Your search keyword '"Standaert, François-Xavier"' showing total 49 results

1. Authenticated Encryption with Nonce Misuse and Physical Leakage: Definitions, Separation Results and First Construction - (Extended Abstract)

Author

Guo, Chun, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, Progress in Cryptology - {LATINCRYPT} 2019, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Block cipher mode of operation, Scheme (programming language), Authenticated encryption, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Adversary, Computer security, computer.software_genre, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, NIST, 020201 artificial intelligence & image processing, Leakage (economics), computer, Cryptographic nonce, computer.programming_language

Abstract

We propose definitions of authenticated encryption (AE) schemes that offer security guarantees even in the presence of nonce misuse and side-channel information leakage. This is part of an important ongoing effort to make AE more robust, while preserving appealing efficiency properties. Our definitions consider an adversary enhanced with the leakage of all the computations of an AE scheme, together with the possibility to misuse nonces, be it during all queries (in the spirit of misuse-resistance), or only during training queries (in the spirit of misuse-resilience recently introduced by Ashur et al.). These new definitions offer various insights on the effect of leakage in the security landscape. In particular, we show that, in contrast with the black-box setting, leaking variants of INT-CTXT and IND-CPA security do not imply a leaking variant IND-CCA security, and that leaking variants of INT-PTXT and IND-CCA do not imply a leaking variant of INT-CTXT. They also bring a useful scale to reason about and analyze the implementation properties of emerging modes of operation with different levels of leakage-resistance, such as proposed in the ongoing NIST lightweight cryptography competition. We finally propose the first instance of mode of operation that satisfies our most demanding definitions.

Published

2019

2. Reducing the Cost of Authenticity with Leakages: a $$\mathsf {CIML2}$$ -Secure $$\mathsf {AE}$$ Scheme with One Call to a Strongly Protected Tweakable Block Cipher

Author

Berti, Francesco, Pereira, Olivier, Standaert, François-Xavier, 11th International Conference on Cryptology in Africa - Progress in Cryptology (AFRICACRYPT 2019), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Scheme (programming language), Authenticated encryption, 050101 languages & linguistics, Computer science, Data_MISCELLANEOUS, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, 7. Clean energy, Mode (computer interface), Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, computer.programming_language, Block cipher, Leveled implementation, business.industry, 05 social sciences, Leakage resilience, Leakage-resilience, Ciphertext integrity with misuse and leakage (CIML2), 020201 artificial intelligence & image processing, business, computer, Cryptographic nonce, Computer network

Abstract

This paper presents CONCRETE (Commit − Encrypt − Send − the − Key) a new Authenticated Encryption mode that offers CIML2 security, that is, ciphertext integrity in the presence of nonce misuse and side-channel leakages in both encryption and decryption. CONCRETE improves on a recent line of works aiming at leveled implementations, which mix a strongly protected and energy demanding implementation of a single component, and other weakly protected and much cheaper components. Here, these components all implement a tweakable block cipher TBC. CONCRETE requires the use of the strongly protected TBC only once while supporting the leakage of the full state of the weakly protected components – it achieves CIML2 security in the so-called unbounded leakage model. All previous works need to use the strongly protected implementation at least twice. As a result, for short messages whose encryption and decryption energy costs are dominated by the strongly protected component, we halve the cost of a leakage-resilient implementation. CONCRETE additionally provides security when unverified plaintexts are released, and confidentiality in the presence of simulatable leakages in encryption and decryption.

Published

2019

3. How (Not) to Use Welch’s T-Test in Side-Channel Security Evaluations

Author

Standaert, François-Xavier, 17th International Conference on Smart Card Research and Advanced Applications (CARDIS 2018), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Computer science, Cryptographic implementations, Univariate, 02 engineering and technology, Computer security, computer.software_genre, Welch's t-test, Masking (Electronic Health Record), 020202 computer hardware & architecture, Test vector, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Side channel attack, Security level, computer, Implementation, Side-channel analysis

Abstract

The Test Vector Leakage Assessment (TVLA) methodology is a qualitative tool relying on Welch’s T-test to assess the security of cryptographic implementations against side-channel attacks. Despite known limitations (e.g., risks of false negatives and positives), it is sometimes considered as a pass-fail test to determine whether such implementations are “safe” or not (without clear definition of what is “safe”). In this note, we clarify the limited quantitative meaning of this test when used as a standalone tool. For this purpose, we first show that the straightforward application of this approach to assess the security of a masked implementation is not sufficient. More precisely, we show that even in a simple (more precisely, univariate) case study that seems best suited for the TVLA methodology, detection (or lack thereof) with Welch’s T-test can be totally disconnected from the actual security level of an implementation. For this purpose, we put forward the case of a realistic masking scheme that looks very safe from the TVLA point-of-view and is nevertheless easy to break. We then discuss this result in more general terms and argue that this limitation is shared by all “moment-based” security evaluations. We conclude the note positively, by describing how to use moment-based analyses as a useful ingredient of side-channel security evaluations, to determine a “security order”.

Published

2019

4. SpookChain: Chaining a Sponge-Based AEAD with Beyond-Birthday Security

Author

Cassiers, Gaëtan, Guo, Chun, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, {SPACE} 2019, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Authenticated encryption, Discrete mathematics, 050101 languages & linguistics, Computer science, business.industry, 05 social sciences, Plaintext, Context (language use), 02 engineering and technology, Encryption, Chaining, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Element (category theory), business, Key size, Cryptographic nonce

Abstract

We present \(\mathsf {SpookChain}\), a new online authenticated encryption (OAE) mode that offers several appealing features: \(\mathsf {SpookChain}\) is fully online: it supports the processing of long messages by segments of arbitrary size, and the processing of each segment is online itself, with memory requirements in encryption and decryption being independent of the segment size. \(\mathsf {SpookChain}\) is, to the best of our knowledge, the first concrete mode that is proven to offer \(\mathsf {dOAE}\) security, a requirement for OAE that, at least guarantees security for new segments as soon as one of the previously processed segments contains a fresh element (nonce, plaintext or associated data). \(\mathsf {SpookChain}\) offers beyond birthday multi-user security (w.r.t. the secret key length), a requirement that we define for the first time in the context of OAE, and which is increasingly appealing in a world where communications are encrypted by default. \(\mathsf {SpookChain}\) is also expected to be remarkably lightweight to implement when protection against side-channel attacks is required.

Published

2019

5. Towards an Open Approach to Side-Channel Resistant Authenticated Encryption

Author

Standaert, François-Xavier, Workshop on Attacks and Solutions in Hardware Security Workshop (ASHES@CCS 2019), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Authenticated encryption, Hardware security module, Exploit, Computer science, Encryption, Side channel attack, Design strategy, Computer security, computer.software_genre, Secret sharing, computer, Physical security, Block cipher

Abstract

In this talk, I will discuss how recent advances in side-channel analysis and leakage-resilience could lead to both stronger security properties and improved confidence in cryptographic implementations. For this purpose, I will start by describing how side-channel attacks exploit physical leakages such as an implementation's power consumption or electromagnetic radiation. I will then discuss the definitional challenges that these attacks raise, and argue why heuristic hardware-level countermeasures are unlikely to solve the problem convincingly. Based on these premises, and focusing on the symmetric setting, securing cryptographic implementations can be viewed as a tradeoff between the design of modes of operation, underlying primitives and countermeasures. Regarding modes of operation, I will describe a general design strategy for leakage-resilient authenticated encryption, propose models and assumptions on which security proofs can be based, and show how this design strategy encourages so-called leveled implementations, where only a part of the computation needs strong (hence expensive) protections against side-channel attacks. Regarding underlying primitives and countermeasures, I will first emphasize the formal and practically-relevant guarantees that can be obtained thanks to masking (i.e., secret sharing at the circuit level), and how considering the implementation of such countermeasures as an algorithmic design goal (e.g., for block ciphers) can lead to improved performances. I will then describe how limiting the leakage of the less protected parts in a leveled implementations can be combined with excellent performances, for instance with respect to the energy cost. I will conclude by putting forward the importance of sound evaluation practices in order to empirically validate (by lack of falsification) the assumptions needed both for leakage-resilient modes of operation and countermeasures like masking, and motivate the need of an open approach for this purpose. That is, by allowing adversaries and evaluators to know implementation details, we can expect to enable a better understanding of the fundamentals of physical security, therefore leading to improved security and efficiency in the long term.

Published

2019

6. Connecting and Improving Direct Sum Masking and Inner Product Masking

Author

Poussier, Romain, Guo, Qian, Standaert, François-Xavier, Carlet, Claude, Guilley, Sylvain, 16th International Conference on Smart Card Research and Advanced Applications (CARDIS 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Security properties, Masking (art), Direct sum, Computer science, Cryptographic implementations, 02 engineering and technology, 020202 computer hardware & architecture, Simple (abstract algebra), Product (mathematics), Direct sum masking, Inner product masking, Hardware_INTEGRATEDCIRCUITS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Relevance (information retrieval), Algorithm

Abstract

Direct Sum Masking (DSM) and Inner Product (IP) masking are two types of countermeasures that have been introduced as alternatives to simpler (e.g., additive) masking schemes to protect cryptographic implementations against side-channel analysis. In this paper, we first show that IP masking can be written as a particular case of DSM. We then analyze the improved security properties that these (more complex) encodings can provide over Boolean masking. For this purpose, we introduce a slight variation of the probing model, which allows us to provide a simple explanation to the \security order ampli cation" for such masking schemes that was put forward at CARDIS 2016. We then use our model to search for new instances of masking schemes that optimize this security order ampli cation. We nally discuss the relevance of this security order ampli cation (and its underlying assumption of linear leakages) based on an experimental case study.

