research-article

Public Access

Strong Non-Interference and Type-Directed Higher-Order Masking

Authors:

François Dupressoir,

Pierre-Alain Fouque,

Benjamin Grégoire,

Pierre-Yves Strub,

Rébecca ZucchiniAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 116 - 129

https://doi.org/10.1145/2976749.2978427

Published: 24 October 2016 Publication History

Abstract

Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.

References

[1]

Marcin Andrychowicz, Stefan Dziembowski, and Sebastian Faust. Circuit compilers with O(1=log(n)) leakage rate. In EUROCRYPT 2016, LNCS, pages 586--615. Springer, Heidelberg, 2016.

[2]

Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, and François-Xavier Standaert. On the cost of lazy engineering for masked software implementations. In Proceedings of the Smart Card Research and Advanced Application Conference (CARDIS), volume 8968 of LNCS, pages 64--81. Springer, Heidelberg, November 2014.

[3]

Kshitij Bansal, Andrew Reynolds, Clark Barrett, and Cesare Tinelli. A new decision procedure for finite sets and cardinality constraints in SMT. In Proceedings of the 8th International Joint Conference on Automated Reasoning (IJCAR), volume 9706 of LNCS, pages 82--98, June 2016.

Digital Library

[4]

Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub. Verified proofs of higher-order masking. In Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part I, volume 9056 of LNCS, pages 457--485. Springer, Heidelberg, April 2015.

[5]

Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub, and Rébecca Zucchini. Strong non-interference and type-directed higher-order masking. Cryptology ePrint Archive, Report 2015/506, 2015. http://eprint.iacr.org/2015/506.

[6]

Gilles Barthe, François Dupressoir, Benjamin Grégoire, César Kunz, Benedikt Schmidt, and Pierre-Yves Strub. EasyCrypt: A tutorial. In Foundations of Security Analysis and Design VII - FOSAD 2012/2013 Tutorial Lectures, pages 146--166, 2013.

[7]

Alberto Battistello, Jean-Sébastien Coron, Emmanuel Prouff, and Rina Zeitoun. Horizontal side-channel attacks and countermeasures on the ISW masking scheme. In CHES 2016, LNCS, pages 23--29. Springer, Heidelberg, 2016.

[8]

Ali Galip Bayrak, Francesco Regazzoni, David Novo, and Paolo Ienne. Sleuth: Automated verification of software power analysis countermeasures. In Guido Bertoni and Jean-Sébastien Coron, editors, CHES 2013, volume 8086 of LNCS, pages 293--310. Springer, Heidelberg, August 2013.

Digital Library

[9]

Sonia Belaïd, Fabrice Benhamouda, Alain Passelègue, Emmanuel Prouff, Adrian Thillard, and Damien Vergnaud. Randomness complexity of private circuits for multiplication. In EUROCRYPT 2016, LNCS, pages 616--648. Springer, Heidelberg, 2016.

[10]

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Higher-order threshold implementations. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, Part II, volume 8874 of LNCS, pages 326--343. Springer, Heidelberg, December 2014.

[11]

Claude Carlet, Emmanuel Prouff, Matthieu Rivain, and Thomas Roche. Algebraic decomposition for probing security. In Rosario Gennaro and Matthew J. B. Robshaw, editors, CRYPTO 2015, Part I, volume 9215 of LNCS, pages 742--763. Springer, Heidelberg, August 2015.

[12]

Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards sound approaches to counteract power-analysis attacks. In Michael J. Wiener, editor, CRYPTO'99, volume 1666 of LNCS, pages 398--412. Springer, Heidelberg, August 1999.

Digital Library

[13]

Jean-Sébastien Coron. Higher order masking of look-up tables. In Phong Q. Nguyen and Elisabeth Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 441--458. Springer, Heidelberg, May 2014.

[14]

Jean-Sébastien Coron, Johann Großschädl, Mehdi Tibouchi, and Praveen Kumar Vadnala. Conversion from arithmetic to boolean masking with logarithmic complexity. In Gregor Leander, editor, FSE 2015, volume 9054 of LNCS, pages 130--149. Springer, Heidelberg, March 2015.

[15]

Jean-Sébastien Coron, Johann Großschädl, and Praveen Kumar Vadnala. Secure conversion between boolean and arithmetic masking of any order. In Lejla Batina and Matthew Robshaw, editors, CHES 2014, volume 8731 of LNCS, pages 188--205. Springer, Heidelberg, September 2014.

