Exploring Crypto-Physical Dark Matter and Learning with Physical Rounding

Duval, Sébastien; Méaux, Pierrick; Momin, Charles; Standaert, François‐Xavier

doi:10.46586/tches.v2021.i1.373-401

Cited by 6 publications

(13 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dziembowski et al [DFH + 16] proposed rekeying components based on lattice cryptography backed by a certain theoretical guarantee. This direction has been further explored by Duval et al [DMMS21]. Despite reports on some attacks [DEMM14,PM16], in reality, the root of security-an unbounded DPA-resistant/leak-free module-is barely implemented with sophisticated SCA countermeasures (e.g., masking) to the best of authors' knowledge.…”

Section: Conventional Studies On Rekeyingmentioning

confidence: 99%

Fallen Sanctuary: A Higher-Order and Leakage-Resilient Rekeying Scheme

Ueno,

Homma,

Inoue

et al. 2023

TCHES

View full text Add to dashboard Cite

This paper presents a provably secure, higher-order, and leakage-resilient (LR) rekeying scheme named LR Rekeying with Random oracle Repetition (LR4), along with a quantitative security evaluation methodology. Many existing LR primitives are based on a concept of leveled implementation, which still essentially require a leak-free sanctuary (i.e., differential power analysis (DPA)-resistant component(s)) for some parts. In addition, although several LR pseudorandom functions (PRFs) based on only bounded DPA-resistant components have been developed, their validity and effectiveness for rekeying usage still need to be determined. In contrast, LR4 is formally proven under a leakage model that captures the practical goal of side-channel attack (SCA) protection (e.g., masking with a practical order) and assumes no unbounded DPA-resistant sanctuary. This proof suggests that LR4 resists exponential invocations (up to the birthday bound of key size) without using any unbounded leak-free component, which is the first of its kind. Moreover, we present a quantitative SCA success rate evaluation methodology for LR4 that combines the bounded leakage models for LR cryptography and a state-of-the-art information-theoretical SCA evaluation method. We validate its soundness and effectiveness as a DPA countermeasure through a numerical evaluation; that is, the number of secure calls of a symmetric primitive increases exponentially by increasing a security parameter under practical conditions.

show abstract

Section: Conventional Studies On Rekeyingmentioning

confidence: 99%

Fallen Sanctuary: A Higher-Order and Leakage-Resilient Rekeying Scheme

Ueno,

Homma,

Inoue

et al. 2023

TCHES

View full text Add to dashboard Cite

show abstract

“…We first define the LWPR assumption introduced in [DMMS21]. For this purpose, let us consider a secret matrix K ∈ F m×n 2 and a public vector r ∈ F n 2 .…”

Section: Learning With Physical Roundingmentioning

confidence: 99%

“…Unfortunately, the concrete level of noise in the leakages needed for their proof that LPL is secure was shown to be quite high. More recently, Duval et al showed that it is possible to design re-keying schemes based on a Learning With Physical Rounding (LWPR) problem [DMMS21]. Here, the main observation is that many practical leakage functions, such as the Hamming weight one [MOP07], are non-injective.…”

Section: Introductionmentioning

confidence: 99%

“…We note that the security of LWPR with linear or quadratic leakage functions relies on different arguments than previously used for similar constructions. For example in [DMMS21], the high-level idea behind the hardness of LWPR with Hamming weight leakages is that the composition of linear functions in different structures is sufficient to provide security. This holds since the composition gives functions with good cryptographic parameters in both initial structures.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Learning with Physical Rounding for Linear and Quadratic Leakage Functions

