for mceliece im implementations
play

for McEliece Im Implementations Thomas Eisenbarth Joint work with - PowerPoint PPT Presentation

Sid ide Channel Analysis and Protection for McEliece Im Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview Motivation QC-MDPC


  1. Sid ide Channel Analysis and Protection for McEliece Im Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University

  2. Overview • Motivation • QC-MDPC McEliece • Horizontal and Vertical Side Channel Analysis of McEliece • Masking a QC-MDPC McEliece implementation 2

  3. Motivation 3

  4. Post-Quantum Cryptography? • Internet Security rests on Public Key Cryptography • Digital Signatures (RSA, (EC)-DSA) • Key Exchange ((EC)DH) • Public Key Encryption (RSA) • Security Relies on Hardness of Factoring or Discrete Logarithm Problem • Quantum Computers: • Shor’s Algorithm solves DL/Factoring in polynomial time • Prediction: 10 – 30 years from now  Can You afford to disclose your current secrets in 10 years? 4

  5. Timeline for PQC Standardization • NSA 2015: Time to switch to “Quantum - Secure Cryptography” • August 2016: NIST Post Quantum Crypto Project NIST announces PQC Standardization Process Deadline: November 2017 5

  6. McEliece Cryptosystem • Code-based Cryptosystem • PK Encryption • Proposed by McEliece in 1978 • Fairly efficient • No efficient attacks • Large key size 6

  7. QC-MDPC McEliece 7

  8. QC-MDPC as Public Key Scheme [1] McEliece based on Quasi-Cyclic Moderate Density Parity-Check code Key Generation: Public Key −1 ⋅ 𝐼 0 𝑈 , 𝐽 ∈ 𝔾 2 • Parity Check Matrix 4801×4801 𝐻 = 𝐽 𝐼 1 4801×4801 𝐼 = 𝐼 0 𝐼 1 , 𝐼 0 , 𝐼 1 ∈ 𝔾 2 • 𝑥𝑢(ℎ 0 ) = 𝑥𝑢(ℎ 1 ) = 45 ℎ 1 ℎ 0 I 𝐼 0 𝐼 1 8 1. Misoczki, R. etc, "MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes," Information Theory Proceedings (ISIT), 2013

  9. QC-MDPC McEliece Encryption 4801 , error vector 𝑓 ∈ 𝑆 𝔾 2 9602 , 𝑥𝑢(𝑓) ≤ 84 Message 𝑛 ∈ 𝔾 2 x ← 𝑛𝐻 + 𝑓 Decryption Compute the syndrome 𝑡 = 𝐼𝑦 𝑈 1. 2. Count # 𝑣𝑞𝑑 for each ciphertext bit If # 𝑣𝑞𝑑 exceeds threshold 𝑐 𝑗 , flip the ciphertext bit a) b) Add current row ℎ 𝑘 to the syndrome 3. Repeat 2. until either 𝑡 = 𝟏 or exceeding max. iterations 9

  10. Side Channel Analysis 10

  11. Side Channel Attacks ciphertext Leakage plaintext • Critical information leaked through side channels • Adversary can extract critical secrets (keys etc.) • Usually require physical access (proximity) 11

  12. Power Analysis of McEliece [HMP10] • AVR Software implementation of classic McEliece • SPA based approaches on various key parts • Finds HW of key information via SPA • Final key recovery requires significant guessing • DPA not possible , as key not classically mixed into state. 12 [3] Heyse, Moradi, Paar: Practical Power Analysis Attacks on Software Implementations of McEliece PQCrypto 2010

  13. Efficient FPGA Implementation [MG14] Key rotation Syndrome computation   T s H x        ( ) ( ) s s h i x h i x  0 1 4801 i i 13 [MG14] von Maurich, I.; Güneysu, T., "Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices," DATE 2014

  14. Key Rotation (KR) of 4801-bit h 0 [0:4800]  4801 = 150×32 + 1 bits  150 clock cycles per rotation 1-bit carry 63 4800:30 95 31  63:94 31:62 150 bits overwrite register 63 4800 31  4801 rotations during KR;  4801×150 times overwriting;  Each bit has 150 chances Read-First overwriting the carry reg 150 32:63 0:31 64:95 BRAM during one decryption Horiz izontal l Attack: 32-  bit Use 150 leakages from one trace! 14

  15. Leakage Model i   For any key bit , the leakage when , , {0,1}, j [0,4800] h i j it overwrites carry register:   1-bit ... ... h h h   ℎ 𝑗,𝑘 carry , 32 , , 32 i j i j i j ℎ 𝑗,𝑘−32       ... ... h h ... h h h h      , 32 , 1 , 1 , 32 , 31 , i j i j i j i j i j i j 15

  16. Leakage Exploitation 16

  17. Experiment Setup  SASEBO-GII SCA evaluation board  Tektronix DPO 5104 oscilloscope -- Clocked at 3MHz -- Sampling rate: 100MS/s bit 31 overwrites carry 17

  18. Differential Trace 18

  19. Key Bits Recovery  Shape Definition  Shape Detection • Find a clear characteristic shape • Browse the differential trace to caused by a set bit in the find more characteristic shapes differential trace • Recover bit 0 and bit 1 • Define threshold based on this shape   ...... ...... h h h   , 32 , , 32 i j i j i j 1 0 0 …0… …0… …0… 0 0 0 0 0 0 0 0 0 …0… …0… …0… 1 0 0 0 …0… 0 1 0 …0… 0 0 …0… 0 0 0 …0… 0 19

