Prouff & Rivain’s Formal Security Proof of Masking, Revisited Tight Bounds in the Noisy Leakage Model

. Masking is a counter-measure that can be incorporated to software and hardware implementations of block ciphers to provably secure them against side-channel attacks. The security of masking can be proven in different types of threat models. In this paper, we are interested in directly proving the security in the most realistic threat model, the so-called noisy leakage adversary, that captures well how real-world side-channel adversaries operate. Direct proofs in this leakage model have been established by Prouff & Rivain at Eurocrypt 2013 , Dziembowski et al. at Eurocrypt 2015 , and Prest et al. at Crypto 2019 . These proofs are complementary to each other, in the sense that the weaknesses of one proof are fixed in at least one of the others, and conversely. These weaknesses concerned in particular the strong requirements on the noise level and the security parameter to get meaningful security bounds, and some requirements on the type of adversary covered by the proof — i.e. , chosen or random plaintexts. This suggested that the drawbacks of each security bound could actually be proof artifacts. In this paper, we solve these issues, by revisiting Prouff & Rivain’s approach.

[1]  N. Homma,et al.  On the Success Rate of Side-Channel Attacks on Masked Implementations: Information-Theoretical Bounds and Their Practical Usage , 2022, IACR Cryptol. ePrint Arch..

[2]  Matthieu Rivain,et al.  Probing Security through Input-Output Separation and Revisited Quasilinear Masking , 2021, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[3]  O. Rioul,et al.  Attacking Masked Cryptographic Implementations: Information-Theoretic Bounds , 2021, 2022 IEEE International Symposium on Information Theory (ISIT).

[4]  Emmanuel Prouff,et al.  Random Probing Security: Verification, Composition, Expansion and New Constructions , 2020, IACR Cryptol. ePrint Arch..

[5]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version , 2015, Journal of Cryptology.

[6]  Alain Passelègue,et al.  Unifying Leakage Models on a Rényi Day , 2019, IACR Cryptol. ePrint Arch..

[7]  Antoine Joux,et al.  How to Securely Compute with Noisy Leakage in Quasilinear Complexity , 2018, IACR Cryptol. ePrint Arch..

[8]  Yuval Ishai,et al.  Private Circuits: A Modular Approach , 2018, IACR Cryptol. ePrint Arch..

[9]  François-Xavier Standaert,et al.  Masking Proofs are Tight (and How to Exploit it in Security Evaluations) , 2018, IACR Cryptol. ePrint Arch..

[10]  Jean-Sébastien Coron,et al.  High Order Masking of Look-up Tables with Common Shares , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[11]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[12]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[13]  Jean-Sébastien Coron,et al.  Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme , 2016, CHES.

[14]  Marcin Andrychowicz,et al.  Circuit Compilers with O(1/\log (n)) Leakage Rate , 2016, EUROCRYPT.

[15]  Maciej Skorski,et al.  Optimal Amplification of Noisy Leakages , 2016, TCC.

[16]  Sylvain Guilley,et al.  Multivariate High-Order Attacks of Shuffled Tables Recomputation , 2015, Journal of Cryptology.

[17]  Maciej Skorski,et al.  Noisy Leakage Revisited , 2015, EUROCRYPT.

[18]  Stefan Dziembowski,et al.  Unifying Leakage Models: From Probing Attacks to Noisy Leakage , 2014, Journal of Cryptology.

[19]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[20]  Varun Jog,et al.  The Entropy Power Inequality and Mrs. Gerber's Lemma for groups of order 2n , 2013, 2013 IEEE International Symposium on Information Theory.

[21]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[22]  S. Boucheron,et al.  Concentration inequalities : a non asymptotic theory of independence , 2013 .

[23]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[24]  Michael Tunstall,et al.  Masking Tables - An Underestimated Security Risk , 2013, FSE.

[25]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[26]  Miklós Ajtai,et al.  Secure computation with information leaking to an adversary , 2011, STOC.

[27]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[28]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[29]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[30]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[31]  Meir Feder,et al.  The uniform distribution as a universal prior , 2004, IEEE Transactions on Information Theory.

[32]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[33]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[34]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[35]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[36]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[37]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[38]  Luan Cardoso dos Santos,et al.  Rivain-Prouff on Steroids: Faster and Stronger Masking of the AES , 2022, CARDIS.

[39]  O. Rioul,et al.  Removing the Field Size Loss from Duc et al.'s Conjectured Bound for Masked Encodings , 2022, IACR Cryptol. ePrint Arch..

[40]  O. Rioul,et al.  A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations , 2022, IACR Cryptol. ePrint Arch..

[41]  François-Xavier Standaert,et al.  Towards Tight Random Probing Security , 2021, IACR Cryptol. ePrint Arch..

[42]  Abdul Rahman Taleb,et al.  On the Power of Expansion: More Efficient Constructions in the Random Probing Model , 2021, IACR Cryptol. ePrint Arch..

[43]  Abdul Rahman Taleb,et al.  Dynamic Random Probing Expansion with Quasi Linear Asymptotic Complexity , 2021, IACR Cryptol. ePrint Arch..

[44]  Éliane Jaulmes,et al.  A Systematic Appraisal of Side Channel Evaluation Strategies , 2020, SSR.

[45]  Sylvain Guilley,et al.  Best Information is Most Successful , 2019, IACR Cryptol. ePrint Arch..

[46]  Yoshio Tanigawa,et al.  On the Gcd-Sum Function , 2008 .

[47]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[48]  Aaron D. Wyner,et al.  A theorem on the entropy of certain binary sequences and applications-I , 1973, IEEE Trans. Inf. Theory.