Published

2018

7. Ciphertext Integrity with Misuse and Leakage: Definition and Efficient Constructions with Symmetric Primitives

Author

Berti, Francesco, Koeune, François, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, 2018 Asia Conference on Computer and Communications Security (AsiaCCS 2018), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Authenticated encryption, Computer science, business.industry, 0102 computer and information sciences, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 01 natural sciences, Random oracle, 010201 computation theory & mathematics, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Leakage-resilient cryptography, Misuse resistance, Randomness, Leakage (electronics)

Abstract

Leakage resilience (LR) and misuse resistance (MR) are two important properties for the deployment of authenticated encryption (AE) schemes. They aim at mitigating the impact of implementation flaws due to side-channel leakages and misused randomness. In this paper, we discuss the interactions and incompatibilities between these two properties. We start from the usual definition of MR for AE schemes from Rogaway and Shrimpton, and argue that it may be overly demanding in the presence of leakages. As a result, we turn back to the basic security requirements for AE: ciphertext integrity (INT-CTXT) and CPA security, and propose to focus on a new notion of CIML security, which is an extension of INT-CTXT in the presence of misuse and leakages. We discuss the extent to which CIML security is offered by previous proposals of MR AE schemes, conclude by the negative, and propose two new efficient CIML-secure AE schemes: the DTE scheme offers security in the standard model, while the DCE scheme offers security in the random oracle model, but comes with some efficiency benefits. On our way, we observe that these constructions are not trivial, and show for instance that the composition of a LR MAC and a LR encryption scheme, while providing a (traditional) MR AE scheme, can surprisingly lose the MR property in the presence of leakages and does not achieve CIML security. Eventually, we show the LR CPA security of DTE and DCE.

Published

2018

8. Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model

Author

Barthe, Gilles, Dupressoir, François, Faust, Sebastian, Grégoire, Benjamin, Standaert, François-Xavier, Strub, Pierre-Yves, 36th Annual International Conference on the Theory and Applications of cryptographic Techniques (EUROCRYPT 2017), Institute IMDEA Software [Madrid], University of Surrey (UNIS), Ruhr-Universität Bochum [Bochum], Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), UCL Crypto Group, Université Catholique de Louvain = Catholic University of Louvain (UCL), École polytechnique (X), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Masking (art), Multiplication algorithm, Theoretical computer science, Computer science, 0102 computer and information sciences, 02 engineering and technology, Computer security model, Formal methods, 01 natural sciences, Moment (mathematics), 010201 computation theory & mathematics, Simple (abstract algebra), Bounded function, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], Leakage model, Implementation, Computer Science::Cryptography and Security

Abstract

International audience; In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes. For this purpose, we first argue that (i) the probing model is not straightforward to interpret, since it more naturally captures the intuitions of serial implementations, and (ii) the noisy leakage model is not always convenient, e.g. when combined with formal methods for the verification of cryptographic implementations. Therefore we introduce a new model, the bounded moment model, that formalizes a weaker notion of security order frequently used in the side-channel literature. Interestingly , we prove that probing security for a serial implementation implies bounded moment security for its parallel counterpart. This result therefore enables an accurate understanding of the links between formal security analyses of masking schemes and experimental security evaluations based on the estimation of statistical moments Besides its consolidating nature, our work also brings useful technical contributions. First, we describe and analyze refreshing and multiplication algorithms that are well suited for parallel implementations and improve security against multivariate side-channel attacks. Second, we show that simple refreshing algorithms (with linear complexity) that are not secure in the continuous probing model are secure in the continuous bounded moment model. Eventually, we discuss the independent leakage assumption required for masking to deliver its security promises, and its specificities related to the serial or parallel nature of an implementation.

Published

2017

9. Side-Channel Attacks Against the Human Brain: the PIN Code Case Study

Author

Lange, Joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

0301 basic medicine, High probability, The PIN code case, Computer science, Side-channel attacks, Computer security, computer.software_genre, 03 medical and health sciences, Adversarial system, 030104 developmental biology, 0302 clinical medicine, Entropy (information theory), Side channel attack, computer, 030217 neurology & neurosurgery, Brain–computer interface

Abstract

We revisit the side-channel attacks with Brain-Computer Interfaces (BCIs) first put forward by Martinovic et al. at the USENIX 2012 Security Symposium. For this purpose, we propose a comprehensive investigation of concrete adversaries trying to extract a PIN code from electroencephalogram signals. Overall, our results confirm the possibility of partial PIN recovery with high probability of success in a more quantified manner (i.e., entropy reductions), and put forward the challenges of full PIN recovery. They also highlight that the attack complexities can significantly vary in function of the adversarial capabilities (e.g., supervised/profiled vs. unsupervised/non-profiled), hence leading to an interesting tradeoff between their efficiency and practical relevance. We then show that similar attack techniques can be used to threat the privacy of BCI users. We finally use our experiments to discuss the impact of such attacks for the security and privacy of BCI applications at large, and the important emerging societal challenges they raise.

Published

2017

10. Inner Product Masking for Bitslice Ciphers and Security Order Amplification for Linear Leakages

Author

Wang, Weijia, Standaert, François-Xavier, Yu, Yu, Pu, Sihang, Liu, Junrong, Guo, Zheng, Gu, Dawu, 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Masking (art), 021110 strategic, defence & security studies, Computer science, Algebraic structure, Security order amplification, Galois theory, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Linear leakages, Bitslice ciphers, Bit (horse), Simple (abstract algebra), Product (mathematics), Information leakage, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Arithmetic, computer, Block cipher

Abstract

Designers of masking schemes are usually torn between the contradicting goals of maximizing the security gains while minimizing the performance overheads. Boolean masking is one extreme example of this tradeo: its algebraic structure is as simple as can be (and so are its implementations), but it typically suers more from implementation weaknesses. For example knowing one bit of each share is enough to know one bit of secret in this case. Inner product masking lies at the other side of this tradeo: its algebraic structure is more involved, making it more expensive to implement (especially at higher orders), but it ensures stronger security guarantees. For example, knowing one bit of each share is not enough to know one bit of secret in this case. In this paper, we try to combine the best of these two worlds, and propose a new masking scheme mixing a single Boolean matrix product (to improve the algebraic complexity of the scheme) with standard additive Boolean masking (to allow ecient higher-order implementations). We show that such a masking is well suited for application to bitslice ciphers. We also conduct a comprehensive security analysis of the proposed scheme. For this purpose, we give a security proof in the probing model, and carry out an information leakage evaluation of an idealized implementation. For certain leakage functions, the latter exhibits surprising observations, namely information leakages in higher statistical moments than guaranteed by the proof in the probing model, which we can connect to the recent literature on low entropy masking schemes. We conclude the paper with a performance evaluation, which conrms that both for security and performance reasons, our new masking scheme (which can be viewed as a variation of inner product masking) compares favorably to state-of-the-art masking schemes for bitslice ciphers.

Published

2017

11. Towards Sound and Optimal Leakage Detection Procedure

Author

Ding, A. Adam, Zhang, Liwei, Durvaux, François, Standaert, François-Xavier, Fei, Yunsi, 16th International Conference on Smart Card Research and Advanced Applications (CARDIS 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Hardware_MEMORYSTRUCTURES, business.industry, Computer science, Side-channel analysis, Leakage detection, Higher criticism, Cryptography, 02 engineering and technology, 01 natural sciences, 010104 statistics & probability, Test vector, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0101 mathematics, business, Algorithm, Leakage (electronics), Statistical hypothesis testing

Abstract

Evaluation of side-channel leakage for cryptographic systems requires sound leakage detection procedures. The commonly used standard approach is the test vector leakage assessment (TVLA) procedure. We first relate TVLA to the statistical minimum p-value (mini-p) procedure, and propose a sound method of deciding leakage existence in the statistical hypothesis setting. An advanced statistical procedure, Higher Criticism (HC), is adopted to improve leakage detection when there are multiple leakage points. The HC-based procedure is optimal in side-channel leakage detection, because for a given number of traces with a given length, it detects the existence of leakage at the signal level as low as possibly detectable by any statistical procedure. Numerical studies show that our HC-based procedure perform as well as the mini-p based procedure when leakage signals are very sparse, and can improve the leakage detection significantly when there are multiple leakages.

