AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
Unifying Leakage Models: From Probing Attacks to Noisy Leakage 425 leakage resilient cryptography the security analysis of Prouff and Rivain relies on so-called leak-free gates

Unifying Leakage Models: from Probing Attacks to Noisy Leakage.

EUROCRYPT, no. 1 (2019): 423-440

Cited by: 6|Views297
EI

Abstract

A recent trend in cryptography is to formally show the leakage resilience of cryptographic implementations in a given leakage model. One of the most prominent leakage model—the so-called bounded leakage model—assumes that the amount of leakage that an adversary receives is a-priori bounded. Unfortunately, it has been pointed out by severa...More

Code:

Data:

Introduction
  • Physical side-channel attacks that exploit leakage emitting from devices are an important threat for cryptographic implementations.
  • Unifying Leakage Models: From Probing Attacks to Noisy Leakage 425 leakage resilient cryptography [8,10] the security analysis of Prouff and Rivain relies on so-called leak-free gates.
Highlights
  • Physical side-channel attacks that exploit leakage emitting from devices are an important threat for cryptographic implementations
  • Unifying Leakage Models: From Probing Attacks to Noisy Leakage 425 leakage resilient cryptography [8,10] the security analysis of Prouff and Rivain relies on so-called leak-free gates
  • As a first step in our security proof we show that we can simulate any adversary in the noisy leakage model of Prouff and Rivain with an adversary in a simpler noise model that we name a random probing adversary and is similar to a model introduced in [14]
  • A consequence of the simulation-based security analysis is that we require an additional mild assumption on the noise – namely, that it is efficiently computable. While this is a standard assumption made in most works on leakage resilient cryptography, we emphasize that we can drop the assumption of efficiently computable noise, when we only want to achieve the weaker security notion considered in [24]
  • We show that the construction from Section 5.3 is secure against the noisy leakage
Results
  • As a first step in the security proof the authors show that the authors can simulate any adversary in the noisy leakage model of Prouff and Rivain with an adversary in a simpler noise model that the authors name a random probing adversary and is similar to a model introduced in [14].
  • One technical difficulty is that the work of Prouff and Rivain considers joint noisy leakage from elementary operations, while the standard t-threshold-probing setting only talks about leakage from wires.
  • In the security analysis the authors use the the framework of leakage resilient circuits introduced in the seminal work of Ishai et al [14].
  • While this is a standard assumption made in most works on leakage resilient cryptography, the authors emphasize that the authors can drop the assumption of efficiently computable noise, when the authors only want to achieve the weaker security notion considered in [24].
  • The work of Faust et al [10] extends the security analysis of Ishai et al beyond the t-threshold-probing model by considering leakages that can be described by lowdepth circuits.
  • Another line of work considers circuits that are provably secure in the so-called continuous bounded leakage model [15,11,8,12].
  • A δ-noisy circuit adversary A is an adversary that has the following additional ability: after each ith round A gets some partial information about the internal state of the computation via the noisy leakage functions.
  • Consider two stateful circuits Γ and Γ and a randomized encoding function Enc. The authors say that Γ is a (δ, ξ)-noise resilient implementation of a circuit Γ w.r.t. Enc if the following holds for every k ∈ F|Γ.inp | : 1.
Conclusion
  • The authors define a δ-gate-noisy circuit adversary A as a machine that, besides of having black box access to a circuit Γ (k), can, after each ith round, get some partial information about the internal state of the computation via the δ-noisy leakage functions applied to the gates.
  • The authors say that Γ is a (δ, ξ)-input-gate-noise resilient implementation of a circuit Γ w.r.t. Enc if for every k and every δ-noisy circuit adversary A described above there exists a black-box circuit adversary S working in time polynomial in Γ · |F| such that bb g -noisy
Related work
  • Masking & leakage resilient circuits. A large body of work has proposed various masking schemes and studies their security in different security models (see, e.g., [13,2,23,31,27]). The already mentioned t-threshold-probing model has been considered in the work of Rivain and Prouff [27], who show how to extend the work of Ishai et al to larger fields and propose efficiency improvements. In [25] it was shown that techniques from multiparty computation can be used to show security in the t-threshold-probing model. The work of Standaert et al [31] studies masking schemes using the information theoretic framework of [29] by considering the Hamming weight model. Many other works analyze the security of the masking countermeasure and we refer the reader for further details to [24].
Funding
  • Received founding from the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC Grant agreement number 207908. † Received funding from the Marie Curie IEF/FP7 project GAPS, grant number: 626467
Reference
  • Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous Hardcore Bits and Cryptography against Memory Attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Blomer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-Order Masking Schemes for S-Boxes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 366–384. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koc, C.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)
    Google ScholarFindings
  • Coron, J.-S., Kizhvatov, I.: Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Duc, A., Dziembowski, S., Faust, S.: Unifying Leakage Models: from Probing Attacks to Noisy Leakage. Cryptology ePrint Archive, Report 2014/079 (2014), http://eprint.iacr.org/
    Locate open access versionFindings
  • Dziembowski, S., Faust, S.: Leakage-Resilient Circuits without Computational Assumptions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 230–247. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Dziembowski, S., Pietrzak, K.: Leakage-Resilient Cryptography. In: FOCS, pp. 293–302 (2008)
    Google ScholarFindings
  • Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 135–156. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Rothblum, G.N.: Securing computation against continuous leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 59–79.
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Rothblum, G.N.: How to Compute in the Presence of Leakage. In: FOCS, pp. 31–40 (2012)
    Google ScholarFindings
  • Goubin, L., Patarin, J.: DES and Differential Power Analysis (The “Duplication” Method). In: Koc, C.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • Ishai, Y., Sahai, A., Wagner, D.: Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Juma, A., Vahlis, Y.: Protecting Cryptographic Keys against Continual Leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 41–58. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Katz, J., Vaikuntanathan, V.: Signature Schemes with Bounded Leakage Resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 703–720. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
    Google ScholarLocate open access versionFindings
  • Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag New York, Inc., Secaucus (2007)
    Google ScholarFindings
  • Micali, S., Reyzin, L.: Physically Observable Cryptography (Extended Abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Miles, E., Viola, E.: Shielding circuits with groups. In: STOC, pp. 251–260 (2013)
    Google ScholarFindings
  • Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2005)
    Google ScholarFindings
  • 24. Prouff, E., Rivain, M.: Masking against Side-Channel Attacks: A Formal Security Proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • 25. Prouff, E., Roche, T.: Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)
    Google ScholarLocate open access versionFindings
  • 26. Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • 27. Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427.
    Google ScholarLocate open access versionFindings
  • 28. Rothblum, G.N.: How to Compute under AC0 Leakage without Secure Hardware. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 552– 569. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • 29. Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461.
    Google ScholarLocate open access versionFindings
  • 30. Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-Resilient Symmetric Cryptography under Empirically Verifiable Assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • 31. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The World Is Not Enough: Another Look on SecondOrder DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010) 32.
    Google ScholarLocate open access versionFindings
  • Veyrat-Charvillon, N., Standaert, F.-X.: Adaptive Chosen-Message Side-Channel Attacks. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 186–199.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科