Abstract
This article revisits side-channel analysis from the standpoint of coding theory. On the one hand, the attacker is shown to apply an optimal decoding algorithm in order to recover the secret key from the analysis of the side-channel. On the other hand, the side-channel protections are presented as a coding problem where the information is mixed with randomness to weaken as much as possible the sensitive information leaked into the side-channel. Therefore, the field of side-channel analysis is viewed as a struggle between a coder and a decoder. In this paper, we focus on the main results obtained through this analysis. In terms of attacks, we discuss optimal strategy in various practical contexts, such as type of noise, dimensionality of the leakage and of the model, etc. Regarding countermeasures, we give a formal analysis of some masking schemes, including enhancements based on codes contributed via fruitful collaborations with Claude Carlet.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30564-4_5
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_2
Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking: a smartcard friendly computation paradigm in a code, with Builtin protection against side-channel and fault attacks. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 40–56. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43826-8_4
Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking: a smartcard friendly computation paradigm in a code, with Builtin protection against side-channel and fault attacks. Cryptology ePrint Archive, Report 2014/665 (2014). http://eprint.iacr.org/2014/665/
Bruneau, N., Carlet, C., Guilley, S., Heuser, A., Prouff, E., Rioul, O.: Stochastic Collision Attack. In: IEEE Transactions on Information Forensics and Security (2016)
Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Less is more: dimensionality reduction from a theoretical perspective. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 22–41. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_2
Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Optimal side-channel attacks for multivariate leakages and multiple models. J. Crypt. Eng. (2016, to appear). http://www.proofs-workshop.org/program.html
Bruneau, N., Guilley, S., Heuser, A., Rioul, O.: Masks will fall off: higher-order optimal distinguishers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 344–365. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45608-8_19
Carlet, C.: Boolean functions for cryptography and error correcting codes, chapter of the monography. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge (2010). Preliminary version, http://www.math.univ-paris13.fr/~carlet/chap-fcts-Bool-corr.pdf
Carlet, C.: Correlation-immune boolean functions for leakage squeezing and rotating S-Box masking against side channel attacks. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE 2013. LNCS, vol. 8204, pp. 70–74. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41224-0_6
Carlet, C., Daif, A., Danger, J.-L., Guilley, S., Najm, Z., Ngo, X.T., Porteboeuf, T., Tavernier, C.: Optimized linear complementary codes implementation for hardware Trojan prevention. In: European Conference on Circuit Theory and Design, ECCTD, Trondheim, Norway, pp. 1–4. IEEE, 24–26 August 2015
Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing of order two. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 120–139. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34931-7_8
Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing: optimal implementation and security evaluation. J. Math. Crypt. 8(3), 249–295 (2014)
Carlet, C., Guilley, S.: Side-channel indistinguishability. In: HASP, pp. 9:1–9:8. ACM, New York, 13–14 June 2013
Carlet, C., Guilley, S.: Side-channel indistinguishability. On HAL, 19 July 2014. Extended version of [14] with more results in appendix, http://hal.archives-ouvertes.fr/hal-00826618
Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_25
Danger, J.-L., Guilley, S.: Protection des modules de cryptographie contre les attaques en observation d’ordre élevé sur les implémentations à base de masquage. Brevet Français FR09/50341, assigné à l’Institut TELECOM, 20 January 2009
Danger, J.-L., Guilley, S., Nguyen, P., Nguyen, R., Souissi, Y.: Analyzing security breaches of countermeasures throughout the refinement process in hardware design flow. In: DATE, Lausanne, Switzerland, 27–31 March 2017
Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete: or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_16
Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_14
Fischer, W., Gammel, B.M.: Masking at gate level in the presence of glitches. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 187–200. Springer, Heidelberg (2005). doi:10.1007/11545262_14
Gomathisankaran, M., Tyagi, A.: Glitch resistant private circuits design using HORNS. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI, Tampa, FL, USA, pp. 522–527, 9–11 July 2014
Guilley, S., Heuser, A., Rioul, O.: A key to success: success exponents for side-channel distinguishers. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 270–290. Springer, Cham (2015). doi:10.1007/978-3-319-26617-6_15
Heuser, A., Rioul, O., Guilley, S.: Good is not good enough: deriving optimal distinguishers from communication theory. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 55–74. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44709-3_4
Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308–327. Springer, Heidelberg (2006). doi:10.1007/11761679_19
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_27
Lin, K.J., Fan, S.C., Yang, S.H., Lo, C.C.: Overcoming glitches, dissipation timing skews in design of DPA-resistant cryptographic hardware. In: IEEE Computer Society Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2007, Nice, France, pp. 1265–1270. EDA Consortium, San Jose, 16–20 April 2007. doi:10.1109/DATE.2007.364471
Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30574-3_24
Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005). doi:10.1007/11545262_12
Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006). doi:10.1007/11894063_7
Moradi, A., Mischke, O.: Glitch-free implementation of masking in modern FPGAs. In: HOST, pp. 89–95. IEEE Computer Society, Moscone Center, San Francisco, 2–3 June 2012. doi:10.1109/HST.2012.6224326
Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for aes, secure against first- and second-order zero-offset SCAs. In: DATE (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”), Dresden, Germany, pp. 1173–1178. IEEE Computer Society, 12–16 March 2012
Ngo, X.T., Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2015, Washington, DC, USA, pp. 82–87. IEEE, 5–7 May 2015
Ngo, X.T., Guilley, S., Bhasin, S., Danger, J.-L., Najm, Z.: Encoding the state of integrated circuits: a proactive and reactive protection against hardware trojans horses. In: Proceedings of the 9th Workshop on Embedded Systems Security, WESS 2014, pp. 7:1–7:10. ACM, New York (2014)
Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Crypt. 24(2), 292–321 (2011)
NIST/ITL/CSD: Advanced Encryption Standard (AES). FIPS PUB 197, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Prouff, E., Rivain, M.: A generic method for secure SBox implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77535-5_17
Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23951-9_5
Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_28
Acknowledgements
Part of this work has been funded by the ANR CHIST-ERA project SECODE (Secure Codes to thwart Cyber-physical Attacks).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A SNR in the Presence of First Order Masking
A SNR in the Presence of First Order Masking
Let us consider a first-order masking scheme [1]. By design, a first-order side-channel attack fails. However, a second-order side-channel attack, combining two samples, can succeed. The setup is the following: the leakage is:
where:
-
\(N_1\sim \mathcal {N}(0,\sigma _1^2)\) and \(N_2\sim \mathcal {N}(0,\sigma _2^2)\) are two independent noise sources,
-
\(\alpha _1\) and \(\alpha _2\) are the amount of leakage,
-
\(Y_1^\star \) and \(Y_2^\star \) are leakage functions (assumed normalized, that is \(\mathbb {E}(Y_i^\star ) = 0\) and \(\mathsf {Var}(Y_i^\star ) = 1\), for \(i\in \{1,2\}\)).
In the Boolean masking where the attacker target the pair (mask, masked substitution box S), the leakage model is:
-
\(Y_1 = \frac{2}{\sqrt{n}} \left( w_H(S(T\oplus k)\oplus M) - \frac{n}{2} \right) =-\frac{1}{\sqrt{n}} \sum _{b=1}^n (-1)^{S_b(T\oplus k)\oplus M_b}\) and
-
\(Y_2 = \frac{2}{\sqrt{n}} \left( w_H(M) - \frac{n}{2} \right) =-\frac{1}{\sqrt{n}} \sum _{b=1}^n (-1)^{M_b}\).
The notation \(M_b\) means bit \(b\in \{1,\ldots ,n\}\) in bitvector \(M\in \mathbb {F}_2^n\).
As the masking is first-order perfect, we indeed have that \(\mathbb {E}(Y_i|T=t)\) does not depend on the key, for each share \(i\in \{1,2\}\). However, the attacker is inclined to combine the two leakages by a centered product, since the expectation of this combination \(Y_c = Y_1 Y_2\) depends on the key, despite the masking with the uniform \(M\sim \mathcal {U}(\mathbb {F}_2^n)\). Precisely, let \(t\in \mathbb {F}_2^n\) one realization of T. We have that:
which happens to be proportional to the leakage model of the substitution box when the masking is disabled (\(M=0\)). Indeed, one can derive from Eq. (12) that:
The second-order attack thus consists in applying the regular correlation power analysis (CPA [2]):
-
targeting \(X_c = X_1 X_2\) instead of \(X_1\) or \(X_2\),
-
using as leakage model \(\mathbb {E}(Y_c|T)\), where we recall that \(Y_c = Y_1 Y_2\) [38].
Thus, the new leakage to analyse is:
Indeed, the term \(Y_1^\star Y_2^\star \) conditionally to the known plaintext T depends on the key (recall Eq. (12)), whereas the other terms \(\alpha _1 Y_1^\star N_2 + \alpha _2 Y_2^\star N_1 + N_1 N_2\) do not.
Therefore, the SNR in the case of the second-order attack is:
Proposition 11
The SNR in the case of the second-order attack is:
where \({SNR}_i = \alpha _i^2 / \sigma _i^2\) for \(i\in \{1,2\}\).
Proof
We have:
At line (14), we used the fact that S is a bijection of \(\mathbb {F}_2^n\) (as is SubBytes in AES [36]).
Besides, we also have:
Therefore, the variance of the signal is equal to \(\alpha _1^2 \alpha _2^2\).
Regarding the noise part, we have:
by independence between \(N_1\), \(N_2\) and \(Y_i^\star \) for \(i\in \{1,2\}\). We also have:
As a result, we have:
\(\square \)
Corollary 12
(Limit of SNR(2o) in the presence of large noise). When the noise is large, that is \({SNR}_i \ll 1\) for \(i\in \{1,2\}\), then
Proof
Immediate first-order simplification of \(\text {SNR(2o)}\) as given in Proposition 11. \(\square \)
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Guilley, S., Heuser, A., Rioul, O. (2017). Codes for Side-Channel Attacks and Protections. In: El Hajji, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2017. Lecture Notes in Computer Science(), vol 10194. Springer, Cham. https://doi.org/10.1007/978-3-319-55589-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-55589-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55588-1
Online ISBN: 978-3-319-55589-8
eBook Packages: Computer ScienceComputer Science (R0)