Published

2017

12. A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks

Author

Poussier, Romain, Zhou, Yuanyuan, Standaert, François-Xavier, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Side-channel attacks, side-channel analysis, Computer engineering, Computer science, Scalar (mathematics), 0202 electrical engineering, electronic engineering, information engineering, Elliptic Curve Digital Signature Algorithm, 020201 artificial intelligence & image processing, 02 engineering and technology, Side channel attack, Scalar multiplication, Implementation, 020202 computer hardware & architecture

Abstract

The wide number and variety of side-channel attacks against scalar multiplication algorithms makes their security evaluations complex, in particular in case of time constraints making exhaustive analyses impossible. In this paper, we present a systematic way to evaluate the security of such implementations against horizontal attacks. As horizontal attacks allow extracting most of the information in the leakage traces of scalar multiplications, they are suitable to avoid risks of overestimated security levels. For this purpose, we additionally propose to use linear regression in order to accurately characterize the leakage function and therefore approach worst-case security evaluations. We then show how to apply our tools in the contexts of ECDSA and ECDH implementations, and validate them against two targets: a Cortex-M4 and a Cortex-A8 micro-controllers.

Published

2017

13. Getting the Most Out of Leakage Detection

Author

Merino Del Pozo, Santos, Standaert, François-Xavier, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Speedup, Computer engineering, 010201 computation theory & mathematics, Computer science, Leakage detection, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0102 computer and information sciences, 02 engineering and technology, Leak detection, 01 natural sciences, Block cipher, Leakage (electronics)

Abstract

In this work, we provide a concrete investigation of the gains that can be obtained by combining good measurement setups and efficient leakage detection tests to speed up evaluation times. For this purpose, we first analyze the quality of various measurement setups. Then, we highlight the positive impact of a recent proposal for efficient leakage detection, based on the analysis of a (few) pair(s) of plaintexts. Finally, we show that the combination of our best setups and detection tools allows detecting leakages for a noisy threshold implementation of the block cipher PRESENT after an intensive measurement phase, while either worse setups or less efficient detection tests would not succeed in detecting these leakages. Overall, our results show that a combination of good setups and fast leakage detection can turn security evaluation times from days to hours (for first-order secure implementations) and even from weeks to days (for higher-order secure implementations).

Published

2017

14. Private Circuits III

Author

Dziembowski, Stefan, Faust, Sebastian, Standaert, François-Xavier, 23rd ACM Conference on Computer and Communications Security, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

021110 strategic, defence & security studies, medicine.medical_specialty, Cryptographic primitive, Computer science, Distributed computing, 0211 other engineering and technologies, Computer security compromised by hardware failure, 02 engineering and technology, Adversary, computer.software_genre, 020202 computer hardware & architecture, Countermeasure, Trojan, Hardware Trojan, Threat model, 0202 electrical engineering, electronic engineering, information engineering, medicine, Concrete security, Compiler, State (computer science), computer

Abstract

Security against hardware trojans is currently becoming an essential ingredient to ensure trust in information systems. A variety of solutions have been introduced to reach this goal, ranging from reactive (i.e., detection-based) to preventive (i.e., trying to make the insertion of a trojan more difficult for the adversary). In this paper, we show how testing (which is a typical detection tool) can be used to state concrete security guarantees for preventive approaches to trojan-resilience. For this purpose, we build on and formalize two important previous works which introduced ``input scrambling" and ``split manufacturing" as countermeasures to hardware trojans. Using these ingredients, we present a generic compiler that can transform any circuit into a trojan-resilient one, for which we can state quantitative security guarantees on the number of correct executions of the circuit thanks to a new tool denoted as ``testing amplification". Compared to previous works, our threat model covers an extended range of hardware trojans while we stick with the goal of minimizing the number of honest elements in our transformed circuits. Since transformed circuits essentially correspond to redundant multiparty computations of the target functionality, they also allow reasonably efficient implementations, which can be further optimized if specialized to certain cryptographic primitives and security goals.

Published

2016

15. Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts

Author

Pierrick, Méaux, Journault, Anthony, Standaert, François-Xavier, Carlet, Claude, Advances in Cryptology - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2016), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Université Paris sciences et lettres (PSL), Laboratoire d'informatique de l'école normale supérieure (LIENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université Catholique de Louvain = Catholic University of Louvain (UCL), Université Paris 8 Vincennes-Saint-Denis - Département de Mathématiques, Université Paris 8 Vincennes-Saint-Denis (UP8), Laboratoire Analyse, Géométrie et Applications (LAGA), Université Paris 8 Vincennes-Saint-Denis (UP8)-Université Paris 13 (UP13)-Institut Galilée-Centre National de la Recherche Scientifique (CNRS), Marc Fischlin, Jean-Sébastien Coron, Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Université Paris 8 Vincennes-Saint-Denis (UP8)-Centre National de la Recherche Scientifique (CNRS)-Institut Galilée-Université Paris 13 (UP13), UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique, Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)

Subjects

Differential cryptanalysis, Theoretical computer science, Ciphers, Computer science, T-function, Stream cipher attack, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Stream ciphers, 01 natural sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 010201 computation theory & mathematics, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Fully Homomorphic Encryption (FHE), Correlation attack, Stream cipher, Block size, Key schedule, Computer Science::Cryptography and Security

Abstract

International audience; Symmetric ciphers purposed for Fully Homomorphic Encryption FHE have recently been proposed for two main reasons. First, minimizing the implementation time and memory overheads that are inherent to current FHE schemes. Second, improving the homomorphic capacity, i.e. the amount of operations that one can perform on homomorphic ciphertexts before bootstrapping, which amounts to limit their level of noise. Existing solutions for this purpose suggest a gap between block ciphers and stream ciphers. The first ones typically allow a constant but small homomorphic capacity, due to the iteration of rounds eventually leading to complex Boolean functions hence large noise. The second ones typically allow a larger homomorphic capacity for the first ciphertext blocks, that decreases with the number of ciphertext blocks due to the increasing Boolean complexity of the stream ciphers' output. In this paper, we aim to combine the best of these two worlds, and propose a new stream cipher construction that allows constant and smaller noise. Its main idea is to apply a Boolean filter function to a public bit permutation of a constant key register, so that the Boolean complexity of the stream cipher outputs is constant. We also propose an instantiation of the filter function designed to exploit recent 3rd-generation FHE schemes, where the error growth is quasi-additive when adequately multiplying ciphertexts with the same amount of noise. In order to stimulate further investigation, we then specify a few instances of this stream cipher, for which we provide a preliminary security analysis. We finally highlight the good properties of our stream cipher regarding the other goal of minimizing the time and memory complexity of calculus delegation for 2nd-generation FHE﾿schemes. We conclude the paper with open problems related to the large design space opened by these new constructions.

Published

2016

16. Unknown-Input Attacks in the Parallel Setting: Improving the Security of the CHES 2012 Leakage-Resilient PRF

Author

Medwed, Marcel, Standaert, François-Xavier, Feldhofer, Martin, Nikov, Ventzislav, 22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Security properties, Exploit, Computer science, Key recovery, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Power model, Computer engineering, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Template attack, computer, Implementation, Block cipher, Leakage (electronics)

Abstract

In this work we present a leakage-resilient PRF which makes use of parallel block cipher implementations with unknown-inputs. To the best of our knowledge this is the first work to study and exploit unknown-inputs as a form of key-dependent algorithmic noise. It turns out that such noise renders the problem of side-channel key recovery intractable under very little and easily satisfiable assumptions. That is, the construction stays secure even in a noise-free setting and independent of the number of traces and the used power model. The contributions of this paper are as follows. First, we present a PRF construction which offers attractive security properties, even when instantiated with the AES. Second, we study the effect of unknown-input attacks in parallel implementations. We put forward their intractability and explain it by studying the inevitable model errors obtained when building templates in such a scenario. Third, we compare the security of our construction to the CHES 2012 one and show that it is superior in many ways. That is, a standard block cipher can be used, the security holds for all intermediate variables and it can even partially tolerate local EM attacks and some typical implementation mistakes or hardware insufficiencies. Finally, we discuss the performance of a standard-cell implementation.

Published

2016

17. Towards Sound Fresh Re-Keying with Hard (Physical) Learning Problems

Author

Dziembowski, Stefan, Faust, Sebastian, Herold, Gottfried, Journault, Anthony, Masny, Daniel, Standaert, François-Xavier, Advances in Cryptology - 36th International Cryptology Conference (CRYPTO 2016), and UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique

Subjects

Theoretical computer science, Computer science, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Side-channel attacks, Encryption, Leakage-resilient cryptographic constructions, 01 natural sciences, Secret sharing, Random oracle, Public-key cryptography, Pseudorandom function family, 0202 electrical engineering, electronic engineering, information engineering, Cryptographic constructions, Security level, Stream cipher, Leakage parity, AKA, Block cipher, business.industry, Homomorphic encryption, Fresh re-keying, Symmetric-key algorithm, 010201 computation theory & mathematics, Authentication protocol, 020201 artificial intelligence & image processing, business

Abstract

Most leakage-resilient cryptographic constructions aim at limiting the information adversaries can obtain about secret keys. In the case of asymmetric algorithms, this is usually obtained by secret sharing (aka masking) the key, which is made easy by their algebraic properties. In the case of symmetric algorithms, it is rather key evolution that is exploited. While more efficient, the scope of this second solution is limited to stateful primitives that easily allow for key evolution such as stream ciphers. Unfortunately, it seems generally hard to avoid the need of (at least one) execution of a stateless primitive, both for encryption and authentication protocols. As a result, fresh re-keying has emerged as an alternative solution, in which a block cipher that is hard to protect against side-channel attacks is re-keyed with a stateless function that is easy to mask. While previous proposals in this direction were all based on heuristic arguments, we propose two new constructions that, for the first time, allow a more formal treatment of fresh re-keying. More precisely, we reduce the security of our re-keying schemes to two building blocks that can be of independent interest. The first one is an assumption of Learning Parity with Leakage, which leverages the noise that is available in side-channel measurements. The second one is based on the Learning With Rounding assumption, which can be seen as an alternative solution for low-noise implementations. Both constructions are efficient and easy to mask, since they are key homomorphic or almost key homomorphic.

