Advertisement

High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained

And an Improved Construction
  • Florian Unterstein
  • Johann Heyszl
  • Fabrizio De Santis
  • Robert Specht
  • Georg Sigl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)

Abstract

Achieving side-channel resistance through Leakage Resilience (LR) is highly relevant for embedded devices where requirements of other countermeasures such as e.g. high quality random numbers are hard to guarantee. The main challenge of LR lays in the initialization of a secret pseudorandom state from a long-term key and public input. Leakage-Resilient Pseudo-Random Functions (LR-PRFs) aim at solving this by bounding side-channel leakage to non-exploitable levels through frequent re-keying. Medwed et al. recently presented an improved construction at ASIACRYPT 2016 which uses “unknown-inputs” in addition to limited data complexity and correlated algorithmic noise from parallel S-boxes. However, a subsequent investigation uncovered a vulnerability to high-precision EM analysis on FPGA. In this paper, we follow up on the reasons why such attacks succeed on FPGAs. We find that in addition to the high spatial resolution, it is mainly the high temporal resolution which leads to the reduction of algorithmic noise from parallel S-boxes. While spatial resolution is less threatening for smaller technologies than the used FPGA, temporal resolution will likely remain an issue since balancing the timing behavior of signals in the nanosecond range seems infeasible today. Nonetheless, we present an improvement of the ASIACRYPT 2016 construction to effectively protect against EM attacks with such high spatial and high temporal resolution. We carefully introduce additional key entropy into the LR-PRF construction to achieve a high remaining security level even when implemented on FPGAs. With this improvement, we finally achieve side-channel secure LR-PRFs in a practical and simple way under verifiable empirical assumptions.

Keywords

Leakage-resilient cryptography PRF High-resolution localized EM attacks AES 

Notes

Acknowledgements

The work presented in this contribution was supported by the German Federal Ministry of Education and Research in the project ALESSIO through grant number 16KIS0629.

Supplementary material

References

  1. 1.
    Belaïd, S., De Santis, F., Heyszl, J., Mangard, S., Medwed, M., Schmidt, J.M., Standaert, F.X., Tillich, S.: Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. J. Cryptogr. Eng. 4(3), 157–171 (2014)Google Scholar
  2. 2.
    Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Less is more: dimensionality reduction from a theoretical perspective. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 22–41. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_2 CrossRefGoogle Scholar
  3. 3.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005).  https://doi.org/10.1007/11545262_32 CrossRefGoogle Scholar
  4. 4.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_26 Google Scholar
  5. 5.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (JACM) 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Hanley, N., Tunstall, M., Marnane, W.P.: Unknown plaintext template attacks. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 148–162. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10838-9_12 CrossRefGoogle Scholar
  7. 7.
    Heyszl, J., Merli, D., Heinz, B., De Santis, F., Sigl, G.: Strengths and limitations of high-resolution electromagnetic field measurements for side-channel analysis. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 248–262. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37288-9_17 CrossRefGoogle Scholar
  8. 8.
    Immler, V., Specht, R., Unterstein, F.: Your rails cannot hide from localized EM: how dual-rail logic fails on FPGAs. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 403–424. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_20 CrossRefGoogle Scholar
  9. 9.
    Kirschbaum, M.: Power analysis resistant logic styles - design, implementation, and evaluation. Ph.D. thesis (2011)Google Scholar
  10. 10.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer Science & Business Media, New York (2008).  https://doi.org/10.1007/978-0-387-38162-6 zbMATHGoogle Scholar
  11. 11.
    May, D., Muller, H.L., Smart, N.P.: Non-deterministic processors. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 115–129. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-47719-5_11 CrossRefGoogle Scholar
  12. 12.
    Medwed, M., Standaert, F.-X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient PRFs. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 193–212. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_12 CrossRefGoogle Scholar
  13. 13.
    Medwed, M., Standaert, F.-X., Nikov, V., Feldhofer, M.: Unknown-input attacks in the parallel setting: improving the security of the CHES 2012 leakage-resilient PRF. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 602–623. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_22 CrossRefGoogle Scholar
  14. 14.
    Standaert, F.-X., Pereira, O., Yu, Y., Quisquater, J.J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. IACR Cryptology ePrint Archive 2009/341 (2009)Google Scholar
  15. 15.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_19 CrossRefGoogle Scholar
  16. 16.
    Unterluggauer, T., Werner, M., Mangard, S.: Side-channel plaintext-recovery attacks on leakage-resilient encryption. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1318–1323, March 2017Google Scholar
  17. 17.
    Unterstein, F., Heyszl, J., De Santis, F., Specht, R.: Dissecting leakage resilient PRFs with multivariate localized EM attacks. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 34–49. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-64647-3_3 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Fraunhofer Research Institution AISECMunichGermany
  2. 2.Siemens AG, Corporate TechnologyMunichGermany
  3. 3.Technische Universität MünchenMunichGermany

Personalised recommendations