2015 | OriginalPaper | Buchkapitel
Noisy Leakage Revisited
verfasst von : Stefan Dziembowski, Sebastian Faust, Maciej Skorski
Erschienen in: Advances in Cryptology - EUROCRYPT 2015
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Physical side-channel leakages are an important threat for cryptographic implementations. One of the most prominent countermeasures against such leakage attacks is the use of a masking scheme. A masking scheme conceals the sensitive information by randomizing intermediate values thereby making the physical leakage independent of the secret. An important practical leakage model to analyze the security of a masking scheme is the so-called noisy leakage model of Prouff and Rivain (Eurocrypt’13). Unfortunately, security proofs in the noisy leakage model require a technically involved information theoretic argument. Very recently, Duc et al. (Eurocrypt’14) showed that security in the probing model of Ishai et al. (Crypto’03) implies security in the noisy leakage model. Unfortunately, the reduction to the probing model is non-tight and requires a rather counter-intuitive growth of the amount of noise, i.e., the Prouff-Rivain bias parameter decreases proportional to the size of the set
$${\mathcal X}$$
of the elements that are leaking (e.g., if the leaking elements are bytes, then
$$\left| {\mathcal X}\right| = 256$$
). The main contribution of our work is to eliminate this non-optimality in the reduction by introducing an alternative leakage model, that we call the
average probing model
. We show a tight reduction between the noisy leakage model and the much simpler average random probing model; in fact, we show that these two models are essentially equivalent. We demonstrate the potential of this equivalence by two applications:
We show security of the additive masking scheme used in many previous works for a constant bias parameter.
We show that the compiler of Ishai et al. (Crypto’03) is secure in the average probing model (assuming a simple leak free component). This results into security with an
optimal bias parameter
of the noisy leakage for the ISW construction.