nach oben

Journal of Cryptographic Engineering

Erschienen in:

07.01.2021 | Regular Paper

Spectral approach to process the (multivariate) high-order template attack against any masking scheme

verfasst von: Maamar Ouladj, Sylvain Guilley, Philippe Guillot, Farid Mokrane

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cryptographic software is particularly vulnerable to side-channel attacks when programmed in embedded devices. Indeed, the leakage is particularly intense compared to the noise level, making it mandatory for the developer to implement side-channel attack protections. Random masking is a customary option, but in this case, the countermeasure must be high order, meaning that each sensitive variable is splitted into multiple (at least two) shares. Attacks therefore become computationally challenging. In this paper, we show that high-order template attacks can be expressed under the form of a convolution. This formulation allows for a considerable speed-up in their computation thanks to fast Fourier transforms. To further speed-up the attack, we also provide an interesting multi-threading implementation of this approach. This strategy naturally applies to template attacks where the leakage of each share is multivariate. We show that this strategy can be adapted to several masking schemes, inherently to the way the splitting is realized. This technique allows us to validate multiple very high-order attacks (order of some tens). In particular, it has revealed a non-trivial flaw (hard to detect otherwise) in a multivariate extension of the DSM masking (and subsequently to fix it, and validate its rationale).

Vorheriger Artikel Melting SNOW-V: improved lightweight architectures

Nächster Artikel Parallel modular multiplication using 512-bit advanced vector instructions

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

32-core Intel(R) Xeon(R) CPU E7- 8837 @ 2.67GHz, with 256 GB of RAM.

Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Oswald and Fischlin [36], pp. 486–510

Balasch, J., Faust, S. , Gierlichs, B., Paglialonga, C., Standaert, F.: Consolidating inner product masking. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part I, Volume 10624 of Lecture Notes in Computer Science, pp. 724–754. Springer (2017)

Balasch, J., Faust, S., Gierlichs, B., Verbauwhede, I.: Theory and Practice of a Leakage Resilient Masking Scheme. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012–18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2–6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science, pp. 758–775. Springer (2012)

Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y.: Verified Proofs of Higher-Order Masking. In: Oswald and Fischlin [36], pp. 457–485

Battistello, A., Coron, J., Prouff, E., Zeitoun, R.: Horizontal side-channel attacks and countermeasures on the ISW masking scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2016—18th International Conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, volume 9813 of Lecture Notes in Computer Science, pp. 23–39. Springer (2016)

Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking—a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks. In: WISTP, volume 8501 of LNCS, pp. 40–56. Springer, Heraklion, Greece (2014)

Bruneau, Ni., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Less is more—dimensionality reduction from a theoretical perspective. In: Güneysu, T., Handschuh, H (eds) Cryptographic Hardware and Embedded Systems—CHES 2015—17th International Workshop, Saint-Malo, France, September 13–16, 2015, Proceedings, volume 9293 of Lecture Notes in Computer Science, pp. 22–41. Springer (2015)

Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Optimal side-channel attacks for multivariate leakages and multiple models. J. Cryptogr. Eng. 7(4), 331–341 (2017)CrossRef

Bruneau, N., Guilley, S., Heuser, A., Rioul, O.: Masks will fall off—higher-order optimal distinguishers. In: Sarkar, P., Iwata, T. (eds) Advances in Cryptology—ASIACRYPT 2014—20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014, Proceedings, Part II, volume 8874 of Lecture Notes in Computer Science, pp. 344–365. Springer (2014)

10.

Bruneau, N., Guilley, S., Heuser, A. , Rioul, O., Standaert, F.-X., Teglia, Y.: Taylor expansion of maximum likelihood attacks for masked and shuffled implementations. In: Cheon, J.H., Takagi, T. (eds) Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, volume 10031 of Lecture Notes in Computer Science, pp. 573–601 (2016)

11.