Published

2016

18. Score-Based vs. Probability-Based Enumeration - A Cautionary Note

Author

Choudary, Marios O., Poussier, Romain, Standaert, François-Xavier, 17th International Conference in Cryptology in India - Progress in cryptology (INDIACRYPT 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Exploit, Computer science, Heuristic, Bayesian probability, Rank (computer programming), Context (language use), 02 engineering and technology, Side-channel attacks, 020202 computer hardware & architecture, Probability-based enumeration, Linear regression, Statistics, 0202 electrical engineering, electronic engineering, information engineering, Enumeration, Key (cryptography), 020201 artificial intelligence & image processing, Score-based enumeration

Abstract

The fair evaluation of leaking devices generally requires to come with the best possible distinguishers to extract and exploit side-channel information. While the need of a sound model for the leakages is a well known issue, the risks of additional errors in the post-processing of the attack results (with key enumeration/key rank estimation) are less investigated. Namely, optimal post-processing is known to be possible with distinguishers outputting probabilities (e.g. template attacks), but the impact of a deviation from this context has not been quantified so far. We therefore provide a consolidating experimental analysis in this direction, based on simulated and actual measurements. Our main conclusions are twofold. We first show that the concrete impact of heuristic scores such as produced with a correlation power analysis can lead to non-negligible post-processing errors. We then show that such errors can be mitigated in practice, with Bayesian extensions or specialized distinguishers (e.g. on-the-fly linear regression).

Published

2016

19. Towards Easy Leakage Certification

Author

Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, 18th International Conference on Cryptographic hardware and Embedded Systems (CHES 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Exploit, Computer science, business.industry, Cryptography, 02 engineering and technology, Certification, Side-channel attacks, 020202 computer hardware & architecture, Reliability engineering, Leakage certification, Information sensitivity, Power analysis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Leakage, Leakage (electronics)

Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published

2016

20. An Analysis of the Learning Parity with Noise Assumption Against Fault Attacks

Author

Berti, Francesco, Standaert, François-Xavier, 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Theoretical computer science, Cryptographic primitive, Algebraic structure, Computer science, Fault attack, 0102 computer and information sciences, 02 engineering and technology, Adversary, 01 natural sciences, Fault attacks, 020202 computer hardware & architecture, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Fault model, Parity (mathematics), Implementation, Block cipher

Abstract

We provide a first security evaluation of LPN-based implementations against fault attacks. Our main result is to show that such implementations inherently have good features to resist these attacks. First, some prominent fault models (e.g. where an adversary flips bits in an implementation) are ineffective against LPN. Second, attacks taking advantage of more advanced fault models (e.g. where an adversary sets bits in an implementation) require significantly more samples than against standard symmetric cryptographic primitives such as block ciphers. Furthermore, the sampling complexity of these attacks strongly suffers from inaccurate fault insertion. Combined with the previous observation that the inner products computed in LPN implementations have an interesting algebraic structure for side-channel resistance via masking, these results therefore suggest LPN-based primitives as interesting candidates for physically secure implementations.

Published

2016

21. Moments-Correlating DPA

Author

Moradi, Amir, Standaert, François-Xavier, Theory of Implementations (TI 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Exploit, Computer science, media_common.quotation_subject, 0102 computer and information sciences, 02 engineering and technology, Collision, 01 natural sciences, Confidence interval, 020202 computer hardware & architecture, Moment (mathematics), Power analysis, 010201 computation theory & mathematics, Simple (abstract algebra), 0202 electrical engineering, electronic engineering, information engineering, Simplicity, Lying, Algorithm, Simulation, media_common

Abstract

We generalize correlation-enhanced power analysis collision attacks into moments-correlating DPA. The resulting distinguisher is applicable to the profiled and non-profiled (collision) settings and is able to exploit information lying in any statistical moment. It also benefits from a simple rule-of-thumb to estimate its data complexity. Experimental results show that such a tool allows answering with confidence to some important questions regarding the design of side-channel countermeasures (e.g. what is the most informative statistical moment in the leakages of a threshold implementation). We further argue that moments-correlating DPA is a natural candidate for leakage detection tests, enjoying the simplicity of correlation power analysis and advanced features for the evaluation of higher-order attacks with an easy-to-compute confidence level.

Published

2016

22. Towards Securing Low-Power Digital Circuits with Ultra-Low-Voltage Vdd Randomizers

Author

Kamel, Dina, de Streel, Guerric, Merino Del Pozo, Santos, Nawaz, Kashif, Standaert, François-Xavier, Flandre, Denis, Bol, David, 6th International Conference on Security, privacy, and Applied Cryptographic Engineering (SPACE 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Digital electronics, Signal processing, business.industry, Computer science, Linear regulator, Electrical engineering, 02 engineering and technology, Noise (electronics), Multiplicative noise, 020202 computer hardware & architecture, CMOS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Sensitivity (control systems), business, Low voltage

Abstract

With the exploding number of connected objects and sensitive applications, security against side-channel attacks becomes critical in low-cost and low-power IoT applications. For this purpose, established mathematical countermeasures such as masking and shuffling always require a minimum amount of noise in the adversary’s measurements, that may not be guaranteed by default because of good measurement setups and powerful signal processing. In this paper, we propose to improve the protection of sensitive digital circuits by operating them at a random ultra-low voltage (ULV) supplied by a \(V_{dd}\) randomizer. As the \(V_{dd}\) randomization modulates the switching current, it results in a multiplicative noise on both the current consumption amplitude and its time dependence. As ULV operation increases the sensitivity of the current on the supply voltage, it magnifies the generated noise while reducing the side-channel information signal thanks to the switching current reduction. As a proof-of-concept, we prototyped a simple \(V_{dd}\) randomizer based on a low-quiescent-current linear regulator with a digitally-controlled resistive feedback divider on which we apply a 4-bit random number stream. Using an information theoretic metric, the measurement results obtained in 65 nm low-power CMOS confirm that such randomizers can significantly improve the security of cryptographic implementations against standard side-channel attacks in case of low physical noise in the attacks’ setups, hence enabling the use of mathematical countermeasures.

Published

2016

23. Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Author

Pereira, Olivier, Standaert, François-Xavier, Venkatesh, Srinivas Vivek, CCS '15 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Pseudorandom number generator, Authentication, Cryptographic primitive, Computer science, business.industry, CRYP [ICTEAM], Encryption, Computer security, computer.software_genre, Symmetric-key algorithm, Physical information, Cryptosystem, Side channel attack, business, computer, Block cipher

Abstract

Leakage-resilient cryptosystems aim to maintain security in situations where their implementation leaks physical information about their internal secrets. Because of their efficiency and usability on a wide range of platforms, solutions based on symmetric primitives (such as block ciphers) are particularly attractive in this context. So far, the literature has mostly focused on the design of leakage-resilient pseudorandom objects (e.g. PRGs, PRFs, PRPs). In this paper, we consider the complementary and practically important problem of designing secure authentication and encryption schemes. For this purpose, we follow a pragmatic approach based on the advantages and limitations of existing leakage-resilient pseudorandom objects, and rely on the (arguably necessary, yet minimal) use of a leak-free component. The latter can typically be instantiated with a block cipher implementation protected by traditional countermeasures, and we investigate how to combine it with the more intensive use of a much more efficient (less protected) block cipher implementation. Based on these premises, we propose and analyse new constructions of leakage-resilient MAC and encryption schemes, which allow fixing security and efficiency drawbacks of previous proposals in this direction. For encryption, we additionally provide a detailed discussion of why previously proposed (indistinguishability based) security definitions cannot capture actual side-channel attacks, and suggest a relaxed and more realistic way to quantify leakage-resilience in this case, by reducing the security of many iterations of the primitive to the security of a single iteration, independent of the security notion guaranteed by this single iteration (that remains hard to define).

Published

2015

24. Block Ciphers that are Easier to Mask: How Far Can we Go?

Author

Gérard, Benoît, Grosso, Vincent, Naya Plasencia, Maria, Standaert, François-Xavier, Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, Université Catholique de Louvain = Catholic University of Louvain (UCL), Security, Cryptology and Transmissions (SECRET), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Theoretical computer science, Differential cryptanalysis, Computer science, business.industry, Algorithm analysis and problem complexity, Hash function, Advanced Encryption Standard, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Data encryption, 020202 computer hardware & architecture, law.invention, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Cipher, Systems and data security, 010201 computation theory & mathematics, law, 0202 electrical engineering, electronic engineering, information engineering, Cryptanalysis, business, Key schedule, Block cipher

Abstract

International audience; The design and analysis of lightweight block ciphers has been a very active research area over the last couple of years, with many innovative proposals trying to optimize di erent performance gures. However, since these block ciphers are dedicated to low-cost embedded devices, their implementation is also a typical target for side-channel adversaries. As preventing such attacks with countermeasures usually implies signi cant performance overheads, a natural open problem is to propose new algorithms for which physical security is considered as an optimization criteria, hence allowing better performances again. We tackle this problem by studying how much we can tweak standard block ciphers such as the AES Rijndael in order to allow e cient masking (that is one of the most frequently considered solutions to improve security against side-channel attacks). For this purpose, we rst investigate alternative S- boxes and round structures. We show that both approaches can be used separately in order to limit the total number of non-linear operations in the block cipher, hence allowing more e cient masking. We then combine these ideas into a concrete instance of block cipher called Zorro. We further provide a detailed security analysis of this new cipher taking its design speci cities into account, leading us to exploit innovative techniques borrowed from hash function cryptanalysis (that are sometimes of independent interest). Eventually, we conclude the paper by evaluating the e ciency of masked Zorro implementations in an 8-bit microcontroller, and exhibit their interesting performance gures.

Published

2013

25. Intellectual property protection for FPGA designs with soft physical hash functions: First experimental results

Author

Kerckhof, Stéphanie, Durvaux, François, Standaert, François-Xavier, Gérard, Benoît, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST 2013), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Intellectual property, business.industry, Computer science, SPH, Design flow, Hash function, Context (language use), Cryptography, Soft physical hash functions, Programmable logic array, Logic synthesis, Software, IP, Embedded system, Hardware_INTEGRATEDCIRCUITS, business, Field-programmable gate array, FPGA

Abstract

The use of Soft Physical Hash (SPH) functions has been recently introduced as a flexible and efficient way to detect Intellectual Property (IP) cores in microelectronic systems. Previous works have mainly investigated software IP to validate this approach. In this paper, we extend it towards the practically important case of FPGA designs. Based on experiments, we put forward that SPH functions-based detection is a promising and low-cost solution for preventing anti-counterfeiting, as it does not require any a-priori modification of the design flow. In particular, we illustrate its performances with stand-alone FPGA designs, re-synthetized FPGA designs, and in the context of parasitic IPs running in parallel.

Published

2013

26. An Optimal Key Enumeration Algorithm and Its Application to Side-Channel Attacks

Author

Veyrat-Charvillon, Nicolas, Gérard, benoît, Renauld, Mathieu, Standaert, François-Xavier, 19th International Conference on Selected Areas in Cryptography (SAC 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Reduction (complexity), Power analysis, Theoretical computer science, Collision attack, Computer science, Deterministic algorithm, law, Enumeration, Key (cryptography), Byte, Side channel attack, Cryptanalysis, law.invention

Abstract

Methods for enumerating cryptographic keys based on partial information obtained on key bytes are important tools in cryptanalysis. This paper discusses two contributions related to the practical application and algorithmic improvement of such tools. On the one hand, we observe that the evaluation of leaking devices is generally based on distinguishers with very limited computational cost, such as Kocher’s Differential Power Analysis. By contrast, classical cryptanalysis usually considers large computational costs (e.g. beyond 280 for present ciphers). Trying to bridge this gap, we show that allowing side-channel adversaries some computing power has major consequences for the security of leaking devices. For this purpose, we first propose a Bayesian extension of non-profiled side-channel attacks that allows us to rate key candidates according to their respective probabilities. Then we provide a new deterministic algorithm that allows us to optimally enumerate key candidates from any number of (possibly redundant) lists of any size, given that the subkey information is provided as probabilities, at the cost of limited (practically tractable) memory requirements. Finally, we investigate the impact of key enumeration taking advantage of this Bayesian formulation, and quantify the resulting reduction in the data complexity of various side-channel attacks.

Published

2013

27. Masking vs. Multiparty Computation: How Large Is the Gap for AES?

Author

Grosso, Vincent, Standaert, François-Xavier, Faust, Sebastian, Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Multiplication algorithm, Speedup, Computer Networks and Communications, business.industry, Computer science, Computation, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Secret sharing, Masking (Electronic Health Record), Data encryptation, Systems and data security, MPC, 010201 computation theory & mathematics, 020204 information systems, Algorithm analysis problem complexity, MultiParty Computation, 0202 electrical engineering, electronic engineering, information engineering, business, Implementation, Algorithm, Software, Randomness

Abstract

In this paper, we evaluate the performances of state-of-the-art higher order masking schemes for the AES. Doing so, we pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal by Roche and Prouff exploiting multiparty computation (MPC) techniques. We show that the additional security features this latter scheme provides (e.g., its glitch-freeness) come at the cost of large performance overheads. We then study how exploiting standard optimization techniques from the MPC literature can be used to reduce this gap. In particular, we show that “packed secret sharing” based on a modified multiplication algorithm can speed up MPC-based masking when the order of the masking scheme increases. Eventually, we discuss the randomness requirements of masked implementations. For this purpose, we first show with information theoretic arguments that the security guarantees of masking are only preserved if this randomness is uniform, and analyze the consequences of a deviation from this requirement. We then conclude the paper by including the cost of randomness generation in our performance evaluations. These results should help actual designers to choose a masking scheme based on security and performance constraints.

Published

2013

28. Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers

Author

Zhao, Hui, Zhou, Yongbin, Standaert, François-Xavier, Zhang, Hailong, Information Security Practice and Experience - 9th International Conference (ISPEC 2013), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Measure (data warehouse), Series (mathematics), Computer science, business.industry, Side-channel analysis, Univariate, Kolmogorov-Smirnov Test, Context (language use), Cryptography, Kolmogorov–Smirnov test, computer.software_genre, Distinguisher, symbols.namesake, Key (cryptography), symbols, Side channel attack, Data mining, business, Evaluation, computer, Construction

Abstract

Generic side-channel distinguishers aim at revealing the correct key embedded in cryptographic modules even when few assumptions can be made about their physical leakages. In this context, Kolmogorov-Smirnov Analysis (KSA) and Partial Kolmogorov-Smirnov analysis (PKS) were proposed respectively. Although both KSA and PKS are based on Kolmogorov-Smirnov (KS) test, they really differ a lot from each other in terms of construction strategies. Inspired by this, we construct nine new variants by combining their strategies in a systematic way. Furthermore, we explore the effectiveness and efficiency of all these twelve KS test based distinguishers under various simulated scenarios in a univariate setting within a unified comparison framework, and also investigate how these distinguishers behave in practical scenarios. For these purposes, we perform a series of attacks against both simulated traces and real traces. Success Rate (SR) is used to measure the efficiency of key recovery attacks in our evaluation. Our experimental results not only show how to choose the most suitable KS test based distinguisher in a particular scenario, but also clarify the practical meaning of all these KS test based distinguishers in practice.

Published

2013

29. Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices

Author

Balasch, Josep, Ege, Baris, Eisenbarth, Thomas, Gérard, Benoît, Zheng, Gong, Güneysu, Tim, Heyse, Stefan, Kerckhof, Stéphanie, Koeune, François, Plos, Thomas, Pöppelmann, Thomas, Regazzoni, Francesco, Standaert, François-Xavier, Van Assche, Gilles, Van Keer, Ronny, van Oldeneel tot Oldenzeel, Loïc, von Maurich, Ingo, 11th International Conference CARDIS 2012, Mangard, Stefan, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Secure Hash Algorithm, Source code, Cryptographic primitive, business.industry, Computer science, Interface (computing), media_common.quotation_subject, Hash function, Cryptography, cosic, SHA-2, Embedded system, Security of cryptographic hash functions, business, media_common

Abstract

The pervasive diffusion of electronic devices in security and privacy sensitive applications has boosted research in cryptography. In this context, the study of lightweight algorithms has been a very active direction over the last years. In general, symmetric cryptographic primitives are good candidates for low-cost implementations. For example, several previous works have investigated the performance of block ciphers on various platforms. Motivated by the recent SHA3 competition, this paper extends these studies to another family of cryptographic primitives, namely hash functions. We implemented different algorithms on an ATMEL AVR ATtiny45 8-bit microcontroller, and provide their performance evaluation. All the implementations were carried out with the goal of minimizing the code size and memory utilization, and are evaluated using a common interface. As part of our contribution, we make all the corresponding source codes available on a web page, under an open-source license. We hope that this paper provides a good basis for researchers and embedded system designers who need to include more and more functionalities in next generation smart devices. © 2013 Springer-Verlag. ispartof: pages:158-172 ispartof: Lecture Notes in Computer Science vol:7771 pages:158-172 ispartof: CARDIS 2012 date:28 Nov - 30 Nov 2012 status: published

Published

2013

30. Intellectual Property Protection for Integrated Systems Using Soft Physical Hash Functions

Author

Durvaux, François, Gérard², Benoît, Kerckhof, Stéphanie, Koeune, François, Standaert, François-Xavier, 13th International Workshop on Information Security Applications (WISA 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Source code, Theoretical computer science, Computer science, media_common.quotation_subject, Integrated systems, Hash function, Cryptographic hardware, Image processing, Security of cryptographic hash functions, Intellectual property, media_common, Block cipher

Abstract

Intellectual property right violations are an important problem for integrated system designers. We propose a new solution for mitigating such violations, denoted as soft physical hash functions. It combines previously introduced ideas of soft hash functions (in the field of image processing) and side-channel leakage (in the field of cryptographic hardware). For this purpose, we first introduce and formalize the components of an intellectual property detection infrastructure using soft physical hash functions. Next, we discuss its advantages over previous proposals aiming at similar goals. The most important point here is that the proposed technique can be applied to already deployed products. Finally, we validate our approach with a first experimental study.

Published

2012

31. Algebraic Side-Channel Attacks Beyond the Hamming Weight Leakage Model

Author

Oren, Yossef, Renauld, Mathieu, Standaert, François-Xavier, Wool, Avishai, 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Computer science, law, Computation, Algebraic Side-Channel Attacks, ASCA, Side channel attack, Leakage model, Boolean satisfiability problem, Cryptanalysis, Hamming weight, System of linear equations, Algorithm, law.invention

Abstract

Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustness-information tradeoff can be simplified by using an optimizer, which exploits the probability data output by a side-channel decoder, instead of a standard SAT solver. For this purpose, we describe a way of representing the leak equations as vectors of aposteriori probabilities, enabling a natural integration of template attacks and ASCA. Next, we put forward the applicability of ASCA against devices which do not conform to simple leakage models (e.g. based on the Hamming weight of the manipulated data). We finally report on various experiments that illustrate the strengths and weaknesses of standard and optimizing solvers in various settings, hence demonstrating the versatility of ASCA.

Published

2012

32. Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box

Author

Renauld, Mathieu, Kamel, Dina, Standaert, François-Xavier, Flandre, Denis, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2011), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Security analysis, Theoretical computer science, CMOS, Computer engineering, Physical information, Computer science, Information leakage, Key (cryptography), Current-mode logic, Routing (electronic design automation), Full custom

Abstract

In a recent work from Eurocrypt 2011, Renauld et al. discussed the impact of the increased variability in nanoscale CMOS devices on their evaluation against side-channel attacks. In this paper, we complement this work by analyzing an implementation of the AES S-box, in the DDSLL dual-rail logic style, using the same 65-nanometer technology. For this purpose, we first compare the performance results of the static CMOS and dual-rail S-boxes. We show that full custom design allows to nicely mitigate the performance drawbacks that are usually reported for dual-rail circuits. Next, we evaluate the side-channel leakages of these S-boxes, using both simulations and actual measurements. We take advantage of state-of-the-art evaluation tools, and discuss the quantity and nature (e.g. linearity) of the physical information they provide. Our results show that the security improvement of the DDSLL S-box is typically in the range of one order of magnitude (in terms of "number of traces to recover the key"). They also confirm the importance of a profiled information theoretic analysis for the worst-case security evaluation of leaking devices. They finally raise the important question whether dual-rail logic styles remain a promising approach for reducing the side-channel information leakages in front of technology scaling, as hardware constraints such as balanced routing may become increasingly challenging to fulfill, as circuit sizes tend towards the nanometer scale.

Published

2012

33. Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices

Author

Eisenbarth, Thomas, Gong, Zheng, Güneysu, Tim, Heyse, Stefan, Indesteege, Sebastiaan, Kerckhof, Stéphanie, Koeune, François, Nad, Topmislav, Plos, Thomas, Regazzoni, Francesco, Standaert, François-Xavier, van Oldeneel tot Oldenzeel, Loïc, 5th International Conference on Cryptology in Africa (AFRICACRYPT 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Source code, business.industry, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, Microcontroller, Open source, Embedded system, block ciphers, Web page, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, License, Implementation, media_common, Block cipher

Abstract

The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which different ciphers actually reach their low-cost goals, on different platforms. This paper reports on an initiative aimed to partially relax this issue. First, we implemented 12 block ciphers on an ATMEL ATtiny45 device, and made the corresponding source code available on a webpage, with an open-source license. Common design goals and interface have been sent to all designers in order to enhance the comparability of the implementation results. Second, we evaluated the performances of these implementations according to different metrics, including energy-consumption measurements. Although inherently limited by slightly different design choices, we hope this initiative can trigger more work in this direction, e.g. by extending the list of implemented ciphers, or adding countermeasures against physical attacks in the future.

Published

2012

34. Security Analysis of Image-Based PUFs for Anti-counterfeiting

Author

Shariati, Saloomeh, Koeune, François, Standaert, François-Xavier, Communications and Multimedia Security: 13th IFIP TC 6/TC 11 International Conference (CMS 2012), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Université Catholique de Louvain = Catholic University of Louvain (UCL), Bart Decker, David W. Chadwick, TC 6, and TC 11

Subjects

Scheme (programming language), Security analysis, Computer science, Anti-counterfeiting, Physical unclonable function, 02 engineering and technology, Computer security, computer.software_genre, PUFs, Signature (logic), 020202 computer hardware & architecture, Image (mathematics), [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Phisically Unclonable Functions, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], computer, Protocol (object-oriented programming), Image based, computer.programming_language

Abstract

Part 1: Research Papers; International audience; Physically Unclonable Functions are a promising tool to protect against counterfeiting attacks. Yet, as with any security system, it is important to embed them in a sound protocol, ensuring that no unexpected weakness is present in the “mortar” binding the components together. This paper proposes an anti-counterfeiting protocol that provably reduces to natural properties of its underlying components, namely an image-based Physical Function System bearing physical unclonability and an existentially unforgeable signature scheme. Experiments confirm the practical feasibility of our construction.

Published

2012

35. Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

Author

Medwed, Marcel, Standaert, François-Xavier, Joux, Antoine, Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Pseudorandom number generator, Computer science, Distributed computing, Initialization, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, 020202 computer hardware & architecture, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Lattice reduction, Stream cipher, Security parameter, Block cipher

Abstract

Leakage-resilient constructions have attracted significant attention over the last couple of years. In practice, pseudorandom functions are among the most important such primitives, because they are stateless and do not require a secure initialization as, e.g. stream ciphers. However, their deployment in actual applications is still limited by security and efficiency concerns. This paper contributes to solve these issues in two directions. On the one hand, we highlight that the condition of bounded data complexity, that is guaranteed by previous leakage-resilient constructions, may not be enough to obtain practical security. We show experimentally that, if implemented in an 8-bit microcontroller, such constructions can actually be broken. On the other hand, we present tweaks for tree-based leakage-resilient PRFs that improve their efficiency and their security, by taking advantage of parallel implementations. Our security analyses are based on worst-case attacks in a noise-free setting and suggest that under reasonable assumptions, the side-channel resistance of our construction grows super-exponentially with a security parameter that corresponds to the degree of parallelism of the implementation. In addition, it exhibits that standard DPA attacks are not the most relevant tool for evaluating such leakage-resilient constructions and may lead to overestimated security. As a consequence, we investigate more sophisticated tools based on lattice reduction, which turn out to be powerful in the physical cryptanalysis of these primitives. Eventually, we put forward that the AES is not perfectly suited for integration in a leakage-resilient design. This observation raises interesting challenges for developing block ciphers with better properties regarding leakage-resilience.

Published

2012

36. Unified and Optimized Linear Collision Attacks and Their Application in a Non-profiled Setting

Author

Gérard, Benoît, Standaert, François-Xavier, Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Collision attack, Computer science, Code (cryptography), Collision detection, Low-density parity-check code, Collision, Algorithm, Decoding methods, Block cipher, Computer Science::Cryptography and Security

Abstract

Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, we discuss their relevance in the security evaluation of leaking devices with two main contributions. On the one hand, we suggest that the exploitation of linear collisions in block ciphers can be naturally re-written as a Low Density Parity Check Code decoding problem. By combining this re-writing with a Bayesian extension of the collision detection techniques, we succeed in improving the efficiency and error tolerance of previously introduced attacks. On the other hand, we provide various experiments in order to discuss the practicality of such attacks compared to standard DPA. Our results exhibit that collision attacks are less efficient in classical implementation contexts, e.g. 8-bit microcontrollers leaking according to a linear power consumption model. We also observe that the detection of collisions in software devices may be difficult in the case of optimized implementations, because of less regular assembly codes. Interestingly, the soft decoding approach is particularly useful in these more challenging scenarios. Finally, we show that there exist (theoretical) contexts in which collision attacks succeed in exploiting leakages whereas all other non-profiled side-channel attacks fail.

