Journal of Cryptographic Engineering

, Volume 4, Issue 3, pp 157–171 | Cite as

Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis

  • Sonia Belaïd
  • Fabrizio De Santis
  • Johann Heyszl
  • Stefan Mangard
  • Marcel Medwed
  • Jörn-Marc Schmidt
  • François-Xavier Standaert
  • Stefan Tillich
Special Section on Proofs 2013


Leakage-resilient cryptography aims at developing new algorithms for which physical security against side-channel attacks can be formally analyzed. Following the work of Dziembowski and Pietrzak at FOCS 2008, several symmetric cryptographic primitives have been investigated in this setting. Most of them can be instantiated with a block cipher as underlying component. Such an approach naturally raises the question whether certain block ciphers are better suited for this purpose. In order to answer this question, we consider a leakage-resilient re-keying function, and evaluate its security at different abstraction levels. That is, we study possible attacks exploiting specific features of the algorithmic description, hardware architecture and physical implementation of this construction. These evaluations lead to two main outcomes. First, we complement previous works on leakage-resilient cryptography and further specify the conditions under which they actually provide physical security. Second, we take advantage of our analysis to extract new design principles for block ciphers to be used in leakage-resilient primitives. While our investigations focus on side-channel attacks in the first place, we hope these new design principles will trigger the interest of symmetric cryptographers to design new block ciphers combining good properties for secure implementations and security against black box (mathematical) cryptanalysis.


Leakage-resilient cryptography  Leakage-resilient Pseudorandom function Fresh re-keying 



This work has been funded in part by the European Commissions ECRYPT-II NoE (ICT-2007-216676), by the 7th framework European project TAMPRES, by the ERC project 280141 (acronym CRASH) and by the German Federal Ministry of Education and Research project 01IS11035Y (acronym ARAMiS). François-Xavier Standaert is a Research Associate of the Belgian Fund for Scientific Research (FNRS-F.R.S).


