]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[60]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[61]  François-Xavier Standaert,et al.  Masking and leakage-resilient primitives: One, the other(s) or both? , 2015, Cryptography and Communications.

[62]  François-Xavier Standaert,et al.  Extractors against side-channel attacks: weak or strong? , 2011, Journal of Cryptographic Engineering.

[63]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[64]  Dimitri P. Bertsekas,et al.  Nonlinear Programming , 1997 .

[65]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[66]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[67]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[68]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[69]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[70]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[71]  Emmanuel Prouff,et al.  Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols , 2012, Journal of Cryptographic Engineering.

[72]  Alexander Vardy,et al.  A Cryptographic Treatment of the Wiretap Channel , 2012, IACR Cryptol. ePrint Arch..

[73]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.