Advertisement

Cryptography and Communications

, Volume 7, Issue 1, pp 163–184 | Cite as

Masking and leakage-resilient primitives: One, the other(s) or both?

  • Sonia Belaïd
  • Vincent Grosso
  • François-Xavier Standaert
Article

Abstract

Securing cryptographic implementations against side-channel attacks is one of the most important challenges in modern cryptography. Many countermeasures have been introduced for this purpose, and analyzed in specialized security models. Formal solutions have also been proposed to extend the guarantees of provable security to physically observable devices. Masking and leakage-resilient cryptography are probably the most investigated and best understood representatives of these two approaches. Unfortunately, claims whether one, the other or their combination provides better security at lower cost remained vague so far. In this paper, we provide the first comprehensive treatment of this important problem. For this purpose, we analyze whether cryptographic implementations can be security-bounded, in the sense that the time complexity of the best side-channel attack is lower-bounded, independent of the number of measurements performed. Doing so, we first put forward a significant difference between stateful primitives such as leakage-resilient PRGs (that easily ensure bounded security), and stateless ones such as leakage-resilient PRFs (that hardly do). We then show that in practice, leakage-resilience alone provides the best security vs. performance tradeoff when bounded security is achievable, while masking alone is the solution of choice otherwise. That is, we highlight that one (x)or the other approach should be privileged, which contradicts the usual intuition that physical security is best obtained by combining countermeasures. Besides, our experimental results underline that despite defined in exactly the same way, the bounded leakage requirement in leakage-resilient PRGs and PRFs imply significantly different challenges for hardware designers. Namely, such a bounded leakage is much harder to guarantee for stateless primitives (like PRFs) than for statefull ones (like PRGs). As a result, constructions of leakage-resilient PRGs and PRFs proven under the same bounded leakage assumption, and instantiated with the same AES implementation, may lead to different practical security levels.

Keywords

Side-channel attacks Leakage-resilience Pseudorandom number generators and functions Security evaluations 

Notes

Acknowledgments

F.-X. Standaert is an associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.). Work funded in parts by the European Commission through the ERC project 280141 (CRASH) and the European ISEC action grant HOME/2010/ISEC/AG/INT-011 B-CCENTRE project.

