Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belaïd 1 , Jean-Sébastien Coron 2 Emmanuel Prouff 3 , Matthieu Rivain 1 and Abdul Rahman Taleb 1 1 CryptoExperts, France 2 University of Luxembourg 3 ANSSI, France August 7, 2020 S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 1 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Side-Channel Attacks S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 2 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Side-Channel Attacks S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 2 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� uniformly at random from G S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� x ⋆ x 0 ··· ⋆ x n − 2 uniformly at random from G S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� x ⋆ x 0 ··· ⋆ x n − 2 uniformly at random from G Security of masking schemes? S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient Realistic
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Realistic
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Random probing model each variable leaks with proba. p Realistic
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Random probing model each variable leaks with proba. p Noisy Leakage model noisy leakage of all the variables Realistic S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 4 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: • [Ajtai, 2011, Andrychowicz et al., 2016] based on expander graphs S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: • [Ajtai, 2011, Andrychowicz et al., 2016] based on expander graphs • [Ananth et al., 2018] based on secure multi-party computa- � tions O ( | C | . poly ( κ )) for a circuit C , tolerated leakage proba. ≈ 2 − 25 � . S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. • Random probing composability / expandability for global security level amplification (inspired from [Ananth et al., 2018]). S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. • Random probing composability / expandability for global security level amplification (inspired from [Ananth et al., 2018]). • Efficient instantiation from base gadgets in O ( | C | .κ 7 . 5 ) tolerating leakage probability ≈ 2 − 8 . S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p || p p × r p p p + p + + Add × Mult. || Copy r Random
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p + p + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + p + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + yes p no + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20
Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + yes p no + Simulation Success + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20
Recommend
More recommend