Constructive Side-Channel Analysis and Secure Design

In this paper, we optimize the performances and compare several recent masking schemes in bitslice on 32-bit arm devices, with a focus on multiplication. Our main conclusion is that efficiency (or randomness) gains always come at a cost, either in terms of composability or in terms of resistance against horizontal attacks. Our evaluations should therefore allow a designer to select a masking scheme based on implementation constraints and security requirements. They also highlight the increasing feasibility of (very) high-order masking that are offered by increasingly powerful embedded devices, with new opportunities of highsecurity devices in various contexts.

[1]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[2]  Mehdi Tibouchi,et al.  Bit-Flip Faults on Elliptic Curve Base Fields, Revisited , 2014, ACNS.

[3]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[4]  Arjen K. Lenstra,et al.  Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction , 2012, Int. J. Appl. Cryptogr..

[5]  Alfred Menezes,et al.  Another look at HMQV , 2007, J. Math. Cryptol..

[6]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[7]  Romain Poussier,et al.  Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach , 2016, CHES.

[8]  Jörn-Marc Schmidt,et al.  A Fault Attack on ECDSA , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[9]  Jasper G. J. van Woudenberg,et al.  RAM: Rapid Alignment Method , 2011, CARDIS.

[10]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[11]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[12]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[13]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[14]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[15]  Michael Tunstall,et al.  Masking Tables - An Underestimated Security Risk , 2013, FSE.

[16]  László Babai,et al.  On Lovász' Lattice Reduction and the Nearest Lattice Point Problem (Shortened Version) , 1985, STACS.

[17]  Frederik Vercauteren,et al.  To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order , 2011, CHES.

[18]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[19]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[20]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[21]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[22]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[23]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[24]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[25]  Dan Nichols,et al.  Public-key Cryptography and elliptic curves , 2015 .

[26]  Alfred Menezes,et al.  On the Importance of Public-Key Validation in the MQV and HMQV Key Agreement Protocols , 2006, INDOCRYPT.

[27]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[28]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[29]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[30]  Nigel P. Smart,et al.  Analysis of the Insecurity of ECMQV with Partially Known Nonces , 2003, ISC.

[31]  Michael Tunstall,et al.  Efficient Use of Random Delays in Embedded Software , 2007, WISTP.

[32]  Hung-Min Sun,et al.  Improved authenticated multiple-key agreement protocol , 2003 .

[33]  Alberto Battistello,et al.  Common Points on Elliptic Curves: The Achilles' Heel of Fault Attack Countermeasures , 2014, COSADE.