Analyzing masked ciphers against transition and coupling effects. (English) Zbl 1514.94075
Adhikari, Avishek (ed.) et al., Progress in cryptology – INDOCRYPT 2021. 22nd International conference on cryptology in India, Jaipur, India, December 12–15, 2021. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 13143, 201-223 (2021).
Summary: This paper discusses how to analyze the probing security of masked symmetric primitives against the leakage effects from S. Faust et al. [“Composable masking schemes in the presence of physical defaults & the robust probing model”, IACR Trans. Cryptogr. Hardw. Embed. Syst. (TCHES) 2018, No. 3, 89–120 (2018; doi:10.13154/tches.v2018.i3.89-120)], glitches, transitions, and coupling effects. This is illustrated on several architectures of ciphers like PRESENT, AES, and ASCON where we transform glitch-extended probing secure maskings into transition and/or coupling secure ones. The analysis uses linear cryptanalytic methods and the diffusion layers of the cipher to efficiently protect against the advanced leakage effects.
For the entire collection see [Zbl 1510.94001].
For the entire collection see [Zbl 1510.94001].
MSC:
| 94A60 | Cryptography |
References:
| [1] | Banik, S.; Pandey, SK; Peyrin, T.; Sasaki, Yu; Sim, SM; Todo, Y.; Fischer, W.; Homma, N., GIFT: a small present - towards reaching the limit of lightweight encryption, Cryptographic Hardware and Embedded Systems - CHES 2017, 321-345 (2017), Cham: Springer, Cham · Zbl 1450.94026 · doi:10.1007/978-3-319-66787-4_16 |
| [2] | Beierle, C.; Robshaw, M.; Katz, J., The SKINNY family of block ciphers and its low-latency variant MANTIS, Advances in Cryptology - CRYPTO 2016, 123-153 (2016), Heidelberg: Springer, Heidelberg · Zbl 1372.94412 · doi:10.1007/978-3-662-53008-5_5 |
| [3] | Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference. http://keccak.noekeon.org/ · Zbl 1306.94028 |
| [4] | Beyne, T.; Peyrin, T.; Galbraith, S., Block cipher invariants as eigenvectors of correlation matrices, Advances in Cryptology - ASIACRYPT 2018, 3-31 (2018), Cham: Springer, Cham · Zbl 1446.94102 · doi:10.1007/978-3-030-03326-2_1 |
| [5] | Beyne, T.; Dhooghe, S.; Zhang, Z.; Moriai, S.; Wang, H., Cryptanalysis of masked ciphers: a not so random idea, Advances in Cryptology - ASIACRYPT 2020, 817-850 (2020), Cham: Springer, Cham · Zbl 1511.94056 · doi:10.1007/978-3-030-64837-4_27 |
| [6] | Bilgin, B.; Daemen, J.; Nikov, V.; Nikova, S.; Rijmen, V.; Van Assche, G.; Francillon, A.; Rohatgi, P., Efficient and first-order DPA resistant implementations of Keccak, Smart Card Research and Advanced Applications, 187-199 (2014), Cham: Springer, Cham · doi:10.1007/978-3-319-08302-5_13 |
| [7] | Bogdanov, A.; Paillier, P.; Verbauwhede, I., PRESENT: an ultra-lightweight block cipher, Cryptographic Hardware and Embedded Systems - CHES 2007, 450-466 (2007), Heidelberg: Springer, Heidelberg · Zbl 1142.94334 · doi:10.1007/978-3-540-74735-2_31 |
| [8] | Borghoff, J.; Wang, X.; Sako, K., PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract, Advances in Cryptology - ASIACRYPT 2012, 208-225 (2012), Heidelberg: Springer, Heidelberg · Zbl 1292.94035 · doi:10.1007/978-3-642-34961-4_14 |
| [9] | Cassiers, G.; Standaert, F., Trivially and efficiently composing masked gadgets with probe isolating non-interference, IEEE Trans. Inf. Forensics Secur., 15, 2542-2555 (2020) · doi:10.1109/TIFS.2020.2971153 |