Carlet, C.: Correlation-immune Boolean functions for leakage squeezing and rotating S-box masking against side channel attacks. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE, volume 8204 of Lecture Notes in Computer Science, pp. 70–74. Springer (2013)

12.

Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing of order two. In: Galbraith, S.D., Nandi, M. (eds) Progress in Cryptology—INDOCRYPT 2012, 13th International Conference on Cryptology in India, Kolkata, India, December 9–12, 2012. Proceedings, volume 7668 of Lecture Notes in Computer Science, pp. 120–139. Springer (2012)

13.

Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing: optimal implementation and security evaluation. J. Math. Cryptol. 8(3), 249–295 (2014)MathSciNetCrossRef

14.

Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H., Prouff, E.: Achieving side-channel high-order correlation immunity with leakage squeezing. J. Cryptogr. Eng. 4(2), 107–121 (2014)CrossRef

15.

Carlet, C., Guilley, S.: Side-channel indistinguishability. In: HASP, pp. 9:1–9:8. New York, NY, USA, June 23–24 2013. ACM (2013)

16.

Cedric, T., Carlet, C., Guilley, S., Daif, A.: Polynomial direct sum masking to protect against both SCA and FIA. J. Cryptogr. Eng. 9, 303–312 (2018)

17.

Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (eds). CRYPTO, volume 1666 of Lecture Notes in Computer Science, pp. 398–412. Springer (1999)

18.

Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Jr., Koç, Ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 13–28. Springer (2002)

19.

Cheng, W., Guilley, S., Carlet, C., Mesnager, S., Danger, J.-L.: Optimizing inner product masking scheme by a coding theory approach. IEEE Trans. Inf. Forensics Secur. 16, 220–235 (2021)CrossRef

20.

Danger, J.-L., Guilley, S.: Protection des modules de cryptographie contre les attaques en observation d’ordre élevé sur les implémentations à base de masquage, 20 Janvier 2009. Brevet Français FR09/50341, assigné à l’Institut TELECOM (2009)

21.

DeTrano, A., Karimi, N., Karri, R., Guo, X., Carlet, C., Guilley, S.: Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets. Sci World J (2015). https://doi.org/10.1155/2015/743618CrossRef

22.

Dziembowski, S., Faust, S.: Leakage-resilient cryptography from the inner-product extractor. In: Lee, D.H., Wang, X. (eds.) Advances in cryptology—ASIACRYPT 2011—17th international conference on the theory and application of cryptology and information security, Seoul, South Korea, December 4–8, 2011. Proceedings, volume 7073 of Lecture Notes in Computer Science, pp. 702–721. Springer (2011)

23.

Goubin, L.: A sound method for switching between Boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES, volume 2162 of Lecture Notes in Computer Science, pp. 3–15. Springer (2001)

24.

Guilley, S., Heuser, A., Rioul, O.: Codes for side-channel attacks and protections. In: Hajji, E.S., Nitaj, A., Souidi, E.M. (eds.) Codes, Cryptology and Information Security—Second International Conference, C2SI 2017, Rabat, Morocco, April 10–12, 2017, Proceedings—In Honor of Claude Carlet, volume 10194 of Lecture Notes in Computer Science, pp. 35–55. Springer (2017)

25.

Karmakar, S., Chowdhury, D.R.: Leakage squeezing using cellular automata. In: Kari, J., Kutrib, M, Malcher, A. (eds.) Automata, volume 8155 of Lecture Notes in Computer Science, pp. 98–109. Springer (2013)

26.

Kutzner, S., Poschmann, A.: On the security of RSM—presenting 5 first- and second-order attacks. In: Prouff, E. (eds.) Constructive Side-Channel Analysis and Secure Design—5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised Selected Papers, volume 8622 of Lecture Notes in Computer Science, pp. 299–312. Springer(2014)

27.

Lemke, K., Schramm, K., Paar, C.: DPA on \(n\)-bit sized boolean and arithmetic operations and its application to IDEA, RC6, and the HMAC-construction. In: CHES, volume 3156 of Lecture Notes in Computer Science, pp. 205–219. Springer. August 11–13 2004. Cambridge, MA, USA

28.

