Does Coupling Affect the Security of Masked Implementations?

Masking schemes achieve provable security against side-channel analysis by using secret sharing to decorrelate key-dependent intermediate values of the cryptographic algorithm and side-channel information. Masking schemes make assumptions on how the underlying leakage mechanisms of hardware or software behave to account for various physical effects. In this paper, we investigate the effect of the physical placement on the security using leakage assessment on power measurements collected from an FPGA. In order to differentiate other masking failures, we use threshold implementations as masking scheme in conjunction with a high-entropy pseudorandom number generator. We show that we can observe differences in—possibly—exploitable leakage by placing functions corresponding to different shares of a cryptographic implementation in close proximity.

[1]  Patrick Schaumont,et al.  Side-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects , 2009, ISA.

[2]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[3]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[4]  Tim Güneysu,et al.  Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs , 2015, COSADE.

[5]  Einar Snekkenes,et al.  Layout Dependent Phenomena A New Side-channel Power Model , 2012, J. Comput..

[6]  Tim Güneysu,et al.  Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware , 2015, ACNS.

[7]  Rishi Bhooshan,et al.  Optimum IR drop models for estimation of metal resource requirements for power distribution network , 2007, 2007 IFIP International Conference on Very Large Scale Integration.

[8]  Jean-Max Dutertre,et al.  Evidence of an information leakage between logically independent blocks , 2015, CS2@HiPEAC.

[9]  V. Neelima,et al.  A More Efficient AES Threshold Implementation , 2016 .

[10]  Miquel Roca,et al.  Analysis of dissipation energy of switching digital CMOS gates with coupled outputs , 2003, Microelectron. J..

[11]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[12]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[13]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[14]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[15]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[16]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[17]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .

[18]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[19]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[20]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[21]  Einar Snekkenes,et al.  Security Implications of Crosstalk in Switching CMOS Gates , 2010, ISC.

[22]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[23]  Amir Moradi,et al.  Side-Channel Leakage through Static Power - Should We Care about in Practice? , 2014, CHES.

[24]  Thomas Eisenbarth,et al.  A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why it is Not , 2016, IACR Cryptol. ePrint Arch..

[25]  Begül Bilgin,et al.  Higher-Order Threshold Implementation of the AES S-Box , 2015, CARDIS.

[26]  Jan M. Rabaey,et al.  Digital Integrated Circuits: A Design Perspective , 1995 .

[27]  Chunjie Duan,et al.  On and Off-Chip Crosstalk Avoidance in VLSI Design , 2010 .

[28]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[29]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[30]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device , 2015, EUROCRYPT.

[31]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[32]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[33]  Hendra Guntur,et al.  Side-channel AttacK User Reference Architecture board SAKURA-G , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[34]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[35]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[36]  Kyung-Hee Lee,et al.  Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results , 2004, AES Conference.

[37]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[38]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[39]  Michael Hutter,et al.  Side-Channel Leakage across Borders , 2010, CARDIS.

[40]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[41]  Benjamin Grégoire,et al.  Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[42]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.