Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

Bronchain, Olivier; Standaert, François‐Xavier

doi:10.46586/tches.v2021.i3.202-234

Cited by 22 publications

(17 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…competition for each target; in general, the results we obtained were similar to those reported in the evaluation ("Hall of Fame") of the competition [5], for which according to the organizers five attack runs were performed. However, similar to [6], and different from the rules used in [5], we decided to evaluate our attack against the median key rank at a given number of traces; [5] used the average key rank. Since the key rank distribution has a very heavy tail, the average of the key rank of n attack runs will generally be higher than the median of the key rank achieved in the same attack runs.…”

Section: Global Key Rankmentioning

confidence: 99%

“…While especially the last figure is subject to much uncertainty, the numbers given by [5] do have the advantage that they were generated data that we never had access to. We do not know the corresponding numbers for the solution proposed in [6].…”

Section: Global Key Rankmentioning

confidence: 99%

“…Table 3: Number of traces that are needed to achieve a median key rank lower than 2 32 , comparison of our solution and [6].…”

Section: Global Key Rankmentioning

confidence: 99%

See 2 more Smart Citations

Breaking Masked Implementations of the Clyde-Cipher by Means of Side-Channel Analysis

Gohr¹,

Laus

Schindler

2022

TCHES

View full text Add to dashboard Cite

In this paper we present our solution to the CHES Challenge 2020, the task of which it was to break masked hardware respective software implementations of the lightweight cipher Clyde by means of side-channel analysis. We target the secret cipher state after processing of the first S-box layer. Using the provided trace data we obtain a strongly biased posterior distribution for the secret-shared cipher state at the targeted point; this enables us to see exploitable biases even before the secret sharing based masking. These biases on the unshared state can be evaluated one S-box at a time and combined across traces, which enables us to recover likely key hypotheses S-box by S-box.In order to see the shared cipher state, we employ a deep neural network similar to the one used by Gohr, Jacob and Schindler to solve the CHES 2018 AES challenge. We modify their architecture to predict the exact bit sequence of the secret-shared cipher state. We find that convergence of training on this task is unsatisfying with the standard encoding of the shared cipher state and therefore introduce a different encoding of the prediction target, which we call the scattershot encoding. In order to further investigate how exactly the scattershot encoding helps to solve the task at hand, we construct a simple synthetic task where convergence problems very similar to those we observed in our side-channel task appear with the naive target data encoding but disappear with the scattershot encoding.We complete our analysis by showing results that we obtained with a “classical” method (as opposed to an AI-based method), namely the stochastic approach, thatwe generalize for this purpose first to the setting of shared keys. We show that the neural network draws on a much broader set of features, which may partially explain why the neural-network based approach massively outperforms the stochastic approach. On the other hand, the stochastic approach provides insights into properties of the implementation, in particular the observation that the S-boxes behave very different regarding the easiness respective hardness of their prediction.

show abstract

Section: Global Key Rankmentioning

confidence: 99%

Section: Global Key Rankmentioning

confidence: 99%

See 1 more Smart Citation

Breaking Masked Implementations of the Clyde-Cipher by Means of Side-Channel Analysis

Gohr¹,

Laus

Schindler

2022

TCHES

View full text Add to dashboard Cite

show abstract

“…If higher security levels are required, and e.g., if masking is evaluated to be used simultaneously, such a factor can quadratically reduce area/energy cost of the entire system as the masking order (d) can be linearly reduced with the SNR decrease. Another important aspect is that in low-noise scenarios some underlying noise-embedding mechanism is anyway a must for masked designs as demonstrated in [11], pinpointing the importance of the proposed mechanism. Therefore, the proposed design support our objective of demonstrating a fully-digital randomization based SCA security mechanism which provides a state-of-the-art cost-per-security in the class of EDA supported and security-modelled solutions.…”

Section: Conclusion and Future-workmentioning

confidence: 99%

“…An important added value for embedding circuitry randomization mechanism, such as the ones promoted in this manuscript, is that in many cases the inherent level of noise required to comply with masking's statistical security bounds is insufficient. For example, we can consider the evaluation in [11] showing insufficient software implementations security levels which impedes fulfilling masking full potential. This implies that some underlying noise-embedding mechanism is a must for even standard edge/IoT devices which manifest a rather low noise-level.…”

Section: Introductionmentioning

confidence: 99%

Fully-Digital Randomization Based Side-Channel Security—Toward Ultra-Low Cost-per-Security

2022

View full text Add to dashboard Cite

In this paper we formulate and re-evaluate a recently proposed randomization-based sidechannel protection mechanism. The strength of the construction lies with its ability to comply with standard digital design flows and that it provides a security parameter which directly links side-channel security metrics. A detailed leakage model is provided and investigated for the first time, and it is linked to electronic parameters of the randomization mechanism. We develop guidelines and optimization for concrete ASIC constructions, and sheds light on this ultra low-cost leakage-randomization mechanism. The proposed circuit is natural to be utilized without or on top of the popular masking countermeasures. It is demonstrated to be considerably more efficient in terms of attack data-complexity as compared to low-order masking (i.e., number of shares d = 2). In addition, seemingly it is a nice and necessary fit to increase the noise when a too low-noise environment is expected, which impedes masking's theoretical security. Finally, it is discussed that the proposed mechanism is natural to be embedded with masked designs for higher security-levels (d > 2) while lowering significantly their asymptotically quadratic area price-tag as d increase. Robustness results are provided along with post & route cost estimations for both AES encryption and a more recently proposed permutation such as ISAP. Our design efficiently provides unprecedented three orders-of-magnitude signal-to-noise reduction with a total area-overhead of 21% and 46% for AES and Ascon-ρ, respectively. These factors are more cost-efficient than low-orders masked designs and such mechanisms are sometimes necessary when the inherent noise is not sufficient. However, the joint embedding of the proposed mechanism with masked designs potentially exponentially improve the security level they provide, all whilst enabling electronic-design friendly security mechanism.

show abstract