nach oben

Journal of Cryptographic Engineering

Erschienen in:

01.06.2014 | Regular Paper

Achieving side-channel high-order correlation immunity with leakage squeezing

verfasst von: Claude Carlet, Jean-Luc Danger, Sylvain Guilley, Houssem Maghrebi, Emmanuel Prouff

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 2/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This article deeply analyzes high-order (HO) Boolean masking countermeasures against side-channel attacks in contexts where the shares are manipulated simultaneously and the correlation coefficient is used as a statistical distinguisher. The latter attacks are sometimes referred to as zero-offset high-order correlation power analysis (HO-CPA). In particular, the main focus is to get the most out of a single mask (i.e., for masking schemes with two shares). The relationship between the leakage characteristics and the attack efficiency is thoroughly studied. Our main contribution is to link the minimum attack order (called HO-CPA immunity) to the amount of information leaked. Interestingly, the HO-CPA immunity can be much larger than the number of shares in the masking scheme. This is made possible by the leakage squeezing. It is a variant of the Boolean masking where masks are recoded relevantly by bijections. This technique and others from the state-of-the-art (namely leak-free masking and wire-tap codes) are overviewed, and put in perspective.

Vorheriger Artikel Efficient binary polynomial multiplication based on optimized Karatsuba reconstruction

Nächster Artikel Scaling efficient code-based cryptosystems for embedded platforms

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

In the context of polynomials in variables \(L_0, \ldots , L_d\) over the field \(\mathbb {K}\) (e.g., \(\mathbb {K}=\mathbb {R}\)), our definition of multivariate degree coincides with the “usual” degree of polynomials in the algebra \(\mathbb {K}[L_0, \ldots , L_d]/(\prod _{i=0}^d L_i^2-L_i)\), also called sometimes the algebraic degree.

A similar result had already been derived by Le and Berthier in [30], based on a development of the Kullback–Leibler divergence (alike Lemma 3) at order \(4\) obtained also by Cardoso in an earlier work of his [9]. Our result, given in Eq. (6), can be seen as a generalization at any order.

Akkar, M.-L., Giraud, C.: An Implementation of DES and AES Secure against Some Attacks. In LNCS (ed) Proceedings of CHES’01, vol. 2162 of LNCS, pp. 309–318. Springer, Berlin (2001)

Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)CrossRefMATHMathSciNet

Bhasin, S., Carlet, C., Guilley, S.: Theory of masking with codewords in hardware: low-weight \(d\)th-order correlation-immune Boolean functions. Cryptology ePrint Archive, Report 2013/303, 2013. http://eprint.iacr.org/2013/303/

Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. Cryptology ePrint Archive, Report 2013/717, 2013. http://eprint.iacr.org/2013/717

Bhasin, S., Guilley, S., Heuser, A., Danger, J.-L.: From cryptography to hardware: analyzing and protecting embedded xilinx bram for cryptographic applications. J. Cryptogr. Eng. 3(4), 213–225 (2013)CrossRef

Brier, E., Clavier, C., Olivier, F.: Analysis, correlation power, with a leakage model. In: CHES, vol 3156 of LNCS, pp. 16–29. August 11–13, Cambridge, MA. Springer, Berlin (2004)

Bringer, J., Chabanne, H., Le, T.-H.: Protecting AES against side-channel analysis using wire-tap codes. J. Cryptogr. Eng. 2(2), 129–141 (2012)CrossRef

Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On correlation-immune functions. In: Feigenbaum, J. (ed) CRYPTO, Lecture Notes in Computer Science, vol. 576, pp. 86–100. Springer, Berlin (1991)

Cardoso, J.-F.: High-order contrasts for independent component analysis. Neural Comput. 11(1), 157–192 (January 1999)

10.

Cardoso, Jean-François: Dependence, correlation and gaussianity in independent component analysis. J. Mach. Learn. Res. 4, 1177–1203 (2003)MathSciNet

11.

Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P. (eds) Chapter of the Monography Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge. Preliminary version available at http://www.math.univ-paris13.fr/carlet/chap-fcts-Bool-corr.pdf (2010)

12.

Carlet, C., Danger, J.-L.: Sylvain Guilley, and Houssem Maghrebi. Leakage Squeezing of Order Two. In INDOCRYPT, vol. 7668 of LNCS, pp. 120–139. Springer, Berlin (2012)

13.

Carlet, C., Gaborit, P., Kim, J.-L., Solé, P.: A new class of codes for boolean masking of cryptographic computations. IEEE Trans. Inf. Theory 58(9), 6000–6011 (2012)CrossRef

14.

Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for S-Boxes. In: FSE, Lecture Notes in Computer Science. Springer, Berlin (2012)

15.

Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Approaches, towards sound, to counteract power-analysis attacks. In: CRYPTO, vol. 1666 of LNCS. Springer, Berlin (1999). ISBN 3-540-66347-9

16.

Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: CHES, vol. 2523 of LNCS, pp. 13–28. Springer, Berlin (2002)

17.

Coron, J.-S.: Higher order masking of look-up tables. Cryptology ePrint Archive, Report 2013/700. 2013. http://eprint.iacr.org/

18.

Jean-Sébastien Coron, Emmanuel Prouff, and Matthieu Rivain. Side Channel Cryptanalysis of a Higher Order Masking Scheme. In CHES, vo. 4727 of LNCS, pp. 28–44. Springer, Berlin

19.

Courtois, N., Goubin, L.: An algebraic masking method to protect AES against power attacks. In: Won, D., Kim, S. (eds) ICISC, vol. 3935 of Lecture Notes in Computer Science, pp. 199–209. Springer, Berlin (2005)

20.

Drimer, S., Güneysu, T., Paar, C.: DSPs, BRAMs, and a pinch of logic: Extended recipes for AES on FPGAs. ACM Trans. Reconfig. Technol. Syst. 3(1), 1–27 (2010). doi:10.1145/1661438.1661441

21.

Fischer, W., Gammel, B.M.: Masking at gate level in the presence of glitches. In: CHES, vol. 3659 of Lecture Notes in Computer Science, pp. 187–200. Springer, Berlin (2005)

22.

Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds) Selected Areas in Cryptography, vol. 6544 of LNCS, pp. 262–280. Springer, Berlin (2010)

23.

Goubin, L., Martinelli, A.: Protecting AES with Shamir’s Secret Sharing Scheme. In: Preneel and Takagi [42], pp. 79–94

24.

Goubin, L., Jacques P.: DES and differential power analysis. The “Duplication” Method. In: CHES, LNCS, pp. 158–172. Springer, Berlin (1999)

25.

Grosso, V., Standaert, F.-X., Prouff, E.: Leakage squeezing, Revisited. In: CARDIS, Lecture Notes in Computer Science. Springer, Berlin (2013)

26.

Guilley, S., Carlet, C., Maghrebi, H., Danger, J.-L., Prouff, E.: Leakage squeezing–defeating instantaneous \((d+1)\)th-order correlation power analysis with strictly less than \(d\) masks. In: CryptArchi, June 19–22 2012. Château de Goutelas, Marcoux, France; (abstract)

27.

Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Preneel and Takagi [42], pp. 33–48

28.

Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed) CT-RSA, vol. 7178 of Lecture Notes in Computer Science, pp. 231–244. Springer, Berlin (2012)

29.

Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Berlin (1999)

30.

Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds) IWSEC, volume 6434 of LNCS, pp. 285–300. Springer, Berlin (2010)

31.

Maghrebi, H., Carlet, C., Guilley, S., Danger, J.-L.: Optimal first-order masking with linear and non-linear bijections. In: Mitrokotsa, A., Vaudenay, S. (eds) AFRICACRYPT, vol. 7374 of Lecture Notes in Computer Science, pp. 360–377. Springer, Berlin (2012)

32.