References

  1. 1.
    Abdalla, M., Belaïd, S., Fouque, P.-A.: Leakage-resilient symmetric encryption via re-keying. In: Bertoni and Coron [4], pp. 471–488Google Scholar
  2. 2.
    Belaïd, S., De Santis, F., Heyszl, J., Mangard, S., Medwed, M., Schmidt, J.-M., Standaert, F.-X., Tillich, S.: Towards fresh re-keying with leakage-resilient PRFs: Cipher design principles and analysis. Cryptology ePrint Archive, Report 2013/305 (2013). http://eprint.iacr.org/
  3. 3.
    Bernstein, D.J.: Implementing “practical leakage-resilient cryptography”. CHES 2012 Rump Session Talk, Leuven, Belgium (2012)Google Scholar
  4. 4.
    Bertoni, G., Coron, J.-S. (eds.): Cryptographic Hardware And Embedded Systems - CHES 2013 - 15th International Workshop. Santa Barbara, CA, USA, August 20-23, 2013. Proceedings, volume 8086 of Lecture Notes in Computer Science. Springer (2013)Google Scholar
  5. 5.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener [63], pp. 398–412Google Scholar
  6. 6.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski. B.S. Jr., Koç, Ç.K., Paar, C. (eds.) CHES, volume 2523 of Lecture Notes in Computer Science, pp 13–28. Springer (2002)Google Scholar
  7. 7.
    Common Criteria Portal. http://www.commoncriteriaportal.org/
  8. 8.
    Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier and Verbauwhede [38] pp. 28–44Google Scholar
  9. 9.
    Cryptographic Key Length Recommendation. http://www.keylength.com/
  10. 10.
    Dodis, Y., Pietrzak, K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: Rabin, T. (ed.) CRYPTO, volume 6223 of Lecture Notes in Computer Science, pp 21–40. Springer (2010)Google Scholar
  11. 11.
    Durvaux, F., Renauld, M., Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using hidden markov models. In: Mangard, S. (ed.) CARDIS, volume 7771 of Lecture Notes in Computer Science, pp 123–140. Springer (2012)Google Scholar
  12. 12.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp 293–302. IEEE Computer Society (2008)Google Scholar
  13. 13.
    Eisenbarth, T., Gong, Z., Güneysu, T. , Heyse, S., Indesteege, S., Kerckhof, S., Koeune, F., Nad, T., Plos, T., Regazzoni, F., Standaert, F.-X., van Oldeneel tot Oldenzeel, L.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT, volume 7374 of Lecture Notes in Computer Science, pp 172–187. Springer (2012)Google Scholar
  14. 14.
    Europay Mastercard Visa. http://www.emvco.com/
  15. 15.
    Faust, S., Pietrzak, K., Schipper, J.: Practical leakage-resilient symmetric cryptography. In: Prouff and Schaumont [46], pp. 213–232Google Scholar
  16. 16.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for dpa with novel algorithmic confusion analysis. In: Prouff and Schaumont [46], pp. 233–250Google Scholar
  17. 17.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel and Takagi [43], pp. 240–255Google Scholar
  18. 18.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: FOCS, pp. 464–479, IEEE Computer Society (1984)Google Scholar
  19. 19.
    Goubin, L., Patarin, J.: Des and differential power analysis (the ”duplication” method). In: Koç, Ç.K., Paar, C. (eds.) CHES, volume 1717 of Lecture Notes in Computer Science, pp 158–172 . Springer (1999)Google Scholar
  20. 20.
    Grosso, V., Standaert, F.-X., Faust, S.: Masking vs. multiparty computation: How large is the gap for the AES? In: Bertoni and Coron [4], pp. 400–416Google Scholar
  21. 21.
    Herbst, C., Oswald, E., Stefan Mangard: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS, volume 3989 of Lecture Notes in Computer Science, pp 239–252 (2006)Google Scholar
  22. 22.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp 463–481. Springer (2003)Google Scholar
  23. 23.
    Johansson, T., Nguyen, P.Q. (eds.): Advances in cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings, volume 7881 of Lecture Notes in Computer Science. Springer (2013)Google Scholar
  24. 24.
    Joux, A. (ed.): Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings, volume 5479 of Lecture Notes in Computer Science. Springer (2009)Google Scholar
  25. 25.
    Katashita, T., Satoh, A., Kikuchi, K., Nakagawa, H., Aoyagi, M. : Evaluation of DPA characteristics of sasebo for board level simulation. In: Huss, S., Schindler, W. (eds.) Proceedings of COSADE 2010, p. 4, Darmstadt, Germany (2011)Google Scholar
  26. 26.
    Kerckhof, S., Durvaux, F., Hocquet, C., Bol, D., Standaert, F.-X.: Towards green cryptography: A comparison of lightweight ciphers from the energy viewpoint. In: Prouff and Schaumont [46], pp. 390–407Google Scholar
  27. 27.
    Kocher, P.C.: Leak resistant cryptographic indexed key update. US Patent 6539092Google Scholar
  28. 28.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener [68], pp. 388–397Google Scholar
  29. 29.
    Mangard, S.: Hardware countermeasures against DPA? A statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA, volume 2964 of Lecture Notes in Computer Science, pp 222–235. Springer (2004)Google Scholar
  30. 30.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer (2007)Google Scholar
  31. 31.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Sec. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  32. 32.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked cmos gates. In: Menezes, A. (ed.) CT-RSA, volume 3376 of Lecture Notes in Computer Science, pp 351–365 . Springer (2005)Google Scholar
  33. 33.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao and Sunar [47], pp. 157–171Google Scholar
  34. 34.
    Medwed, M., Standaert, F.-X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient PRFs. In: Prouff and Schaumont [46], pp. 193–212Google Scholar
  35. 35.