Lemke-Rust, K., Paar, C.: Gaussian mixture models for higher-order side channel analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES, volume 4727 of LNCS, pp. 14–27. Springer (2007)

29.

Lipp, M., Kogler, A., Oswald, D., Schwarz, M., Easdon, C., Canella, C., Gruss, D.: With great power comes great leakage: software-based power side-channel attacks on x86 (2020)

30.

Lomné, V., Prouff, E., Rivain, M., Roche, T., Thillard, A.: How to estimate the success rate of higher-order side-channel attacks. In: Batina, L., Robshaw, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2014—16th international workshop, Busan, South Korea, September 23–26, 2014. Proceedings, volume 8731 of Lecture Notes in Computer Science, pp. 35–54. Springer (2014)

31.

Luo, D.: fwht: Fast walsh hadamard transform in python, June 11 (2015). https://github.com/dingluo/fwht

32.

Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Springer, December 2006. ISBN 0-387-30857-1. http://www.dpabook.org/ (2006)

33.

Massey, J.L.: Linear codes with complementary duals. Discrete Math. 106–107, 337–342 (1992)

34.

Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Rosenstiel, W., Thiele, L. (eds.) 2012 Design, Automation & Test in Europe Conference & Exhibition, DATE 2012, Dresden, Germany, March 12–16, 2012, pp. 1173–1178. IEEE (2012)

35.

Ngo, X.T., Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses. In: IEEE international symposium on hardware oriented security and trust, HOST 2015, Washington, DC, USA, 5–7 May, 2015, pp. 82–87. IEEE (2015)

36.

Oswald, E., Fischlin, M. (eds.): Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9056. Springer (2015)

37.

Oswald, E., Mangard, S.: Template Attacks on Masking—Resistance Is Futile. In: Abe, M. (ed.) CT-RSA, volume 4377 of Lecture Notes in Computer Science, pp. 243–256. Springer (2007)

38.

Ouladj, M., El Mrabet, N., Guilley, S., Guillot, P., Millérioux, G.: On the power of template attacks in highly multivariate context. J. Cryptogr. Eng. 10(4), 337–354 (2020)CrossRef

39.

Poussier, R., Guo, Q., Standaert, F.-X., Carlet, C., Guilley, S.: Connecting and improving direct sum masking and inner product masking. In: Eisenbarth, T., Teglia, Y. (eds.) Smart Card Research and Advanced Applications—16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, volume 10728 of Lecture Notes in Computer Science, pp. 123–141. Springer (2017)

40.

Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology—EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Proceedings, volume 7881 of Lecture Notes in Computer Science, pp. 142–159. Springer (2013)

41.

Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRef

42.

Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: ASIACRYPT, volume 6477 of LNCS, pp. 112–129. Springer, December 5–9 2010. Singapore. http://www.dice.ucl.ac.be/~fstandae/PUBLIS/88.pdf (2010)

43.

Terras, A.: Fourier Analysis on Finite Groups and Applications. London Mathematical Society Student Texts. Cambridge University Press (1999)

44.

Yamashita, N., Minematsu, K., Okamura, T., Tsunoo, Y.: A smaller and faster variant of RSM. In: DATE, pp. 1–6. IEEE (2014)

Titel: Spectral approach to process the (multivariate) high-order template attack against any masking scheme
verfasst von: Maamar Ouladj
Sylvain Guilley
Philippe Guillot
Farid Mokrane
Publikationsdatum: 07.01.2021
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2022
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-020-00253-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2022

Melting SNOW-V: improved lightweight architectures

Security and efficiency trade-offs for elliptic curve Diffie–Hellman at the 128-bit and 224-bit security levels

Parallel modular multiplication using 512-bit advanced vector instructions

A relation calculus for reasoning about t-probing security

Optimized threshold implementations: securing cryptographic accelerators for low-energy and low-latency applications