Maghrebi, H., Guilley, S., Carlet, C., Danger, J.-L.: Classification of high-order boolean masking schemes and improvements of their efficiency. Cryptology ePrint Archive, Report 2011/520, September 2011. http://eprint.iacr.org/2011/520

33.

Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order atacks. In: WISTP, vol. 6633 of LNCS, pp. 208–223. Springer, Berlin (2011). doi:10.1007/978-3-642-21040-2_14

34.

Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: A first-order leak-free masking countermeasure. In: CT-RSA, vol. 7178 of LNCS, pp. 156–170. Springer, Berlin (2012). doi:10.1007/978-3-642-27954-6_10

35.

Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: Register leakage masking using gray code. In: HOST, IEEE Computer Society, pp. 37–42 (2012). doi:10.1109/HST.2012.6224316

36.

Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Springer, Berlin (2006). ISBN 0-387-30857-1, http://www.dpabook.org/

37.

Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: CHES, vol. 4249 of LNCS, pp. 76–90. Springer, Berlin (2006)

38.

Moradi, A., Mischke, O.: How far should theory be from practice? Evaluation of a countermeasure. In: CHES, Leuven, Belgium (2012)

39.

Nassar, M., Guilley, S., Danger, J.-L.: Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks. In: INDOCRYPT, vol. 7107 of LNCS, pp. 22–39. Springer, Berlin (2011). doi:10.1007/978-3-642-25578-6_4

40.

Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In: DATE, pp. 1173–1178. IEEE Computer Society, March 12–16, 2012. Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”)

41.

Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)CrossRefMATH

42.

Preneel, B., Takagi, T. (eds) Cryptographic hardware and embedded systems-CHES 2011—13th International Workshop, Nara, Japan, September 28-October 1, 2011. Proceedings, vol. 6917 of LNCS. Springer, Berlin (2011)

43.

Prouff, E., McEvoy, R.P.: First-order side-channel attacks on the permutation tables countermeasure. In: CHES, vol. 5747 of Lecture Notes in Computer Science, pp. 81–96. Springer, Berlin (2009)

44.

Prouff, E., Rivain, M.: Masking against side channel attacks: a formal security proof. In: EUROCRYPT, vol. 7881 of LNCS, pp. 142–159. Springer, Berlin (2013)

45.

Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)CrossRefMathSciNet

46.

Prouff, E., Roche, T.: Attack on a higher-order masking of the AES based on homographic functions. In: Gong, G., Chand Gupta, K. (eds) INDOCRYPT, vol. 6498 of Lecture Notes in Computer Science, pp. 262–281. Springer, Berlin (2010)

47.

Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel and Takagi [42], pp. 63–78

48.

Japanese RCIS-AIST. SASEBO (Side-channel Attack Standard Evaluation Board, Akashi Satoh) development board: 2013. http://www.risec.aist.go.jp/project/sasebo/

49.

Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds) CHES, vol. 6225 of LNCS, pp. 413–427. Springer, Berlin (2010)

50.

Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. Cryptology ePrint Archive, Report 2009/420, September 2009. http://eprint.iacr.org/2009/420

51.

Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: LNCS (ed) CHES, vol. 3659 of LNCS, pp. 30–46. Springer, Berlin (2005)

52.

Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, vol. 5479 of LNCS, pp. 443–461. Springer, Berlin (2009)

Titel: Achieving side-channel high-order correlation immunity with leakage squeezing
verfasst von: Claude Carlet
Jean-Luc Danger
Sylvain Guilley
Houssem Maghrebi
Emmanuel Prouff
Publikationsdatum: 01.06.2014
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 2/2014
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-013-0067-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2014

Efficient binary polynomial multiplication based on optimized Karatsuba reconstruction

Lyra: password-based key derivation with tunable memory and processing costs

Scaling efficient code-based cryptosystems for embedded platforms

Designing stream ciphers with scalable data-widths: a case study with HC-128

Premium Partner