  20. DPA results for (h 1 + h 0 ) Recovered key bits of 0 vs. false positives Recovered key bits of 1 vs. false positives 20

  21. Vertical Attack on Syndrome Computation Key rotation Syndrome computation   T s H x        ( ) ( ) s s h i x h i x  0 1 4801 i i Idea: set single bit in 𝑦 𝑗 and see ℎ 0 written in 𝑡  4801 different leakages for ℎ 0 22

  22. Vertical Attack on Syndrome Leakage • Leakage model: Hamming weight of 𝐼 written to empty syndrome: • Differential Trace: • Subtract base behavior (leakage w/o syndrome update)  Sparse 1’s leave clear mark in trace 23

  23. Vertical Attack: Leakage 24

  24. Vertical Attack: Leakage • Each 1 leaks in 32 neighboring bits • Low HW key makes attack feasible 25

  25. Full Key Recovery 26

  26. Relationship between h 0 and h 1 −1 · 𝐼 0 𝑈 𝑅 = 𝐼 1 Known public key:   T h h Q 0 1        T T h h ( ) h Q h h Q I 0 1 1 1 1 48 01 DPA recovers : h 0 + h 1 [0 0 1 0 * 0 0 1 0 0 …… * 0 0 1 0 0 1] h 0 ⊕ h 1 [0 0 * 0 * 0 0 * 0 0 …… * 0 0 * 0 0 *] h 1 [0 0 * 0 * 0 0 * 0 0 …… * 0 0 * 0 0 *] 27

  27. Solving the equation     T ( ) h h h Q I 0 1 1 48 01 = × 0 * 0 … … * 0 0 0 * … * 0 * … * 1 0 ….. 0 1 1 1 …… 0 0 > N 4801-N …… …… …… …… …… => N > 2400 1 0 …… 1 0 DPA recovers 4400 0s with some errors 0 1 …… 1 1 Select N=2401 from 4400 without error.     4398 4395 The probability is between         2401   2401 0.02 0.21     4400 4400       2401  2401  28

  28. Summary  Post-Quantum Cryptography does not solve implementation issues of cryptography  QC-MDPC code reduces the key size but makes DPA feasible  Vertical attack more generic  Horizontal attack more efficient  Full key recovery using secret key’s algebraic property [CEMS15] Chen, Eisenbarth, von Maurich, Steinwandt : Differential Power Analysis of a McEliece Cryptosystem ACNS 2015 [CEMS16] Chen, Eisenbarth, von Maurich, Steinwandt : Horizontal and Vertical Side Channel Analysis of a McEliece 29 Cryptosystem IEEE TIFS 2016

  29. Masking McEliece 30

  30. Masked syndrome computation parity-check matrix 𝐼 has quasi-cyclic structure use uniformly random masks m 0 , …, m n 0  1 to mask h 0 , …, h n 0  1 quasi-cyclic shifting yields mask matrix M split H into two shares H  H m  M masked syndrome s m  H m x T and syndrome mask m s  Mx T can be computed independently one mask suffices! 31

  31. Masked error-correction decoder 32

  32. SecAND: bitwise AND of syndrome and row of H • Adopt Threshold Implementation (TI) for bit-wise AND of 𝐼 and 𝑡 [NRR06]  requires three shares • expand syndrome representation s m  m s 1  m s 2 • expand key representation H m , j  M 1, j  M 2, j  Additional random vectors r 1 , r 2 • to ensure uniformity • Shares of the result (bitwise AND): • ( s m  H m , j )  ( s m  M 1, j )  ( H m , j  m s 1 )  r 1 • ( m s 1  M 1, j )  ( m s 1  M 2, j )  ( M 1, j  m s 2 )  r 2 • ( m s 2  M 2, j )  ( m s 2  H m , j )  ( M 2, j  s m )  r 1  r 2 33 [NRR06] Nikova, Rechberger, Rjimen Threshold Implementations against sidechannel attacks and glitches ISC 2006

  33. SecHW: Secure Hamming weight computation • Unprotected implementation: obtain Hamming weight wt as accumulation of look-ups with pre-computed table • Here: secure conversion from Boolean to arithmetic masking to facilitate secure accumulation [CGV14] Independent sums for each bit position wt ( sh )  ( sh 1, 1  sh 2, 1  sh 3, 1 )  …  ( sh 1, | sh |  sh 2, | sh |  sh 3, | sh | ) wt ( sh )  A 1,1  A 2,1 ,  …  A 1, | sh |  A 2, | sh |  ( A 1,1  …  A 1, | sh | )  ( A 2,1  …  A 2, | sh | ) 34 [CGV14] Coron Großschädl Vadnala Secure Conversion between Boolean and Arithmetic Masking of Any Order CHES 2014

  34. Overview of Decoder 35

  35. Overview of masked implementation 36

  36. Implementation results VHDL design, synthesized for Virtex-5 XC5VLX50 FPGA, FFs LUTs Slices BRAMs Freq. Unprotected 412 568 148 3 318 Masked 3045 4672 1549 3 73 Overhead 7.4x 8.2x 10.5x 1x 4.3x Overhead (4x) not out of line (cf. Moradi et al.’s AES implementation – EC 2011) 37

  37. Leakage Analysis 38

Recommend


More recommend