Digital Library

[16]

Jean-Sébastien Coron, Emmanuel Prouff, Matthieu Rivain, and Thomas Roche. Higher-order side channel security and mask refreshing. In Shiho Moriai, editor, FSE 2013, volume 8424 of LNCS, pages 410--424. Springer, Heidelberg, March 2014.

[17]

Jean-Sébastien Coron, Aurélien Greuet, Emmanuel Prouff, and Rina Zeitoun. Faster evaluation of sboxes via common shares. In CHES 2016, LNCS, pages 498--514. Springer, Heidelberg, 2016.

[18]

Alexandre Duc, Stefan Dziembowski, and Sebastian Faust. Unifying leakage models: From probing attacks to noisy leakage. In Phong Q. Nguyen and Elisabeth Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 423--440. Springer, Heidelberg, May 2014.

[19]

Alexandre Duc, Sebastian Faust, and François-Xavier Standaert. Making masking security proofs concrete - or how to evaluate the security of any leaking device. In Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part I, volume 9056 of LNCS, pages 401--429. Springer, Heidelberg, April 2015.

[20]

Hassan Eldib and Chao Wang. Synthesis of masking countermeasures against side channel attacks. In Proceedings of the 26th International Conference on Computer Aided Verification., pages 114--130, 2014.

Digital Library

[21]

Hassan Eldib, Chao Wang, and Patrick Schaumont. SMT-based verification of software countermeasures against side-channel attacks. In Proceedings of the 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 62--77, 2014.

[22]

Sebastian Faust, Tal Rabin, Leonid Reyzin, Eran Tromer, and Vinod Vaikuntanathan. Protecting circuits from leakage: the computationally-bounded and noisy cases. In Henri Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 135--156. Springer, Heidelberg, May 2010.

Digital Library

[23]

Louis Goubin and Jacques Patarin. DES and differential power analysis (the "duplication" method). In Çetin Kaya Koç and Christof Paar, editors, CHES'99, volume 1717 of LNCS, pages 158--172. Springer, Heidelberg, August 1999.

Digital Library

[24]

Dahmun Goudarzi and Matthieu Rivain. How fast can higher-order masking be in software? Cryptology ePrint Archive, Report 2016/264, 2016. http://eprint.iacr.org/.

[25]

Yuval Ishai, Amit Sahai, and David Wagner. Private circuits: Securing hardware against probing attacks. In Dan Boneh, editor, CRYPTO 2003, volume 2729 of LNCS, pages 463--481. Springer, Heidelberg, August 2003.

[26]

Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Michael J. Wiener, editor, CRYPTO'99, volume 1666 of LNCS, pages 388--397. Springer, Heidelberg, August 1999.

Digital Library

[27]

Thomas Walker Lynch. Binary adders, 1996.

[28]

Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler assisted masking. In Emmanuel Prouff and Patrick Schaumont, editors, CHES 2012, volume 7428 of LNCS, pages 58--75. Springer, Heidelberg, September 2012.

Digital Library

[29]

Svetla Nikova, Vincent Rijmen, and Martin Schläffer. Secure hardware implementation of nonlinear functions in the presence of glitches. Journal of Cryptology, 24(2):292--321, April 2011.

Digital Library

[30]

Martin Pettai and Peeter Laud. Automatic proofs of privacy of secure multi-party computation protocols against active adversaries. In Cédric Fournet, Michael W. Hicks, and Luca Viganò, editors, IEEE 28th Computer Security Foundations Symposium, pages 75--89. IEEE Computer Society, 2015.

Digital Library

[31]

Emmanuel Prouff and Matthieu Rivain. Masking against side-channel attacks: A formal security proof. In Thomas Johansson and Phong Q. Nguyen, editors, EUROCRYPT 2013, volume 7881 of LNCS, pages 142--159. Springer, Heidelberg, May 2013.

[32]

Matthieu Rivain and Emmanuel Prouff. Provably secure higher-order masking of AES. In Stefan Mangard and François-Xavier Standaert, editors, CHES 2010, volume 6225 of LNCS, pages 413--427. Springer, Heidelberg, August 2010.

Digital Library

[33]

Calogero G. Zarba. Combining sets with cardinals. Journal of Automated Reasoning, 34(1):1--29, 2005.

Digital Library

[34]

Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In Keith Marzullo and M. Satyanarayanan, editors, Proceedings of the 18th ACM Symposium on Operating System Principles, pages 1--14. ACM, 2001.

