Masking Proofs are Tight (and How to Exploit it in Security Evaluations) Vincent Grosso, François-Xavier Standaert Radbout University Nijmegen (The Netherlands), UCL (Belgium) EUROCRYPT 2018, Tel Aviv, Israel
Motivation (side-channel security evaluation) 1 current practice (simplified) attack-based evaluations 2 128 computation 2 64 2 0 2 10 2 20 π ππ measurements
Motivation (side-channel security evaluation) 1 current practice (simplified) > π ππ = π ππ ? = π ππ ? attack-based evaluations 2 128 computation 2 64 2 0 2 10 2 20 π ππ measurements
Motivation (side-channel security evaluation) 1 current practice proposed approach (simplified) open designs ( Kerckhoffs ) attack-based evaluations proof-based evaluations 2 128 2 128 computation computation computation 2 64 2 64 2 0 2 0 2 10 2 20 2 30 2 60 π ππ π ππ measurements measurements
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) ?
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) ? β’ π β 1 probes do not reveal anything on π§
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) y β’ But π probes completely reveal π§
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) ? β’ Noisy leakage security ( Prouff, Rivain 2013 )
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) noise and independence (Duc, Dziemb., Faust 2014) β’ Noisy leakage security ( Prouff, Rivain 2013 )
Example: masked encoding 2 β’ Probing security ( Ishai, Sahai, Wagner 2003 ) π§ = π§ 1 β π§ 2 β β― β π§(π β 1) β π§(π) noise and independence (Duc, Dziemb., Faust 2014) β’ Noisy leakage security ( Prouff, Rivain 2013 ) π MI( π, π΄) < MI( π(π), π΄(π)) π π β and MI (π;π΄)
Contributions 3 β’ Previous work: masking proofs are tight for the encodings (Duc, Faust, Standaert, EC15/JoC18)
Contributions 3 β’ Previous work: masking proofs are tight for the encodings (Duc, Faust, Standaert, EC15/JoC18) β’ This work: 1. The same holds for circuits (e.g., S-boxes) made from simple gadgets (e.g., add. & mult.)
Contributions 3 β’ Previous work: masking proofs are tight for the encodings (Duc, Faust, Standaert, EC15/JoC18) β’ This work: 1. The same holds for circuits (e.g., S-boxes) made from simple gadgets (e.g., add. & mult.) 2. Proofs can considerably simplify evaluations β’ Under noise & independence assumptions β’ Limited to divide & conquer attacks
Outline 1. Evaluation settings 2. Case studies w.c. eval. time complexity β’ Case #1: low π , one-tuple vs. multi-tuples β’ Independent Operationβs Leakages (IOL) β’ Case #2: higher π , single-tuple β’ Independent Shares Leakages (ISL), DFS bound β’ Case #3: multiplication leakages β’ ISL assumption + PR bound β’ Case #4: higher π , worst-case attacks β’ Shares repetition, security graphs 3. Concrete attacks (i.e., why worst-case data comp. needed) 4. Conclusions & future research
Outline 1. Evaluation settings 2. Case studies w.c. eval. time complexity β’ Case #1: low π , one-tuple vs. multi-tuples β’ Independent Operationβs Leakages (IOL) β’ Case #2: higher π , single-tuple β’ Independent Shares Leakages (ISL), DFS bound β’ Case #3: multiplication leakages β’ ISL assumption + PR bound β’ Case #4: higher π , worst-case attacks β’ Shares repetition, security graphs 3. Concrete attacks (i.e., why worst-case data comp. needed) 4. Conclusions & future research
Evaluation settings (I) 4 β’ Target implementation:
Evaluation settings (I) 4 β’ Target implementation: β’ C1 Adv: one π -tuple, π΄ = π 10 = [π 10 1 , β¦ , π 10 π ] leakage matrix leakage vector leakage sample ( one π -tuple ) ( all leaks ) ( one share )
Evaluation settings (I) 4 β’ Target implementation: β’ C2 Adv: ten π -tuples, π΄ = [π 1 , π 2 , β¦ , π 10 ]
Evaluation settings (I) 4 β’ Target implementation: C3 Adv: multiplication leaks, some β’ π π βs become π 2 -tuples - or even 2 π 2 -tuples ( log/alog tables ) compression π 1 π 1 π 1 π 1 π 2 π 1 π 3 0 π π 1 2 π 2 βπ 0 π π 2 π 1 π 2 π 2 π 2 π 3 + β 1 3 π 3 βπ π 0 π 3 π 1 π 3 π 2 π 3 π 3 2 3 refreshing partial products