  1. 1.
    Archambeau, C., Peeters, E., Standaert, F.X., Quisquater, J.J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES, LNCS, pp. 1–14. Springer, Berlin (2006)Google Scholar
  2. 2.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: Present: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES, LNCS, pp. 450–466. Springer, Berlin (2007)Google Scholar
  3. 3.
    Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.X., Steinberger, J.P., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT, LNCS, pp. 45–62. Springer, Berlin (2012)Google Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) CHES, LNCS, pp. 16–29. Springer, Berlin (2004)Google Scholar
  5. 5.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) CRYPTO, LNCS, pp. 398–412. Springer, Berlin (1999)Google Scholar
  6. 6.
    Dodis, Y., Pietrzak, K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: Rabin, T. (ed.) CRYPTO, LNCS, pp. 21–40. Springer, Berlin (2010)Google Scholar
  7. 7.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. FOCS, pp. 293–302. IEEE Computer Society, USA (2008)Google Scholar
  8. 8.
    Elaabid, M., Guilley, S.: Portability of templates. J. Cryptogr. Eng. 2(1), 63–74 (2012). doi: 10.1007/s13389-012-0030-6 Google Scholar
  9. 9.
    Faraday Technology Corporation: Faraday FSA0A\_C 0.18 \(\mu \)m ASIC Standard Cell Library (2004).
  10. 10.
    Faust, S., Pietrzak, K., Schipper, J.: Practical leakage-resilient symmetric cryptography. In: Prouff, E, Schaumont, P (eds.) pp. 213–232Google Scholar
  11. 11.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES, LNCS, pp. 251–261. Springer, Berlin (2001)Google Scholar
  12. 12.
    Goubin, L., Patarin, J.: Des and differential power analysis (the “duplication” method). In: Koç, Ç.K., Paar, C. (eds.) CHES, LNCS, pp. 158–172. Springer, Berlin (1999)Google Scholar
  13. 13.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The led block cipher. In: Preneel, B., Takagi, T. (eds.) CHES, LNCS, pp. 326–341. Springer, Berlin (2011)Google Scholar
  14. 14.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA, LNCS, pp. 231–244. Springer, Berlin (2012)Google Scholar
  15. 15.
    Heyszl, J., Merli, D., Heinz, B., De Santis, F., Sigl, G.: Strengths and limitations of high-resolution electromagnetic field measurements for side-channel analysis. In: Mangard, S. (ed.) CARDIS LNCS. Springer, Berlin (2012)Google Scholar
  16. 16.
    Joux, A. (ed.): Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009. In: Proceedings of the LNCS, vol. 5479. Springer, Berlin (2009).Google Scholar
  17. 17.
    Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, LNCS, vol. 2523. Springer, Berlin (2003).Google Scholar
  18. 18.
    Kocher, P.C.: Leak resistant cryptographic indexed key update. US PatentGoogle Scholar
  19. 19.
    Leander, G.: Small scale variants of the block cipher present. Cryptology ePrint Archive, Report 2010/143 (2010)Google Scholar
  20. 20.
    MacMahon, P.A.: Percy Alexander MacMahon: Collected Papers—vol. 1: Combinatorics. MIT Press, USA (1978)Google Scholar
  21. 21.
    Mangard, S.: Hardware countermeasures against dpa—a statistical analysis of their effectiveness. CT-RSA, LNCS, pp. 222–235. Springer, Berlin (2004)Google Scholar
  22. 22.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)zbMATHGoogle Scholar
  23. 23.
    Mangard, S., Oswald, E., Standaert, F.X.: One for all—all for one: unifying standard differential power analysis attacks. IET Inform. Secur. 5(2), 100–110 (2011).
  24. 24.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA, LNCS, pp. 351–365. Springer, Berlin (2005)Google Scholar
  25. 25.
    Medwed, M., Petit, C., Regazzoni, F., Renauld, M., Standaert, F.X.: Fresh re-keying ii: securing multiple parties against side-channel and fault attacks. In: Prouff, E. (ed.) CARDIS, LNCS, pp. 115–132. Springer, Berlin (2011)Google Scholar
  26. 26.
    Medwed, M., Standaert, F.X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT, LNCS, pp. 279–296. Springer, Berlin (2010)Google Scholar
  27. 27.
    Medwed, M., Standaert, F.X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient prfs. In: Prouff, E., Schaumont, P. (eds.) pp. 193–212Google Scholar
  28. 28.
    Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) pp. 462–482Google Scholar
  29. 29.
    Poucheret, F., Barthe, L., Benoit, P., Torres, L., Maurine, P., Robert, M.: Spatial EM jamming: a countermeasure against EM analysis? In: VLSI-SoC, pp. 105–110. IEEE, New York (2010)Google Scholar
  30. 30.
    Prouff, E., Schaumont, P. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2012—14th International Workshop, Leuven, Belgium, September 9–12, 2012. In: Proceedings of the LNCS, vol. 7428. Springer, Berlin (2012).Google Scholar
  31. 31.
    Quisquater, J.J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T.P. (eds.) E-smart, LNCS, pp. 200–210. Springer, Berlin (2001)Google Scholar
  32. 32.
    Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT, LNCS, pp. 109–128. Springer, Berlin (2011)Google Scholar
  33. 33.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.X. (eds.) CHES, LNCS, pp. 413–427. Springer, Berlin (2010)Google Scholar
  34. 34.
    Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of fpgas: high spatial resolution cartography and attack on a cryptographic module. ACM Trans. Reconfig. Technol. Syst. 2(1), 4:1–24 (2009). doi: 10.1145/1502781.1502785
  35. 35.
    Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to DES. In: FSE, pp. 206–222 (2003)Google Scholar
  36. 36.
    Standaert, F.X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES, LNCS, pp. 411–425. Springer, Berlin (2008)Google Scholar
  37. 37.
    Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A (ed.) pp. 443–461Google Scholar
  38. 38.
    Standaert, F.X., Pereira, O., Yu, Y., Quisquater, J.J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, Information Security and Cryptography, pp. 99–134. Springer, Berlin (2010)CrossRefGoogle Scholar
  39. 39.
    Standaert, F.X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order dpa. In: Abe, M. (ed.) ASIACRYPT, LNCS, pp. 112–129. Springer, Berlin (2010) Google Scholar
  40. 40.
    Veyrat-Charvillon, N., Gerard, B., Renauld, M., Standaert, F.X.: An optimal key enumeration algorithm and its application to side-channel attacks. Cryptology ePrint Archive, Report 2011/610 (2011)Google Scholar
  41. 41.
    Veyrat-Charvillon, N., Gerard, B., Standaert, F.X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology EUROCRYPT 2013, LNCS, vol. 7881, pp. 126–141. Springer, Berlin (2013) Google Scholar
  42. 42.
    Yu, Y., Standaert, F.X.: Practical leakage-resilient pseudorandom objects with minimum public randomness. In: Dawson, E. (ed.) CT-RSA, LNCS, pp. 223–238. Springer, Berlin (2013)Google Scholar
  43. 43.
    Yu, Y., Standaert, F.X., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS, pp. 141–151. ACM, USA (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Sonia Belaïd
    • 1
  • Fabrizio De Santis
    • 2
  • Johann Heyszl
    • 3
  • Stefan Mangard
    • 4
  • Marcel Medwed
    • 5
  • Jörn-Marc Schmidt
    • 4
  • François-Xavier Standaert
    • 6
  • Stefan Tillich
    • 7
  1. 1.École Normale Supérieure and Thales CommunicationsParisFrance
  2. 2.Technische Universität MünchenMunichGermany
  3. 3.Fraunhofer Research Institute AISECMunichGermany
  4. 4.Graz University of TechnologyGrazAustria
  5. 5.NXP SemiconductorsGrazAustria
  6. 6.Université Catholique de LouvainLouvain-La-NeuveBelgium
  7. 7.Yagoba GmbHGrazAustria

Personalised recommendations