    Moradi, A., Mischke, O.: Glitch-free implementation of masking in modern FPGAs. In: HOST, pp. 89–95. IEEE (2012)Google Scholar
  36. 36.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: A very compact and a threshold implementation of AES. In: Paterson [39], pp. 69–88Google Scholar
  37. 37.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE, volume 3557 of Lecture Notes in Computer Science, pp 413–423. Springer (2005)Google Scholar
  38. 38.
    Paillier, P., Verbauwhede, I. (eds.): Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop. Vienna, Austria, September 10-13, 2007, Proceedings, volume 4727 of Lecture Notes in Computer Science. Springer (2007)Google Scholar
  39. 39.
    Paterson, K.G. (ed.): Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Tallinn, Estonia, May 15-19, 2011. Proceedings, volume 6632 of Lecture Notes in Computer Science. Springer (2011)Google Scholar
  40. 40.
    Peeters, E., Standaert, F.-X., Donckers, N., Quisquater, J.-J.: Improved higher-order side-channel attacks with FPGA experiments. In: Rao and Sunar [47], pp. 309–323Google Scholar
  41. 41.
    Pietrzak, K.: A leakage-resilient mode of operation. In: Joux [24], pp. 462–482Google Scholar
  42. 42.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style mdpl on a prototype chip. In: Paillier and Verbauwhede [38], pp. 81–94Google Scholar
  43. 43.
    Preneel, B., Takagi, T. (eds.): Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings, volume 6917 of Lecture Notes in Computer Science. Springer (2011)Google Scholar
  44. 44.
    Prouff, E., Rivain, M.: Masking against side-channel attacks: A formal security proof. In: Johansson and Nguyen [23], pp. 142–159Google Scholar
  45. 45.
    Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel and Takagi [43], pp. 63–78Google Scholar
  46. 46.
    Prouff, E., Schaumont, P.: Cryptographic Hardware and Embedded Systems - CHES 2012 - 14th International Workshop, Leuven, Belgium, September 9-12, 2012. Proceedings, volume 7428 of Lecture Notes in Computer Science. Springer (2012)Google Scholar
  47. 47.
    Rao, J.R., Berk Sunar (eds.): Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings, volume 3659 of Lecture Notes in Computer Science. Springer (2005)Google Scholar
  48. 48.
    Regazzoni, F., Yi, W., Standaert, F.-X.: FPGA implementations of the AES masked against power analysis attacks. In: Huss, S., Schindler, W. (eds.) Proceedings of COSADE 2011, pp 56-66, Darmstadt, Germany (2011)Google Scholar
  49. 49.
    Renauld, M., Standaert, F.-X.: Algebraic side-channel attacks. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt, volume 6151 of Lecture Notes in Computer Science, pp 393–410. Springer (2009)Google Scholar
  50. 50.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: Why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES, volume 5747 of Lecture Notes in Computer Science, pp 97–111. Springer (2009)Google Scholar
  51. 51.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson [39], pp. 109– 128Google Scholar
  52. 52.
    Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptography, volume 5381 of Lecture Notes in Computer Science, pp 165–183. Springer (2008)Google Scholar
  53. 53.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES, volume 6225 of Lecture Notes in Computer Science, pp 413–427 . Springer (2010)Google Scholar
  54. 54.
    Roche, T., Prouff, E.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols extended version. Cryptology ePrint Archive Report 2011/413. http://eprint.iacr.org/ (2011)
  55. 55.
    Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA, volume 3860 of Lecture Notes in Computer Science, pp 208–225 . Springer (2006)Google Scholar
  56. 56.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux [24], pp. 443–461Google Scholar
  57. 57.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO (1), volume 8042 of Lecture Notes in Computer Science, pp 335–352. Springer (2013)Google Scholar
  58. 58.
    Standaert, F.-X., Pereira, O., Yu, Y., Quisquater, J.-J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Sadeghi, A.-R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, Information Security and Cryptography, pp 99–134. Springer (2010)Google Scholar
  59. 59.
    Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT, volume 6477 of Lecture Notes in Computer Science, pp 112–129. Springer (2010)Google Scholar
  60. 60.
    Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. Cryptology ePrint Archive, Report 2010/180. http://eprint.iacr.org/ (2010)
  61. 61.
    Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson and Nguyen [23], pp. 126–141Google Scholar
  62. 62.
    Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: A comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT, volume 7658 of Lecture Notes in Computer Science, pp 740–757. Springer (2012)Google Scholar
  63. 63.
    Wiener, M.J. (ed.): Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science. Springer (1999)Google Scholar
  64. 64.
    Yu, Y., Standaert, F.-X.: Practical leakage-resilient pseudorandom objects with minimum public randomness. In: Dawson, E. (ed.) CT-RSA, volume 7779 of Lecture Notes in Computer Science, pp 223–238. Springer (2013)Google Scholar
  65. 65.
    Yu, Y., Standaert, F.-X., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp 141–151 . ACM (2010)Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Sonia Belaïd
    • 1
    • 2
  • Vincent Grosso
    • 3
  • François-Xavier Standaert
    • 3
  1. 1.École Normale SupérieureParisFrance
  2. 2.Thales Communications, SecurityGennevilliersFrance
  3. 3.ICTEAM/ELEN/Crypto GroupUniversité Catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations