Verified Proofs of Higher-Order Masking

  • Gilles Barthe
  • Sonia Belaïd
  • François Dupressoir
  • Pierre-Alain Fouque
  • Benjamin Grégoire
  • Pierre-Yves Strub
Conference paper

DOI: 10.1007/978-3-662-46800-5_18

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9056)
Cite this paper as:
Barthe G., Belaïd S., Dupressoir F., Fouque PA., Grégoire B., Strub PY. (2015) Verified Proofs of Higher-Order Masking. In: Oswald E., Fischlin M. (eds) Advances in Cryptology -- EUROCRYPT 2015. EUROCRYPT 2015. Lecture Notes in Computer Science, vol 9056. Springer, Berlin, Heidelberg

Abstract

In this paper, we study the problem of automatically verifying higher-order masking countermeasures. This problem is important in practice, since weaknesses have been discovered in schemes that were thought secure, but is inherently exponential: for \(t\)-order masking, it involves proving that every subset of \(t\) intermediate variables is distributed independently of the secrets. Some tools have been proposed to help cryptographers check their proofs, but are often limited in scope.

We propose a new method, based on program verification techniques, to check the independence of sets of intermediate variables from some secrets. Our new language-based characterization of the problem also allows us to design and implement several algorithms that greatly reduce the number of sets of variables that need to be considered to prove this independence property on all valid adversary observations. The result of these algorithms is either a proof of security or a set of observations on which the independence property cannot be proved. We focus on AES implementations to check the validity of our algorithms. We also confirm the tool’s ability to give useful information when proofs fail, by rediscovering existing attacks and discovering new ones.

Keywords

Higher-order masking Automatic tools EasyCrypt 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Gilles Barthe
    • 1
  • Sonia Belaïd
    • 2
  • François Dupressoir
    • 1
  • Pierre-Alain Fouque
    • 3
  • Benjamin Grégoire
    • 4
  • Pierre-Yves Strub
    • 1
  1. 1.IMDEA Software InstituteMadridSpain
  2. 2.École normale supérieure and Thales Communications and SecurityParis and GennevilliersFrance
  3. 3.Université de Rennes 1 and Institut universitaire de FranceRennesFrance
  4. 4.INRIASophia-AntipolisFrance

Personalised recommendations