Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Formal Analysis of the Entropy / SecurityTrade-off in First-Order Masking Countermeasures
against Side-Channel Attacks
Maxime Nassar, Sylvain Guilley and Jean-Luc Danger
Bull TrustWay, Rue Jean Jaures, B.P. 68,78 340 Les Clayes-sous-Bois, France.
Institut TELECOM / TELECOM ParisTech,46 rue Barrault, 75 634 Paris Cedex, France.
Secure-IC S.A.S.,80 avenue des Buttes de Coesmes,
35700 Rennes, France.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 1
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 2
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Side-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 3
cryptographicsystem
containing asecret key
Energy
Timingreference
Side-channelmeasurement
Encryptionrequests
0110100010010010011
on-duty
Energy
Timingreference
Side-channelmeasurement
Encryptionrequests
Ground
Powersupply
Triggerprobe
Electromagneticprobe
USB socketI/Os:
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Side-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
Protection against side-channel attacks
Extrinsic countermeasures
Noise addition . . makes the attack difficult but not impossible
Internal powering . . . . . . . . . . . . . . . . . . . . . can be tampered with
Internal countermeasures
Make the power constant . . require design skills [DGBN09] 6
Masking the power . . . . . . . . . . . . . . . susceptible to HO-SCA 4
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 7
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Side-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
Security Evaluation of Countermeasures
Off-the-shelf platforms, e.g. the Smart-SIC Analyzer
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 8
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Side-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
Context
+ Security , =⇒ + Costs /
Trade-offs?
Maximal security within a given budgetMinimal spendings for a target security level (CC EALx?)
Formal analysis: sound and realistic metrics for both securityand cost.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 9
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Side-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
Context
− Costs / =⇒ − Security ,
Trade-offs?
Maximal security within a given budgetMinimal spendings for a target security level (CC EALx?)
Formal analysis: sound and realistic metrics for both securityand cost.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 9
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 10
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
Masking with two (or more) paths
Leftmask(MLi)
Rightmask(MRi)
ki
IP
m
S’m′
P
S(x⊕ kc)
⊕m′
E
Leftmaskeddata (Li)
FP
Rightmaskeddata (Ri)
Ciphertext
Message
IP
P S E
kc
xm
Feistel function f
This operation is costly in general [SRQ06], especially for theSylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 11
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
Masking with one path: Z → Z ⊕M (ex. AES)
Pool of masks
1280 bytes
M0−15
MMS0−15
MS0−15
IMMS0−15
IMS0−15
Base masks
MC(SR(Mi))⊕Mi
SR(Mi)
InvMC(InvSR(Mi))⊕Mi
InvSR(Mi)
Homomorphic computation.
This masking is the less costly in the litterature [NGDS12].
Requires leak-free ROMs (well suited for ASIC & FPGA).
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 12
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
Performances
Table: Implementation results for reference and protected AES
Unprotected RSM Overhead
Number of ALUTs (%) 2136 (8%) 2734 (10%) 28%
Number of M4K ROM Blocs (%) 20 (14%) 24 (17%) 20%
Frequency (MHz) 133 88 34%
Setting:
n = 8 bit,
16 masks only, and (Price metric)
provable security up to 2nd-order attacks (Security metric)
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 13
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
RSM mode of operation
SubBytes SubBytes SubBytes
4
Barrel shifter
. . .
Barrel shifter
M0
M1
m0
m1
m1
m2 m0
m15
SB′0
j ∈ {0− 15}
j ∈ {0− 15}
S ′15S ′
1S ′0
128
1284
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 14
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
RSM leakage
Masked sboxes Z 7→ Mout ⊕ S(Z ⊕Min).
L(Z ,M) = L (Z ⊕M) .
In this expression, Z and M are n-bit vectors, i.e. live in Fn2.
The leakage function L : Fn2 → R depends on the hardware.