Published

2012

37. Compact FPGA Implementations of the Five SHA-3 Finalists

Author

Kerckhof, Stéphanie, Durvaux, François, Veyrat-Charvillon, Nicolas, Regazzoni, Francesco, Meurice de Dormale, Guerric, Standaert, François-Xavier, 10th Smart Card Research and Advanced Application Conference (CARDIS 2011), Université Catholique de Louvain = Catholic University of Louvain (UCL), MuElec, Emmanuel Prouff, TC 8, TC 11, WG 8.8, WG 11.2, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, and MuElec, Belgium

Subjects

Computer science, Cycles per instruction, business.industry, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, 020208 electrical & electronic engineering, 02 engineering and technology, 020202 computer hardware & architecture, Computer architecture, SHA-3, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], Field-programmable gate array, business, Throughput (business), Block cipher

Abstract

Part 5: Implementations and Hardware Security 2; International audience; Allowing good performances on different platforms is an important criteria for the selection of the future sha-3 standard. In this paper, we consider the compact implementations of blake, Grøstl, jh, Keccak and Skein on recent fpga devices. Our results bring an interesting complement to existing analyzes, as most previous works on fpga implementations of the sha-3 candidates were optimized for high throughput applications. Following recent guidelines for the fair comparison of hardware architectures, we put forward clear trends for the selection of the future standard. First, compact fpga implementations of Keccak are less efficient than their high throughput counterparts. Second, Grøstl shows interesting performances in this setting, in particular in terms of throughput over area ratio. Third, the remaining candidates are comparably suitable for compact fpga implementations, with some slight contrasts (in area cost and throughput).

Published

2011

38. Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Author

Medwed, Marcel, Petit, Christophe, Regazzoni, Francesco, Renauld, Mathieu, Standaert, François-Xavier, 10th IFIP WG 8.8/11.2 International Conference (CARDIS 2011), Université Catholique de Louvain = Catholic University of Louvain (UCL), Emmanuel Prouff, TC 8, TC 11, WG 8.8, WG 11.2, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Scheme (programming language), Computer science, media_common.quotation_subject, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, Automotive industry, 02 engineering and technology, Side-channel attacks, Fault (power engineering), Computer security, computer.software_genre, Masking (Electronic Health Record), 0202 electrical engineering, electronic engineering, information engineering, Shuffling, Relevance (information retrieval), [INFO]Computer Science [cs], Side channel attack, media_common, computer.programming_language, Shuing, business.industry, Payment, Fault attacks, 020202 computer hardware & architecture, Microcontroller, Masking, Re-keying, 020201 artificial intelligence & image processing, business, computer

Abstract

Part 3: New Algorithms and Protocols; International audience; Security-aware embedded systems are widespread nowadays and many applications, such as payment, pay-TV and automotive applications rely on them. These devices are usually very resource constrained but at the same time likely to operate in a hostile environment. Thus, the implementation of low-cost protection mechanisms against physical attacks is vital for their market relevance. An appealing choice, to counteract a large family of physical attacks with one mechanism, seem to be protocol-level countermeasures. At last year’s Africacrypt, a fresh re-keying scheme has been presented which combines the advantages of re-keying with those of classical countermeasures such as masking and hiding. The contribution of this paper is threefold: most importantly, the original fresh re-keying scheme was limited to one low-cost party (e.g. an RFID tag) in a two party communication scenario. In this paper we extend the scheme to n low-cost parties and show that the scheme is still secure. Second, one unanswered question in the original paper was the susceptibility of the scheme to algebraic SPA attacks. Therefore, we analyze this property of the scheme. Finally, we implemented the scheme on a common 8-bit microcontroller to show its efficiency in software.

Published

2011

39. A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

Author

Renauld, Mathieu, Standaert, François-Xavier, Veyrat-Charvillon, Nicolas, Kamel, Dina, Flandre, Denis, 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

business.industry, Computer science, Cryptography, Computer security, computer.software_genre, CMOS, Information leakage, Side channel attack, Smart card, business, Hamming weight, computer, Physical security, Leakage (electronics)

Abstract

Variability is a central issue in deep submicron technologies, in which it becomes increasingly difficult to produce two chips with the same behavior. While the impact of variability is well understood from the microelectronic point of view, very few works investigated its significance for cryptographic implementations. This is an important concern as 65-nanometer and smaller technologies are soon going to equip an increasing number of security-enabled devices. Based on measurements performed on 20 prototype chips of an AES S-box, this paper provides the first comprehensive treatment of variability issues for side-channel attacks. We show that technology scaling implies important changes in terms of physical security. First, common leakage models (e.g. based on the Hamming weight of the manipulated data) are no longer valid as the size of transistors shrinks, even for standard CMOS circuits. This impacts both the evaluation of hardware countermeasures and formal works assuming that independent computations lead to independent leakage. Second, we discuss the consequences of variability for profiled side-channel attacks. We study the extend to which a leakage model that is carefully profiled for one device can lead to successful attacks against another device. We also define the perceived information to quantify this context, which generalizes the notion of mutual information with possibly degraded leakage models. Our results exhibit that existing side-channel attacks are not perfectly suited to this new context. They constitute an important step in better understanding the challenges raised by future technologies for the theory and practice of leakage resilient cryptography.

Published

2011

40. Leakage Resilient Cryptography in Practice

Author

Standaert, François-Xavier, Pereira, Olivier, Yu, Yu, Quisquater, Jean-Jacques, Yung, Moti, Oswald, Elisabeth, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Columbia University - Dept. of Computer Science, and University of Bristol - Department of Computer Science

Subjects

Computer Science

Abstract

In this report, we are concerned with models to analyze the security of cryptographic algorithms against side-channel attacks. Our objectives are threefold. In a First part of the paper, we aim to survey a number of well known intuitions related to physical security and to connect them with more formal results in this area. For this purpose, we study the definition of leakage function introduced by Micali and Reyzin in 2004 and its relation to practical power consumption traces. Then, we discuss the non equivalence between the unpredictability and indistinguishability of pseudorandom generators in physically observable cryptography. Eventually, we examine the assumption of bounded leakage per iteration that has been used recently to prove the security of different constructions against side-channel attacks. We show that approximated leakage bounds can be obtained using the framework for the analysis of side-channel key recovery attacks published at Eurocrypt 2009. In a second part of the paper, we aim to investigate two recent leakage resilient pseudorandom generators, both from a theoretical and practical point of view. On the one hand, we consider a forward secure generator from ASIACCS 2008 and its similarities with a previous construction by Bellare and Yee. On the other hand, we analyze Pietrzak's block cipher based construction from Eurocrypt 2009. Doing this, we put forward the difficulty of meaningfully restricting the physical leakages and show that this difficulty leads to different drawbacks. It allows us to emphasize the differences between these two designs. First, one construction that we analyze requires strong black box assumptions (i.e. random oracles) - the other one considers unrealistic leakages leading to (possibly useless) performance overheads. Second, one construction considers an adversary able to adaptively choose a leakage function while the second one does not permit this adaptivity. Third, the security proof of the Eurocrypt 2009 construction relies on the assumption that only computation leaks" (or relaxed but related hypotheses) while this assumption is not necessary for the ASIACCS construction. We then discuss the impact of these hypotheses with respect to recent technological advances. In the third part of the paper, we show that Pietrzak's leakage resilient mode of operation from Eurocrypt 2009 can be broken with a standard DPA if it is re-initialized without sharing new keys. Then, we propose solutions to _x this issue and extend the initial proposal from ASIACCS 2008 in order to rely on more standard cryptographic constructions. We use these alternative designs to illustrate the incompatibility between a fully adaptive selection of the leakage function and the secure initialization of a pseudorandom generator. We also argue that simple pseudorandom functions (e.g. the one of Goldreich, Goldwasser, Micali) can be shown leakage resilient, using the random oracle methodology. We additionally discuss the security vs. performance tradeoff that is inherent to these different schemes. Eventually, we show that the security of the forward secure pseudorandom number generator of Bellare and Yee against side-channel attacks cannot be directly generalized in the standard model. It is an open problem to determine the minimum black box assumptions and restrictions of the leakage function for this purpose.