| [10] | Cassiers, G.; Standaert, F., Provably secure hardware masking in the transition- and glitch-robust probing model: Better safe than sorry, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021, 2, 136-158 (2021) · doi:10.46586/tches.v2021.i2.136-158 |
| [11] | Chari, S.; Jutla, CS; Rao, JR; Rohatgi, P.; Wiener, M., Towards sound approaches to counteract power-analysis attacks, Advances in Cryptology — CRYPTO’ 99, 398-412 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.68045 · doi:10.1007/3-540-48405-1_26 |
| [12] | Daemen, J.; Fischer, W.; Homma, N., Changing of the guards: a simple and efficient method for achieving uniformity in threshold sharing, Cryptographic Hardware and Embedded Systems - CHES 2017, 137-153 (2017), Cham: Springer, Cham · Zbl 1440.94043 · doi:10.1007/978-3-319-66787-4_7 |
| [13] | Daemen, J.; Govaerts, R.; Vandewalle, J.; Preneel, B., Correlation matrices, Fast Software Encryption, 275-285 (1995), Heidelberg: Springer, Heidelberg · Zbl 0939.94516 · doi:10.1007/3-540-60590-8_21 |
| [14] | Daemen, J., Rijmen, V.: Advanced Encryption Standard (AES). National Institute of Standards and Technology (NIST), FIPS PUB 197, U.S. Department of Commerce, November 2001 |
| [15] | De Cnudde, T.; Bilgin, B.; Gierlichs, B.; Nikov, V.; Nikova, S.; Rijmen, V.; Guilley, S., Does coupling affect the security of masked implementations?, Constructive Side-Channel Analysis and Secure Design, 1-18 (2017), Cham: Springer, Cham · doi:10.1007/978-3-319-64647-3_1 |
| [16] | De Cnudde, T., Ender, M., Moradi, A.: Hardware masking, revisited. IACR TCHES 2018(2), 123-148 (2018). doi:10.13154/tches.v2018.i2.123-148. https://tches.iacr.org/index.php/TCHES/article/view/877 |
| [17] | De Cnudde, T.; Reparaz, O.; Bilgin, B.; Nikova, S.; Nikov, V.; Rijmen, V.; Gierlichs, B.; Poschmann, AY, Masking AES with d+1 shares in hardware, Cryptographic Hardware and Embedded Systems - CHES 2016, 194-212 (2016), Heidelberg: Springer, Heidelberg · Zbl 1429.94056 · doi:10.1007/978-3-662-53140-2_10 |
| [18] | De Meyer, L., Reparaz, O., Bilgin, B.: Multiplicative masking for AES in hardware. IACR TCHES 2018(3), 431-468 (2018). doi:10.13154/tches.v2018.i3.431-468. https://tches.iacr.org/index.php/TCHES/article/view/7282 |
| [19] | Dhooghe, S., Nikova, S.: Let’s tessellate: tiling for security against advanced probe and fault adversaries. IACR Cryptol. ePrint Arch. 2020, 1146 (2020). https://eprint.iacr.org/2020/1146 |
| [20] | Dhooghe, S., Nikova, S., Rijmen, V.: Threshold implementations in the robust probing model. In: Bilgin, B., Petkova-Nikova, S., Rijmen, V. (eds.) Proceedings of ACM Workshop on Theory of Implementation Security Workshop, TIS@CCS 2019, London, UK, 11 November 2019, pp. 30-37. ACM (2019). doi:10.1145/3338467.3358949 |
| [21] | Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: ASCON v1.2. https://ascon.iaik.tugraz.at/files/asconv12-nist.pdf |
| [22] | Faust, S., Grosso, V., Pozo, S.M.D., Paglialonga, C., Standaert, F.X.: Composable masking schemes in the presence of physical defaults & the robust probing model. IACR TCHES 2018(3), 89-120 (2018). doi:10.13154/tches.v2018.i3.89-120. https://tches.iacr.org/index.php/TCHES/article/view/7270 |
| [23] | Goubin, L.; Patarin, J.; Koç, ÇK; Paar, C., DES and differential power analysis (the “duplication” method), Cryptographic Hardware and Embedded Systems, 158-172 (1999), Heidelberg: Springer, Heidelberg · Zbl 0955.94011 · doi:10.1007/3-540-48059-5_15 |