In a conservative perspective, L is assumed to be bijective.In a realistic perspective, L is assumed to non-injective.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 15
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Rationale of the CountermeasureRSM Modelization
Metrics
1 Cost: Card[M] ∈ {1, · · · , 2n}.2 Security:
Leakage: mutual information.Attack: resistance against HO-CPA.
Modelization that bridges both notions:
P[M = m] =
{
1/Card[M] if m ∈ M, and0 otherwise.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 16
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 17
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
General Considerations
∀L , I[L (Z ⊕M);Z ] = 0 if H[M] = n bit (or equivalently, if
M ∼ U(Fn2)). So with all the masks, the countermeasure is
perfect.
If L is bijective (e.g. L = Id), then
I[L (Z ⊕M);Z ] = n − H[M] , irrespective of M.
If L is non-injective (e.g. L = HW), then
I[L (Z ⊕M);Z ] < n − H[M] , but depends on M.
Motivating examples: for L = HW on n = 8 bits,
I[L (Z ⊕M);Z ] = 1.42701 bit ifM = {0x00, 0x0f, 0xf0, 0xff}, butI[L (Z ⊕M);Z ] = 0.73733 bit ifM = {0x00, 0x01, 0xfe, 0xff}.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 18
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Example for M = {m,¬m}
0
1
2
3
4
0 5 10 15 20 25 30
Mutual
inform
ation(inbit)
Number of bits of words, aka n
I[HW[Z ];Z ]
+
+++++
++++
++++++++
++++++++++++
+I[HW[Z ⊕M];Z ]
×
××
××
××
××××××××××××
××××
××××
×××
×
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 19
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 20
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Optimal CPA
In [PRB09], it is explained that best possible dO-CPA has ρ(d)opt:
Var(
f(d)opt (Z )
)
Var(
(L(Z ,M)− EL(Z ,M))d) =
Var(
E(
(
HW[Z ⊕M]− n2
)d| Z))
Var(
(
HW[Z ⊕M]− n2
)d)
where
f(d)opt (z)
.= E
(
(L(Z ,M)− EL(Z ,M))d | Z = z)
=1
Card[M]
∑
m∈M
(
−1
2
n∑
i=1
(−1)(z⊕m)i
)d
,
noting that
E HW[Z ⊕M] =1
Card[M]
∑
m∈M
1
2n
∑
z∈Fn2
HW[z ⊕m] =n
2.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 21
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Example for the intuition (n = 4)
Card[M] = 24 Card[M] = 23 Card[M] = 22 Card[M] = 21
M
0000 0000 0000 0000000100100011 0011 00110100 0100010101100111 01111000 1000100110101011 10111100 1100 1100110111101111 1111 1111 1111
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 22
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Example evaluation
Card[M] H[M] ρ(1)opt ρ
(2)opt I[HW[Z ⊕M];Z ] I[Z ⊕M;Z ]
24 4 0 0 0 0
23 3 0 0.166667 0.15564 1
22 2 0 0.333333 1.15564 2
21 1 0 1 1.40564 3
20 0 1 1 2.03064 4
It seems that the most entropy, the least leakage in L = HWand in L = Id.
But this will be challenged by exhaustive searches...
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 23
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Resistance against 1O-CPA and 2O-CPA
ρ(1)opt =
1
n
n∑
i=1
(
1
Card[M]
∑
m∈M
(−1)mi
)2
,
ρ(2)opt =
1
n(n − 1)
1
Card[M]2
∑
(m,m′)∈M2
(
n∑
i=1
(−1)(m⊕m′)i
)2
− n
.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 24
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Expression in Boolean theory — With Indicator f of M
Boolean function f : Fn2 → F2, defined as:
∀m ∈ Fn2, f (m) = 1 ⇐⇒ m ∈ M.
The Fourier transform f : Fn2 → Z of the Boolean function
f : Fn2 → F2 is defined as
∀a ∈ Fn2, f (a)
.=∑
m∈Fn2f (m)(−1)a·m.
It allows for instance to writeCard[M] =
∑
m∈M 1 =∑
m∈Fn2f (m) = f (0). Recall
Card[M] ∈ J1, 2nK, hence f (0) > 0.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 25
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Expression of ρ(1,2)opt in Boolean theory
ρ(1)opt =
1
n
n∑
i=1
(
f (ei )
f (0)
)2
, (1)
ρ(2)opt =
1
n(n − 1)
∑
(i ,i ′)∈J1,nK2
i 6=i ′
(
f (ei ⊕ ei ′)
f (0)
)2
. (2)
The ei are the canonical basis vectors (0, · · · , 0, 1, 0, · · · , 0).Thus, RSM resists:
1 first-order attacks iff ∀a, HW[a] = 1 =⇒ f (a) = 0;
2 first- and second-order attacks iff ∀a,1 6 HW[a] 6 2 ⇒ f (a) = 0.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 26
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Example: n = 4
All the functions f : F42 → F2 that cancel ρ
(1,2)opt .
f HW[f ] H[M] ρ(1,2)opt I[HW[Z ⊕M];Z ] I[Z ⊕M;Z ] d
◦alg(f )
0x3cc3 8 3 0,0 0.219361 1 1
0x5aa5 8 3 0,0 0.219361 1 1
0x6699 8 3 0,0 0.219361 1 1
0x6969 8 3 0,0 0.219361 1 1
0x6996 8 3 0,0 1 1 1
0x9669 8 3 0,0 1 1 1
0x9696 8 3 0,0 0.219361 1 1
0x9966 8 3 0,0 0.219361 1 1
0xa55a 8 3 0,0 0.219361 1 1
0xc33c 8 3 0,0 0.219361 1 1
0xffff 16 4 0,0 0 0 0
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 27
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Functions f are classified by equivalence relationships
Let us call σ a permutation of J1, nK. Thus
ρ(1,2)opt (f ◦ σ) = ρ
(1,2)opt (f ).
The complementation
ρ(1,2)opt (¬f ) = ρ
(1,2)opt (f ).
Solutions are derived from: f (x1, x2, x3, x4) = x1⊕ x2⊕ x3,⊕
i xi , 1.Note: M does not decompose as M ∪ ¬M,
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 28
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Case n = 5
Nb. classes HW[f ] H[M] ρ(1)opt ρ
(2)opt I[HW[Z ⊕ M]; Z ] I[Z ⊕ M; Z ] d◦alg(f )
3 8 3 0 0 0.32319 2 2
4 12 3.58496 0 0 0.18595 1.41504 3
2 16 4 0 0 0.08973 1 1
2 16 4 0 0 0.08973 1 2
4 16 4 0 0 0.12864 1 2
2 16 4 0 0 0.16755 1 1
4 16 4 0 0 0.26855 1 2
6 16 4 0 0 0.32495 1 2
1 16 4 0 0 1 1 1
4 20 4.32193 0 0 0.07349 0.67807 3
3 24 4.58496 0 0 0.04300 0.41504 2
1 32 5 0 0 0 0 0
Here, we start to see the compromize, with good choices in bold.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 29
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
SAT solvers
f is a 2n Boolean variable set, noted {fx = f (x), x ∈ Fn2}.
For every value Price (defined as Card[M]), we have:
∀a, 1 6 HW[a] 6 2,∑
x
f (x)(−1)a·x = 0 ⇐⇒
∀a, 1 6 HW[a] 6 2,∑
x
fx ∧ (a · x) =
∑
x fx
2=
Card[M]
2.
More precisely, any condition “6 k(f1, · · · , fn)”, for0 6 k 6 n, can be expressed in terms of CNF clauses [Sin05].We note that:
HW[f ] 6 k ⇔ n−HW[¬f ] 6 k ⇔ HW[¬f ] > n−k .
Example: 256 literals, but 1,105,664 auxiliary variables and2,219,646 clauses, irrespective of Card[M] ∈ N
∗.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 30
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Summary for n = 8
Card[M] = 12. One MIA found, 0.387582 bit
Card[M] = 16. Many MIA, in [0.181675, 1.074950] bit.