Digital Library

Cited By

Berthet PPaillet JTavernier CBossuet LColombier B(2025)Masked Computation of the Floor Function and Its Application to the FALCON SignatureIACR Communications in Cryptology10.62056/ay73zl7s1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/ay73zl7s
Probst MBrosch MSigl G(2025)Side-Channel Analysis of Integrate-and-Fire Neurons Within Spiking Neural NetworksIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2024.347013572:2(548-560)Online publication date: Feb-2025
https://doi.org/10.1109/TCSI.2024.3470135
Cassiers GMasure LMomin CMoos TMoradi AStandaert F(2024)Randomness Generation for Secure Hardware Masking – Unrolled Trivium to the RescueIACR Communications in Cryptology10.62056/akdkp2fgxOnline publication date: 8-Jul-2024
https://doi.org/10.62056/akdkp2fgx
Show More Cited By

Index Terms

Strong Non-Interference and Type-Directed Higher-Order Masking
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
    2. Logic and verification
  2. Security in hardware
    1. Embedded systems security
    2. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Resilient uniformity: applying resiliency in masking
Abstract
Threshold Implementations are known countermeasures defending against side-channel attacks via the use of masking techniques. While sufficient properties are known to defend against first-order side-channel attacks, it is not known how to achieve ...
Adaptive Chosen Plaintext Side-Channel Attacks for Higher-Order Masking Schemes
Wireless Algorithms, Systems, and Applications
Abstract
With the wide use of wireless sensor network (WSN), it is very important to ensure the security of wireless devices, especially for the prevention of side channel attacks. Higher-order masking schemes have been proved in theory to be the secure ...
A pre-silicon logic level security verification flow for higher-order masking schemes against glitches on FPGAs
Abstract
Higher-order masking schemes have been proven in theory to be secure countermeasures against side-channel attacks in the algorithm level. The ISW framework is one of the most acceptable secure models of the existing higher-order ...
Highlights
- We analyze the practical security of implementations of masking schemes, which have been proved secure in theory.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

119
Total Citations
View Citations
1,625
Total Downloads

Downloads (Last 12 months)373
Downloads (Last 6 weeks)59

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Berthet PPaillet JTavernier CBossuet LColombier B(2025)Masked Computation of the Floor Function and Its Application to the FALCON SignatureIACR Communications in Cryptology10.62056/ay73zl7s1:4Online publication date: 13-Jan-2025
https://doi.org/10.62056/ay73zl7s
Probst MBrosch MSigl G(2025)Side-Channel Analysis of Integrate-and-Fire Neurons Within Spiking Neural NetworksIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2024.347013572:2(548-560)Online publication date: Feb-2025
https://doi.org/10.1109/TCSI.2024.3470135
Cassiers GMasure LMomin CMoos TMoradi AStandaert F(2024)Randomness Generation for Secure Hardware Masking – Unrolled Trivium to the RescueIACR Communications in Cryptology10.62056/akdkp2fgxOnline publication date: 8-Jul-2024
https://doi.org/10.62056/akdkp2fgx
Mutschler CImbert LRoche T(2024)Inspector GadgetIACR Communications in Cryptology10.62056/ah5wommolOnline publication date: 8-Jul-2024
https://doi.org/10.62056/ah5wommol
Demange LRossi M(2024)A provably masked implementation of BIKE Key Encapsulation MechanismIACR Communications in Cryptology10.62056/aesgvua5vOnline publication date: 9-Apr-2024
https://doi.org/10.62056/aesgvua5v
Shahmirzadi AHutter M(2024)Efficient Boolean-to-Arithmetic Mask Conversion in HardwareIACR Communications in Cryptology10.62056/a3c0l2isfgOnline publication date: 7-Oct-2024
https://doi.org/10.62056/a3c0l2isfg
Hermelink JNing KPetri RStrieder ELuo BLiao XXu JKirda ELie D(2024)The Insecurity of Masked Comparisons: SCAs on ML-KEM's FO-TransformProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690339(2430-2444)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690339
Zhang ZPetkova-Nikova SNikov VLuo BLiao XXu JKirda ELie D(2024)Glitch-Stopping Circuits: Hardware Secure Masking without RegistersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670335(3406-3420)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670335
Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Brosch MProbst MGlaser MSigl G(2024)A Masked Hardware Accelerator for Feed-Forward Neural Networks With Fixed-Point ArithmeticIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.334055332:2(231-244)Online publication date: Feb-2024
https://doi.org/10.1109/TVLSI.2023.3340553
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten