Unifying Leakage Models: From Probing Attacks to Noisy Leakage.

Duc, Alexandre; Dziembowski, Stefan; Faust, Sebastian

doi:10.1007/978-3-642-55220-5_24

Cited by 143 publications

(38 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The state of the abort signal (true or false) is returned as well. Following the notation by Duc et al [13], for t " 0, ..., , a pd, kq-threshold-probe-and-faulting adversary on F 2 m is a machine A that plays the following game against an oracle O: Security consists of both a privacy and a correctness aspect. The number of probe and faults an adversary needs to place to break the scheme determines the order of security.…”

Section: The Circuit Modelmentioning

confidence: 99%

“…The described probing adversary is capable of reading the exact values on a number of circuit wires, where the minimal number of observed wires needed to uncover a sensitive variable is defined as the order of probing security. Probing security can be reduced to the noisy leakage model as shown by Duc et al [13] where the assumptions lie in the presence of sufficient noise and independent wire leakage. The probing model is extended by Barthe et al [1] to capture composable security called the non-interference model in which several secure countermeasures have been made, e.g., [3-5, 8, 10, 14, 16, 23].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Let’s Tessellate: Tiling for Security Against Advanced Probe and Fault Adversaries

Dhooghe

Nikova

2021

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

The wire probe-and-fault models are currently the most used models to provide arguments for side-channel and fault security. However, several practical attacks are not yet covered by these models. This work extends the wire fault model to include more advanced faults such as area faults and permanent faults. Moreover, we show the tile probeand-fault adversary model from CRYPTO 2018's CAPA envelops the extended wire fault model along with known extensions to the probing model such as glitches, transitions, and couplings. In other words, tiled (tessellated ) designs offer security guarantees even against advanced probe and fault adversaries. As tiled models use multi-party computation techniques, countermeasures are typically expensive for software/hardware. This work investigates a tiled countermeasure based on the ISW methodology which is shown to perform significantly better than CAPA for practical parameters.

show abstract

Section: The Circuit Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Let’s Tessellate: Tiling for Security Against Advanced Probe and Fault Adversaries

Dhooghe

Nikova

2021

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

show abstract

“…When considering the effect of glitches, with each probe the adversary can read all the input values which flow to that wire until a register is reached. The interested reader is encouraged to learn more about this model in [10], a comparison of the probing model with other leakage models is given in [13], and the proof of the reduction of the noisy leakage model to the probing model is found in [9]. In threshold circuits, the glitch-robust adversary transforms into an adversary reading the circuit's component functions due to the component functions being walled-off by registers.…”

Section: First-order Probing Securitymentioning

confidence: 99%

Threshold Implementations in the Robust Probing Model

Dhooghe

Nikova

Rijmen

2019

Proceedings of ACM Workshop on Theory of Implementation Security Workshop

View full text Add to dashboard Cite

Threshold Implementations (TI) are provably secure algorithmic countermeasures against side-channel attacks in the form of differential power analysis. The strength of TI lies in its minimal algorithmic requirements. These requirements have been studied over more than 10 years and many efficient implementations for symmetric primitives have been proposed. Thus, over the years the practice of protecting implementations matured, however, the theory behind threshold implementations remained the same. In this work, we revise this theory by looking at the properties of correctness, non-completeness, and uniformity as a composable security model. We prove that this model provides first-order and higherorder univariate security in the glitch-robust probing model which lets us expand the theoretic framework of TI. We first provide a link between uniformity and the notion of non-interference, a known composable security notion building out the probing model. We then relax the notion of non-completeness which helps the design of secure expansion and compression functions. Lastly, we provide generalisations of the threshold notions to allow for general secret sharing schemes and provide examples of how different sharing schemes affect the security and efficiency of the countermeasure.

show abstract

“…Then, the attacker's view of the circuit elements may be noisy (the noisy leakage model [CJRR99]), or the attacker may be limited by the number of wires of the circuit that it can observe within a certain period of time (the probing model [ISW03]). The noisy leakage model and probing model have been unified [DDF14]. In both models, under some reasonable assumptions on the statistical distributions of sidechannel information, the complexity of a side-channel attack of a suitable implementation with an n-out-of-n secret-sharing increases exponentially with the number of shares.…”

Section: Side-channel and Fault Attacksmentioning

confidence: 99%

Threshold schemes for cryptographic primitives:

Brandão¹,

Mouha²,

Vassilev³

2019

View full text Add to dashboard Cite

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractThe Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.This document overviews the possibility of implementing cryptographic primitives using threshold schemes, where multiple components contribute to the operation in a way that attains the desired security goals even if f out of n of its components are compromised. There is also an identified potential in providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations. Security goals of interest include the secrecy of cryptographic keys, as well as enhanced integrity and availability, among others. This document considers challenges and opportunities related to standardization of threshold schemes for cryptographic primitives. It includes examples illustrating security tradeoffs under variations of system model and adversaries. It enumerates several high-level characterizing features of threshold schemes, including the types of threshold, the communication interfaces (with the environment and between components), the executing platform (e.g., single device vs. multiple devices) and the setup and maintenance requirements.The document poses a number of questions, motivating aspects to take into account when considering standardization. A particular challenge is the development of criteria that may help guide a selection of threshold cryptographic schemes. An open question is deciding at what level each standard should be defined (e.g., specific base techniques vs. conceptualized functionalities) and which flexibility of parametrization they should allow. Suitability to testing and validation of implementations are also major concerns to be addressed. Overall, the document intends to support discussion about standardization, including motivating an engagement from stakeholders. This is a step towards enabling threshold cryptography within the US federal government and beyond.

show abstract

Unifying Leakage Models: From Probing Attacks to Noisy Leakage.

Cited by 143 publications

References 32 publications

Let’s Tessellate: Tiling for Security Against Advanced Probe and Fault Adversaries

Let’s Tessellate: Tiling for Security Against Advanced Probe and Fault Adversaries

Threshold Implementations in the Robust Probing Model

Threshold schemes for cryptographic primitives:

Contact Info

Product

Resources

About