There are solutions only forCard[M] ∈ {4× κ, κ ∈ J3, 61K ∪ {64}}.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 31
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Optimal HO-CPAExpression of ρ
(1,2)opt
Example of solutions
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
3.5 4 4.5 5 5.5 6 6.5 7Mutual
inform
ationI[HW[Z
⊕M];Z](inbit)
Entropy H[M] of the mask M (in bit)
+
+ + +
+ +
+ +++
+
+++++++++++++++++++++
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 32
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
1 IntroductionSide-Channel Analysis (SCA)CountermeasuresGoal of the Presentation
2 RSM: Rotating Sboxes MaskingRationale of the CountermeasureRSM Modelization
3 Information Theoretic Evaluation of RSM
4 Security Evaluation of RSM against CPA and 2O-CPAOptimal HO-CPA
Expression of ρ(1,2)opt
5 Conclusions and Perspectives
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 33
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Conclusions
It is possible to achieve high-order security even with depletedentropy
Case treated in the presentation: Resist 1O-CPA and2O-CPA, with fewer masks as possible.
We discovered that Card[M] was not the only variable⇒ solutions actually depend on M.
An encoding in terms of indicator function f of M shows thatwe are looking for 2nd order correlation-immune Booleanfunctions of lowest weight.
Secure even if M is public.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 34
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Perspectives
Find other functions for n > 8.
Algebraic constructions:
Maiorana-McFarland, orcodes of dual-distance d ...
Dynamic reconfiguration to update M on a regular basis?
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 35
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
References[DGBN09] Jean-Luc Danger, Sylvain Guilley, Shivam Bhasin, and Maxime Nassar.
Overview of Dual Rail with Precharge Logic Styles to Thwart Implementation-Level Attacks onHardware Cryptoprocessors, — New Attacks and Improved Counter-Measures —.In SCS, IEEE, pages 1–8, November 6–8 2009.Jerba, Tunisia. DOI: 10.1109/ICSCS.2009.5412599.
[NGDS12] Maxime Nassar, Sylvain Guilley, Jean-Luc Danger, and Youssef Souissi.RSM: a Small and Fast Countermeasure for AES, Secure against First- and Second-order Zero-OffsetSCAs.In DATE, March 12-16 2012.Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”).
[PRB09] Emmanuel Prouff, Matthieu Rivain, and Regis Bevan.Statistical Analysis of Second Order Differential Power Analysis.IEEE Trans. Computers, 58(6):799–811, 2009.
[Sin05] Carsten Sinz.Towards an Optimal CNF Encoding of Boolean Cardinality Constraints.In Peter van Beek, editor, CP, volume 3709 of Lecture Notes in Computer Science, pages 827–831.Springer, 2005.
[SRQ06] Francois-Xavier Standaert, Gael Rouvroy, and Jean-Jacques Quisquater.FPGA Implementations of the DES and Triple-DES Masked Against Power Analysis Attacks.In FPL. IEEE, August 2006.Madrid, Spain.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 36
IntroductionRSM: Rotating Sboxes Masking
Information Theoretic Evaluation of RSMSecurity Evaluation of RSM against CPA and 2O-CPA
Conclusions and Perspectives
Formal Analysis of the Entropy / SecurityTrade-off in First-Order Masking Countermeasures
against Side-Channel Attacks
Maxime Nassar, Sylvain Guilley and Jean-Luc Danger
Bull TrustWay, Rue Jean Jaures, B.P. 68,78 340 Les Clayes-sous-Bois, France.
Institut TELECOM / TELECOM ParisTech,46 rue Barrault, 75 634 Paris Cedex, France.
Secure-IC S.A.S.,80 avenue des Buttes de Coesmes,
35700 Rennes, France.
Sylvain Guilley, < [email protected]> Entropy / Security Trade-off | INDOCRYPT’2011 | 37