Faster Evaluation of SBoxes via Common Shares

Coron, Jean-Sébastien; Greuet, Aurélien; Prouff, Emmanuel; Zeitoun, Rina

doi:10.1007/978-3-662-53140-2_24

Cited by 16 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We give an example where we jointly share inputs which are independently processed. This example is related to the work from Coron et al [6] where the above definitions of non-completeness and uniformity form its theoretical basis.…”

Section: Threshold Circuits With Different Sharing Schemesmentioning

confidence: 90%

Threshold Implementations in the Robust Probing Model

Dhooghe

Nikova

Rijmen

2019

Proceedings of ACM Workshop on Theory of Implementation Security Workshop

View full text Add to dashboard Cite

Threshold Implementations (TI) are provably secure algorithmic countermeasures against side-channel attacks in the form of differential power analysis. The strength of TI lies in its minimal algorithmic requirements. These requirements have been studied over more than 10 years and many efficient implementations for symmetric primitives have been proposed. Thus, over the years the practice of protecting implementations matured, however, the theory behind threshold implementations remained the same. In this work, we revise this theory by looking at the properties of correctness, non-completeness, and uniformity as a composable security model. We prove that this model provides first-order and higherorder univariate security in the glitch-robust probing model which lets us expand the theoretic framework of TI. We first provide a link between uniformity and the notion of non-interference, a known composable security notion building out the probing model. We then relax the notion of non-completeness which helps the design of secure expansion and compression functions. Lastly, we provide generalisations of the threshold notions to allow for general secret sharing schemes and provide examples of how different sharing schemes affect the security and efficiency of the countermeasure.

show abstract

Section: Threshold Circuits With Different Sharing Schemesmentioning

confidence: 90%

Threshold Implementations in the Robust Probing Model

Dhooghe

Nikova

Rijmen

2019

Proceedings of ACM Workshop on Theory of Implementation Security Workshop

View full text Add to dashboard Cite

show abstract

“…We partition the benchmarks into two sets: D train for GP S, and D test for the learned analyzer. The training set D train consists of 531 small programs gathered from various public sources, including byte-masked AES [51], random reduction of S-box [52], common shares [53], and leak examples [24]. Each benchmark is a pair, consisting of a program AST and its distribution type, i.e, the ground truth annotated by developers.…”

Section: A Benchmarksmentioning

confidence: 99%

Data-Driven Synthesis of Provably Sound Side Channel Analyses

Wang

Sung

Raghothaman

et al. 2021

Preprint

View full text Add to dashboard Cite

We propose a data-driven method for synthesizing static analyses to detect side-channel information leaks in cryptographic software. Compared to the conventional way of manually crafting such static analyzers, which can be tedious, error prone and suboptimal, our learning-based technique is not only automated but also provably sound. Our analyzer consists of a set of type-inference rules learned from the training data, i.e., example code snippets annotated with the ground truth. Internally, we use syntax-guided synthesis (SyGuS) to generate new recursive features and decision tree learning (DTL) to generate analysis rules based on these features. We guarantee soundness by proving each learned analysis rule via a technique called query containment checking. We have implemented our technique in the LLVM compiler and used it to detect power side channels in C programs that implement cryptographic protocols. Our results show that, in addition to being automated and provably sound during synthesis, our analyzer can achieve the same empirical accuracy as two state-of-the-art, manually-crafted analyzers while being 300X and 900X faster, respectively.• We propose the first data-driven method for learning a provably sound static analyzer using syntax guided synthesis (SyGuS) and decision tree learning (DTL). • We guarantee soundness by formulating and solving a Datalog query containment checking problem. • We demonstrate the effectiveness of our method for detecting side channels in cryptographic software. In the remainder of this paper, we begin by presenting the technical background in Section II and our motivating example in Section III. We then describe the learner in Section IV and the prover in Section V, followed by the experimental results in Section VI. Finally, we survey the related work in Section VII and conclude in Section VIII. II. PRELIMINARIES A. Power Side-ChannelsPrior works in side-channel security [19]- [21] show that variance in the power consumption of a computing device may leak secret information; for example, when a secret value is stored in a physical register, its number of logical-1 bits may affect the power consumption of the CPU. Such side-channel leaks are typically mitigated by masking, e.g., using d random bits (r 1 , . . . , r d ) to split a key bit into d + 1 secret shares: key 1 = r 1 , . . ., key d = r d , and key d+1 = r 1 ⊕r 2 . . .⊕r d ⊕key, where ⊕ denotes the logical operation exclusive or (XOR). Since all d + 1 shares are uniformly distributed in the {0, 1}, in theory, this order-d masking scheme is secure in that any combination of less than d shares cannot reveal the secret, but combining all d + 1 shares, key 1 ⊕ key 2 ⊕ ...key d+1 = key, recovers the secret.In practice, masking countermeasures must also be implemented properly to avoid de-randomizing any of the secret shares accidentally. ConsiderWhile syntactically dependent on the two randomized values t L and t R , t is in fact leaky because, semantically, it does not depend on the random input r 1 . In this work, we aim t...

show abstract

“…Definition 4. sub-bytes(): in AES, the sub-bytes() transformation is a non-linear operation where each byte of a state is operated independently. In addition, to accelerate the speed of AES, a 256-byte loop-up table named sbox [19] is used during the process of encryption and decryption. The sub-bytes() transformation can be represented as follows.…”

Section: Aes Specificationmentioning

confidence: 99%

“…In this case, the original state matrix is denoted as state, the state matrix after shifting rows is denoted as state ′ . Then, the shift-rows() operation can be expressed in equation (19).…”

Section: Aes Specificationmentioning

confidence: 99%

GPU Accelerated AES Algorithm

Wang,

Chu

2019

Preprint

View full text Add to dashboard Cite

It has been widely accepted that Graphics Processing Units (GPUs) is one of promising schemes for encryption acceleration, in particular, the support of complex mathematical calculations such as integer and logical operations makes the implementation easier; however, complexes such as parallel granularity, memory allocation still imposes a burden on real world implementations.In this paper, we propose a benchmarking approach for AES accelerations, including both encryption and decryption. Specifically, we adapt the Electronic Code Book (ECB) mode for cryptographic transformation, Tboxes scheme for fast lookups, and a granularity of 'one state per thread' for thread scheduling. Our benchmarking results offer researchers a good understanding on GPU architectures and software accelerations. In addition, both our source code and experimental results are freely available.

show abstract

Faster Evaluation of SBoxes via Common Shares

Cited by 16 publications

References 25 publications

Threshold Implementations in the Robust Probing Model

Threshold Implementations in the Robust Probing Model

Data-Driven Synthesis of Provably Sound Side Channel Analyses

GPU Accelerated AES Algorithm

Contact Info

Product

Resources

About