| [24] | Groß, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: Bilgin, B., Nikova, S., Rijmen, V. (eds.) Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, October 2016, p. 3. ACM (2016). doi:10.1145/2996366.2996426 |
| [25] | Guo, J.; Peyrin, T.; Poschmann, A.; Rogaway, P., The PHOTON family of lightweight hash functions, Advances in Cryptology - CRYPTO 2011, 222-239 (2011), Heidelberg: Springer, Heidelberg · Zbl 1287.94069 · doi:10.1007/978-3-642-22792-9_13 |
| [26] | Guo, J.; Peyrin, T.; Poschmann, A.; Robshaw, M.; Preneel, B.; Takagi, T., The LED block cipher, Cryptographic Hardware and Embedded Systems - CHES 2011, 326-341 (2011), Heidelberg: Springer, Heidelberg · Zbl 1291.94092 · doi:10.1007/978-3-642-23951-9_22 |
| [27] | Ishai, Y.; Sahai, A.; Wagner, D.; Boneh, D., Private circuits: securing hardware against probing attacks, Advances in Cryptology - CRYPTO 2003, 463-481 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94378 · doi:10.1007/978-3-540-45146-4_27 |
| [28] | Knichel, D.; Sasdrich, P.; Moradi, A.; Moriai, S.; Wang, H., SILVER - statistical independence and leakage verification, Advances in Cryptology - ASIACRYPT 2020, 787-816 (2020), Cham: Springer, Cham · Zbl 1511.94122 · doi:10.1007/978-3-030-64837-4_26 |
| [29] | Kocher, P.; Jaffe, J.; Jun, B.; Wiener, M., Differential power analysis, Advances in Cryptology — CRYPTO’ 99, 388-397 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.94501 · doi:10.1007/3-540-48405-1_25 |
| [30] | Kutzner, S.; Nguyen, PH; Poschmann, A.; Wang, H.; Prouff, E., On 3-share threshold implementations for 4-Bit S-boxes, Constructive Side-Channel Analysis and Secure Design, 99-113 (2013), Heidelberg: Springer, Heidelberg · doi:10.1007/978-3-642-40026-1_7 |
| [31] | Mangard, S.; Pramstaller, N.; Oswald, E.; Rao, JR; Sunar, B., Successfully attacking masked AES hardware implementations, Cryptographic Hardware and Embedded Systems - CHES 2005, 157-171 (2005), Heidelberg: Springer, Heidelberg · doi:10.1007/11545262_12 |
| [32] | Matsui, M.; Helleseth, T., Linear cryptanalysis method for DES cipher, Advances in Cryptology — EUROCRYPT ’93, 386-397 (1994), Heidelberg: Springer, Heidelberg · Zbl 0951.94519 · doi:10.1007/3-540-48285-7_33 |
| [33] | Nikova, S.; Rechberger, C.; Rijmen, V.; Ning, P.; Qing, S.; Li, N., Threshold implementations against side-channel attacks and glitches, Information and Communications Security, 529-545 (2006), Heidelberg: Springer, Heidelberg · Zbl 1239.94058 · doi:10.1007/11935308_38 |
| [34] | Sugawara, T.: 3-share threshold implementation of AES S-box without fresh randomness. IACR TCHES 2019(1), 123-145 (2018). doi:10.13154/tches.v2019.i1.123-145. https://tches.iacr.org/index.php/TCHES/article/view/7336 |
| [35] | Tardy-Corfdir, A.; Gilbert, H.; Feigenbaum, J., A known plaintext attack of FEAL-4 and FEAL-6, Advances in Cryptology — CRYPTO ’91, 172-182 (1992), Heidelberg: Springer, Heidelberg · Zbl 0825.94174 · doi:10.1007/3-540-46766-1_12 |
| [36] | Wegener, F.; Moradi, A.; Fan, J.; Gierlichs, B., A first-order SCA resistant AES without fresh randomness, Constructive Side-Channel Analysis and Secure Design, 245-262 (2018), Cham: Springer, Cham · Zbl 1450.94047 · doi:10.1007/978-3-319-89641-0_14 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
