Advertisement

Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizations

  • Gilles Barthe
  • Sonia Belaïd
  • François Dupressoir
  • Pierre-Alain Fouque
  • Benjamin Grégoire
  • François-Xavier StandaertEmail author
  • Pierre-Yves Strub
Regular Paper
  • 19 Downloads

Abstract

Refreshing algorithms are a critical ingredient for secure masking. They are instrumental in enabling sound composability properties for complex circuits, and their randomness requirements dominate the performance overheads in (very) high-order masking. In this paper, we improve a proposal of mask refreshing algorithms from EUROCRYPT 2017 that has excellent implementation properties in software and hardware, in two main directions. First, we provide a generic proof that this algorithm is secure at arbitrary orders—a problem that was left open so far. We introduce parametrized non-interference as a new technical ingredient for this purpose that may be of independent interest. Second, we use automated tools to further explore the design space of such algorithms and provide the best known parallel mask refreshing gadgets for concretely relevant security orders. Incidentally, we also prove the security of a recent proposal of mask refreshing with improved resistance against horizontal attacks from CHES 2017.

Keywords

Side-channel attacks Masking countermeasure Refreshing algorithms Composability 

Notes

Acknowledgements

François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). This work has been funded in parts by the European Union through the ERC project SWORD (724725).

References

  1. 1.
    Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I, Volume 9665 of LNCS, pp. 622–643. Springer, Heidelberg (2016)Google Scholar
  2. 2.
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B.: Compositional verification of higher-order masking: application to a verifying masking compiler. Cryptology ePrint Archive, Report 2015/506. http://eprint.iacr.org/2015/506
  3. 3.
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y.: Verified proofs of higher-order masking. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I, Volume 9056 of LNCS, pp. 457–485. Springer, Heidelberg (2015)Google Scholar
  4. 4.
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16, pp. 116–129. ACM Press, New York (2016)CrossRefGoogle Scholar
  5. 5.
    Barthe, G., Dupressoir, F., Faust, S., Grégoire, B., Standaert, F.-X., Strub, P.-Y.: Parallel implementations of masking schemes and the bounded moment leakage model. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I, Volume 10210 of LNCS, pp. 535–566. Springer, Heidelberg (2017)Google Scholar
  6. 6.
    Battistello, A., Coron, J.-S., Prouff, E., Zeitoun, R.: Horizontal side-channel attacks and countermeasures on the ISW masking scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016, Volume 9813 of LNCS, pp. 23–39. Springer, Heidelberg (2016)Google Scholar
  7. 7.
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II, Volume 9666 of LNCS, pp. 616–648. Springer, Heidelberg (2016)Google Scholar
  8. 8.
    Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic decomposition for probing security. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015, Part I, Volume 9215 of LNCS, pp. 742–763. Springer, Heidelberg (2015)Google Scholar
  9. 9.
    Cassiers, G., Standaert, F.-X.: Improved bitslice masking: from optimized non-interference to probe isolation. IACR Cryptol. ePrint Arch. 2018, 438 (2018)Google Scholar
  10. 10.
    Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014, Volume 8441 of LNCS, pp. 441–458. Springer, Heidelberg (2014)Google Scholar
  11. 11.
    Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007, Volume 4727 of LNCS, pp. 28–44. Springer, Heidelberg (2007)Google Scholar
  12. 12.
    Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013, Volume 8424 of LNCS, pp. 410–424. Springer, Heidelberg (2014)Google Scholar
  13. 13.
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014, Volume 8441 of LNCS, pp. 423–440. Springer, Heidelberg (2014)Google Scholar
  14. 14.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete—or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I, Volume 9056 of LNCS, pp. 401–429. Springer, Heidelberg (2015)Google Scholar
  15. 15.
    Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting circuits from leakage: the computationally-bounded and noisy cases. In: Gilbert, H. (ed.) EUROCRYPT 2010, Volume 6110 of LNCS, pp. 135–156. Springer, Heidelberg (2010)Google Scholar
  16. 16.
    Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science. Springer (2017)Google Scholar
  17. 17.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16, pp. 1626–1638. ACM Press, New York (2016)CrossRefGoogle Scholar
  18. 18.
    Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I, Volume 10210 of LNCS, pp. 567–597. Springer, Heidelberg (2017)Google Scholar
  19. 19.
    Groß, H., Mangard, S.: Reconciling d+1 masking in hardware and software. In: Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science, pp. 115–136. Springer (2017)Google Scholar
  20. 20.
    Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: 24th USENIX Security Symposium, USENIX Security 15, Washington, DC, USA, August 12–14, 2015, pp. 897–912 (2015)Google Scholar
  21. 21.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003, Volume 2729 of LNCS, pp. 463–481. Springer, Heidelberg (2003)Google Scholar
  22. 22.
    Journault, A., Standaert, F.-X.: Very high order masking: efficient implementation and security evaluation. In: Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science, pp. 623–643. Springer (2017)Google Scholar
  23. 23.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO’99, Volume 1666 of LNCS, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  24. 24.
    Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013, Volume 7881 of LNCS, pp. 142–159. Springer, Heidelberg (2013)Google Scholar
  25. 25.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: CHES, Volume 6225 of Lecture Notes in Computer Science, pp. 413–427. Springer (2010)Google Scholar
  26. 26.
    Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, Volume 3860 of LNCS, pp. 208–225. Springer, Heidelberg (2006)Google Scholar
  27. 27.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 62–74 (2010)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  • Gilles Barthe
    • 1
  • Sonia Belaïd
    • 2
  • François Dupressoir
    • 3
  • Pierre-Alain Fouque
    • 4
  • Benjamin Grégoire
    • 5
  • François-Xavier Standaert
    • 6
    Email author
  • Pierre-Yves Strub
    • 7
  1. 1.IMDEA Software InstituteMadridSpain
  2. 2.CryptoExpertsParisFrance
  3. 3.University of SurreyGuildfordUK
  4. 4.Université de Rennes 1RennesFrance
  5. 5.Inria Sophia-Antipolis – MéditerranéeValbonneFrance
  6. 6.ICTEAM InstituteUniversité catholique de LouvainLouvain-la-NeuveBelgium
  7. 7.Ecole PolytechniquePalaiseauFrance

Personalised recommendations