Evaluation settings (I) 4 β’ Target implementation: C3 Adv: multiplication leaks, some β’ π π βs become π 2 -tuples - or even 2 π 2 -tuples ( log/alog tables ) β’ 8-bit π§ = π§(1) β¦ π§ π , π(π) = HW π§(π) + π 2 , SNR = π 2 (8βbit HW) = 2 β’ Noise variance π π 2 2 π π π π β’ ( Correlated noise analyzed in the paper )
Evaluation settings (II) 5 β’ Exact worst-case evaluations β computing: MI πΏ; π, π΄ = H πΏ + Pr[π] β Pr π¦ π π¦ β Pr[π§] β Pr π π, π¦, π β log 2 (Pr π π¦, π ) π π shares vectors π -dimension integral β π(2 π ) β’ Which can be computationally hardβ¦
Outline 1. Evaluation settings 2. Case studies w.c. eval. time complexity β’ Case #1: low π , one-tuple vs. multi-tuples β’ Independent Operationβs Leakages (IOL) β’ Case #2: higher π , single-tuple β’ Independent Shares Leakages (ISL), DFS bound β’ Case #3: multiplication leakages β’ ISL assumption + PR bound β’ Case #4: higher π , worst-case attacks β’ Shares repetition, security graphs 3. Concrete attacks (i.e., why worst-case data comp. needed) 4. Conclusions & future research
Case #1 6 β’ π = 1,2 , C1 Adv β exhaustive analysis possible
Case #1 6 β’ π = 1,2 , C2 Adv β exhaustive analysis possible
Case #1 6 β’ π = 1,2 , C2 Adv β exhaustive analysis possible β’ But IOL assumption leads to faster evaluation π , β’ i.e., MI πΏ; π, π΄ β 10 β MI(π π π )
Case #1 6 β’ π = 1,2 , C2 Adv β exhaustive analysis possible β’ But IOL assumption leads to faster evaluation β’ Conservative ( dependencies linearly decrease the MI )
Case #2 7 β’ Larger π βs, C1 Adv β exhaustive analysis hard
Case #2 7 β’ Larger π βs, C1 Adv β exhaustive analysis hard β’ But ISL assumpt. leads to much faster eval. π π (π)) π [DFS15,18] π , π (π), β’ i.e., MI( π π π ) < MI( π
Case #2 7 β’ Larger π βs, C1 Adv β exhaustive analysis hard β’ But ISL assumpt. leads to much faster eval. β’ Critical ( dependencies exponentially increase the MI )
Case #3 8 β’ Mult. leaks β analysis even harder ( 2-bit example )
Case #3 8 β’ Mult. leaks β analysis even harder ( 2-bit example ) β’ ISL assumpt. leads to much faster eval. [PR13] MI( π 2 partial prod.) β 1,72 β π β MI(π -tuple) β’
Case #4: putting things together (I) 9 β’ Full S-box analysis, large π βs, C1 & C3 Adv
Case #4: putting things together (I) 9 β’ Full S-box analysis, large π βs, C1 & C3 Adv β’ C1 β C3: MI increases linearly in # of tuples π π (π)) π β π β MI( π π (π), π (π), π π (π)) π β’ i.e., MI( π
Case #4: putting things together (I) 9 β’ Full S-box analysis, large π βs, C1 & C3 Adv β’ C1 β C3: MI increases linearly in # of tuples β’ β βcircuit sizeβ parameter of masking proofs
Case #4: putting things together (II) 10 β’ Things get (much) worse if shares re-used π 1 π 1 π 1 π 2 π 1 π 3 β’ e.g., ISW each share used π times: π 2 π 1 π 2 π 2 π 2 π 3 π 3 π 1 π 3 π 2 π 3 π 3
Case #4: putting things together (II) 10 β’ Things get (much) worse if shares re-used Adv. can average the β’ π π (π) βs & increases MI exp. in π
Case #4: putting things together (II) 10 β’ Things get (much) worse if shares re-used Adv. can average the β’ π π (π) βs & increases MI exp. in π π π (π)) π β (π β MI( π π (π), π (π), π π (π))) π β’ i.e., MI( π
Case #4: putting things together (II) 10 β’ Things get (much) worse if shares re-used Adv. can average the β’ π π (π) βs & increases MI exp. in π β’ β βnoise conditionβ of masking security proofs
Case #4: putting things together (II) 10 β’ Things get (much) worse if shares re-used Adv. can average the β’ π π (π) βs & increases MI exp. in π β’ β βnoise conditionβ of masking security proofs
Link to the bigger picture 11 β’ From MI πΏ; π, π΄ one can directly obtain a bound on the attackβs overall complexity β’ Example for MI πΏ; π, π΄ = 10 β7
Recommend
More recommend