Tornado: Automatic Generation of Probing-Secure Masked Bitsliced Implementations

Cryptographic implementations deployed in real world devices often aim at (provable) security against the powerful class of side-channel attacks while keeping reasonable performances. Last year at Asiacrypt, a new formal verification tool named tightPROVE was put forward to exactly determine whether a masked implementation is secure in the well-deployed probing security model for any given security order t. Also recently, a compiler named Usuba was proposed to automatically generate bitsliced implementations of cryptographic primitives.

[1]  Thomas Peyrin,et al.  SKINNY-AEAD and SKINNY-Hash , 2020, IACR Trans. Symmetric Cryptol..

[2]  Thomas Peyrin,et al.  Gift-cofb , 2020, IACR Cryptol. ePrint Arch..

[3]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[4]  Ko Stoffelen,et al.  Optimizing S-Box Implementations for Several Criteria Using SAT Solvers , 2016, FSE.

[5]  Pierre-Évariste Dagand,et al.  Usuba: high-throughput and constant-time ciphers, by construction , 2019, PLDI.

[6]  Srinivas Vivek,et al.  Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures , 2014, CHES.

[7]  Lionel Lacassagne,et al.  Usuba: Optimizing & Trustworthy Bitslicing Compiler , 2018, WPMVP@PPoPP.

[8]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[9]  Joan Daemen,et al.  The Subterranean 2.0 Cipher Suite , 2020, IACR Trans. Symmetric Cryptol..

[10]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[11]  Joan Daemen,et al.  Xoodyak, a lightweight cryptographic scheme , 2020, IACR Trans. Symmetric Cryptol..

[12]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[13]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[14]  Avik Chakraborti,et al.  PHOTON -Beetle Authenticated Encryption and Hash Family , 2021 .

[15]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[16]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[17]  Thomas Peters,et al.  Spook : Sponge-Based Leakage-Resilient Authenticated Encryption with a Masked Tweakable Block Cipher , 2019 .

[18]  Joan Daemen,et al.  Xoodoo cookbook , 2018, IACR Cryptol. ePrint Arch..

[19]  Peter Schwabe,et al.  All the AES You Need on Cortex-M3 and M4 , 2016, SAC.

[20]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[21]  Yosuke Todo,et al.  Gimli : A Cross-Platform Permutation , 2017, CHES.

[22]  François-Xavier Standaert,et al.  Very High Order Masking: Efficient Implementation and Security Evaluation , 2017, IACR Cryptol. ePrint Arch..

[23]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[24]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[25]  Kostas Papagiannopoulos,et al.  Mind the Gap: Towards Secure 1st-Order Masking in Software , 2017, COSADE.

[26]  Claude Carlet,et al.  Algebraic Decomposition for Probing Security , 2015, CRYPTO.

[27]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[28]  Jean-Sébastien Coron,et al.  Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme , 2016, CHES.

[29]  Sonia Belaïd,et al.  Tight Private Circuits: Achieving Probing Security with the Least Refreshing , 2018, IACR Cryptol. ePrint Arch..

[30]  Peter Schwabe,et al.  pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4 , 2019, IACR Cryptol. ePrint Arch..

[31]  Ko Stoffelen,et al.  Efficient Cryptography on the RISC-V Architecture , 2019, IACR Cryptol. ePrint Arch..