Hoffmann

Méaux

Momin

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Fresh re-keying is a countermeasure against side-channel analysis where an ephemeral key is derived from a long-term key using a public random value. Popular instances of such schemes rely on keyhomomorphic primitives, so that the re-keying process is easy to mask and the rest of the (e.g., block cipher) computations can run with cheaper countermeasures. The main requirement for these schemes to be secure is that the leakages of the ephemeral keys do not allow recovering the long-term key. The Learning with Physical Rounding (LWPR) problem formalizes this security in a practically-relevant model where the adversary can observe noise-free leakages. It can be viewed as a physical version of the Learning With Rounding (LWR) problem, where the rounding is performed by a leakage function and therefore does not have to be computed explicitly. In this paper, we first consolidate the intuition that LWPR cannot be secure in a serial implementation context without additional countermeasures (like shuffling), due to attacks exploiting worst-case leakages that can be mounted with practical data complexity. We then extend the understanding of LWPR in a parallel implementation setting. On the one hand, we generalize its robustness against cryptanalysis taking advantage of any (i.e., not only worst-case) leakage. A previous work claimed security in the specific context of a Hamming weight leakage function. We clarify necessary conditions to maintain this guarantee, based on the degree of the leakage function and the accuracy of its coefficients. On the other hand, we show that parallelism inherently provides good security against attacks exploiting worst-case leakages. We finally confirm the practical relevance of these findings by validating our assumptions experimentally for an exemplary implementation.

show abstract

“…Intuitively, such a weakness seems to be related to the "algebraic compatibility" between the Hamming weight function and operations in binary fields -a phenomenon that is also known to create weaknesses in the context of fresh-rekeying (e.g., see [MSGR10,BFG14]). Since prime fields contribute to security in the context of fresh re-keying, by making the cipher operations and their leakage less compatible [DMMS21], it appears natural to investigate whether such a tweak can help in the context of additive masking as well. Interestingly, this idea also benefits from strong theoretical support, as Dziembowski et al showed that masking in prime fields can be used to amplify arbitrarily low noise levels, while masking in fields of composite order always carries the risk that no noise amplification takes place [DFS16].…”

Section: Introductionmentioning

confidence: 99%

Prime-Field Masking in Hardware and its Soundness against Low-Noise SCA Attacks

Cassiers

Masure²,

Momin³

et al. 2023

TCHES

View full text Add to dashboard Cite

A recent study suggests that arithmetic masking in prime fields leads to stronger security guarantees against passive physical adversaries than Boolean masking. Indeed, it is a common observation that the desired security amplification of Boolean masking collapses when the noise level in the measurements is too low. Arithmetic encodings in prime fields can help to maintain an exponential increase of the attack complexity in the number of shares even in such a challenging context. In this work, we contribute to this emerging topic in two main directions. First, we propose novel masked hardware gadgets for secure squaring in prime fields (since squaring is non-linear in non-binary fields) which prove to be significantly more resource-friendly than corresponding masked multiplications. We then formally show their local and compositional security for arbitrary orders. Second, we attempt to >experimentally evaluate the performance vs. security tradeoff of prime-field masking. In order to enable a first comparative case study in this regard, we exemplarily consider masked implementations of the AES as well as the recently proposed AESprime. AES-prime is a block cipher partially resembling the standard AES, but based on arithmetic operations modulo a small Mersenne prime. We present cost and performance figures for masked AES and AES-prime implementations, and experimentally evaluate their susceptibility to low-noise side-channel attacks. We consider both the dynamic and the static power consumption for our low-noise analyses and emulate strong adversaries. Static power attacks are indeed known as a threat for side-channel countermeasures that require a certain noise level to be effective because of the adversary’s ability to reduce the noise through intra-trace averaging. Our results show consistently that for the noise levels in our practical experiments, the masked prime-field implementations provide much higher security for the same number of shares. This compensates for the overheads prime computations lead to and remains true even if / despite leaking each share with a similar Signal-to-Noise Ratio (SNR) as their binary equivalents. We hope our results open the way towards new cipher designs tailored to best exploit the advantages of prime-field masking.

show abstract

Exploring Crypto-Physical Dark Matter and Learning with Physical Rounding

Cited by 6 publications

References 31 publications

Fallen Sanctuary: A Higher-Order and Leakage-Resilient Rekeying Scheme

Fallen Sanctuary: A Higher-Order and Leakage-Resilient Rekeying Scheme

Learning with Physical Rounding for Linear and Quadratic Leakage Functions

Prime-Field Masking in Hardware and its Soundness against Low-Noise SCA Attacks

Contact Info

Product

Resources

About