Published

2010

41. Information Theoretic Evaluation of Side-Channel Resistant Logic Styles.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Paillier, Pascal, Verbauwhede, Ingrid, Macé, François, Standaert, François-Xavier, and Quisquater, Jean-Jacques

Abstract

We propose to apply an information theoretic metric to the evaluation of side-channel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to replace the need of actual measurements, we show that simulations can be used as a meaningful first step in the validation chain of a cryptographic product. For illustration purposes, we apply our methodology to gate-level simulations of different logic styles and stress that it allows a significant improvement of the previously considered evaluation methods. In particular, our results allow putting forward the respective strengths and weaknesses of actual countermeasures and determining to which extent they can practically lead to secure implementations (with respect to a noise parameter), if adversaries were provided with simulation-based side-channel traces. Most importantly, the proposed methodology can be straightforwardly adapted to adversaries provided with any other kind of leakage traces (including physical ones). [ABSTRACT FROM AUTHOR]

Published

2007

42. SEA: A Scalable Encryption Algorithm for Small Embedded Applications.

Author

Domingo-Ferrer, Josep, Posegga, Joachim, Schreckling, Daniel, Standaert, François-Xavier, Piret, Gilles, Gershenfeld, Neil, and Quisquater, Jean-Jacques

Abstract

Most present symmetric encryption algorithms result from a tradeoff between implementation cost and resulting performances. In addition, they generally aim to be implemented efficiently on a large variety of platforms. In this paper, we take an opposite approach and consider a context where we have very limited processing resources and throughput requirements. For this purpose, we propose low-cost encryption routines (i.e. with small code size and memory) targeted for processors with a limited instruction set (i.e. AND, OR, XOR gates, word rotation and modular addition). The proposed design is parametric in the text, key and processor size, allows efficient combination of encryption/decryption, "on-the-fly" key derivation and its security against a number of recent cryptanalytic techniques is discussed. Target applications for such routines include any context requiring low-cost encryption and/or authentication. [ABSTRACT FROM AUTHOR]

Published

2006

43. A Comparative Cost/Security Analysis of Fault Attack Countermeasures.

Author

Breveglieri, Luca, Koren, Israel, Naccache, David, Seifert, Jean-Pierre, Malkin, Tal G., Standaert, François-Xavier, and Yung, Moti

Abstract

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. To protect cryptographic implementations (e.g. of the recent AES which will be our running example) against these attacks, a number of innovative countermeasures have been proposed, usually based on the use of space and time redundancies (e.g. error detection/correction techniques, repeated computations). In this paper, we take the next natural step in engineering studies where alternative methods exist, namely, we take a comparative perspective. For this purpose, we use unified security and efficiency metrics to evaluate various recent protections against fault attacks. The comparative study reveals security weaknesses in some of the countermeasures (e.g. intentional malicious fault injection that are unrealistically modelled). The study also demonstrates that, if fair performance evaluations are performed, many countermeasures are not better than the naive solutions, namely duplication or repetition. We finally suggest certain design improvements for some countermeasures, and further discuss security/efficiency tradeoffs. Keywords: Attacks and countermeasures in hardware and software. [ABSTRACT FROM AUTHOR]

Published

2006

44. Improved Higher-Order Side-Channel Attacks with FPGA Experiments.

Author

Rao, Josyula R., Sunar, Berk, Peeters, Eric, Standaert, François-Xavier, Donckers, Nicolas, and Quisquater, Jean-Jacques

Abstract

We demonstrate that masking a block cipher implementation does not sufficiently improve its security against side-channel attacks. Under exactly the same hypotheses as in a Differential Power Analysis (DPA), we describe an improvement of the previously introduced higher-order techniques allowing us to defeat masked implementations in a low (i.e. practically tractable) number of measurements. The proposed technique is based on the efficient use of the statistical distributions of the power consumption in an actual design. It is confirmed both by theoretical predictions and practical experiments against FPGA devices. Keywords: cryptographic devices, side-channel analysis, DPA, high-order power analysis, masking countermeasure, block cipher, FPGA. [ABSTRACT FROM AUTHOR]

Published

2005

45. A Tutorial on Physical Security and Side-Channel Attacks.

Author

Aldini, Alessandro, Gorrieri, Roberto, Martinelli, Fabio, Koeune, François, and Standaert, François-Xavier

Abstract

A recent branch of cryptography focuses on the physical constraints that a real-life cryptographic device must face, and attempts to exploit these constraints (running time, power consumption...) to expose the device's secrets. This gave birth to implementation-specific attacks, which often turned out to be much more efficient than the best known cryptanalytic attacks against the underlying primitive as an idealized object. This paper aims at providing a tutorial on the subject, overviewing the main kinds of attacks and highlighting their underlying principles. [ABSTRACT FROM AUTHOR]

Published

2005

46. A Design Methodology for Secured ICs Using Dynamic Current Mode Logic.

Author

Paliouras, Vassilis, Vounckx, Johan, Verkest, Diederik, Macé, François, Standaert, François-Xavier, Quisquater, Jean-Jacques, and Legat, Jean-Didier

Abstract

This paper presents principles and concepts for the secured design of cryptographic IC's. In order to achieve a secure implementation of those structures, we propose to use a Binary Decision Diagrams (BDDs) approach to design and determine the most secured structures in Dynamic Current Mode Logic. We apply a BDD based prediction to the power consumption of some gates, validate our model using SPICE simulations, and use it to mount efficient power analysis attacks on a component of a cryptographic algorithm. Moreover, relying on our simulation results, we propose a complete methodology based on our BDD model to obtain secured IC's, from the boolean function to the final circuit layout. Keywords: Differential Pull Down Networks, Binary Decision Diagrams, Differential Power Analysis, Side-channel attack. [ABSTRACT FROM AUTHOR]

Published

2005

47. Very High Order Masking: Efficient Implementation and Security Evaluation

Author

Journault, Anthony, Standaert, François-Xavier, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

business.industry, Computer science, Advanced Encryption Standard, 02 engineering and technology, Computer security model, Masking (Electronic Health Record), 020202 computer hardware & architecture, Embedded software, Cipher, Computer engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, High order, business, Security level, Implementation, Security evaluation

Abstract

In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the bitslice cipher Fantomas. By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic timings for masked implementations with 32 shares. We then observe that the security level provided by such implementations is uneasy to quantify with current evaluation tools. We therefore propose a new “multi-model” evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature. This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters. Concretely, it leads us to conclude that these implementations withstand worst-case adversaries with \(>\!2^{64}\) measurements under falsifiable assumptions.

48. Implementing Trojan-Resilient Hardware from (Mostly) Untrusted Components Designed by Colluding Manufacturers

Author

Bronchain, Olivier, Dassy, Louis, Faust, Sebastian, Standaert, François-Xavier, 2018 Workshop on Attacks and Solutions in Hardware Security (ASHES@CCS 2018), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

0301 basic medicine, Hardware Trojans, Trojan-Resilience, Multi-Party Computation, Exploit, Computer science, business.industry, 02 engineering and technology, computer.software_genre, 020202 computer hardware & architecture, 03 medical and health sciences, 030104 developmental biology, Trojan, 0202 electrical engineering, electronic engineering, information engineering, Compiler, Communication complexity, business, Field-programmable gate array, Throughput (business), computer, Protocol (object-oriented programming), Computer hardware, Block cipher

Abstract

At CCS 2016, Dziembowski et al. proved the security of a generic compiler able to transform any circuit into a Trojan-resilient one based on a (necessary) number of trusted gates. Informally, it exploits techniques from the Multi-Party Computation (MPC) literature in order to exponentially reduce the probability of a successful Trojan attack. As a result, its concrete relevance depends on ( i ) the possibility to reach good performances with affordable hardware, and ( ii ) the actual number of trusted gates the solution requires. In this paper, we assess the practicality of the CCS 2016 Trojan-resilient compiler based on a block cipher case study, and optimize its performances in different directions. From the algorithmic viewpoint, we use a recent MPC protocol by Araki et al. (CCS 2016) in order to increase the throughput of our implementations, and we investigate various block ciphers and S-box representations to reduce their communication complexity. From a design viewpoint, we develop an architecture that balances the computation and communication cost of our Trojan-resilient circuits. From an implementation viewpoint, we describe a prototype hardware combining several commercial FPGAs on a dedicated printed circuit board. Thanks to these advances, we exhibit realistic performances for a Trojan-resilient circuit purposed for high-security applications, and confirm that the amount of trusted gates required by the CCS 2016 compiler is well minimized.

49. Large Scale, Actively Secure Computation from LPN and Free-XOR Garbled Circuits

Author

Kelong Cong, Nigel P. Smart, Eduardo Soria-Vazquez, Aner Ben-Efraim, Eran Omri, Emmanuela Orsini, Canteaut, Anne, and Standaert, François-Xavier

Subjects

SECURE MULTIPARTY COMPUTATION, Computer science, business.industry, SECURE MULTIPARTY COMPUTATION, GARBLED CIRCUITS, LPN ASSUMPTION, LPN ASSUMPTION, Value (computer science), Scale (descriptive set theory), Encryption, GARBLED CIRCUITS, Secure multi-party computation, Preprocessor, business, Communication complexity, Protocol (object-oriented programming), Electronic circuit, Computer network

Abstract

We (MPC) protocol based on garbled circuits which is both actively secure and supports the free-XOR technique, and which has communication complexity O(n) per party. This improves on a protocol of Ben-Efraim, Lindell and Omri which only achieved passive security, without support for free-XOR. Our construction is based on a new variant of LPN-based encryption, but has the drawback of requiring a rather expensive garbling phase. To address this issue we present a second protocol that assumes at least n/c of the parties are honest (for an arbitrary fixed value c). This second protocol allows for a significantly lighter preprocessing, at the cost of a small sacrifice in online efficiency. We demonstrate the practicality of our evaluation phase with an implementation.

Published

2021