Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3703595.3705871acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article
Open access

Leakage-Free Probabilistic Jasmin Programs

Published: 10 January 2025 Publication History

Abstract

This paper presents a semantic characterization of leakage-freeness through timing side-channels for Jasmin programs. Our characterization covers probabilistic Jasmin programs that are not constant-time. In addition, we provide a characterization in terms of probabilistic relational Hoare logic and prove the equivalence between both definitions. We also prove that our new characterizations are compositional and relate our new definitions to existing ones from prior work, which could only be applied to deterministic programs. To provide practical evidence, we use the Jasmin framework to develop a rejection sampling algorithm and provide an EasyCrypt proof that ensures the algorithm's implementation is leakage-free while not being constant-time.

References

[1]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-assurance and high-speed cryptography. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1807–1823.
[2]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Vincent Laporte, Tiago Oliveira, and Pierre-Yves Strub. 2020. The last mile: High-assurance and high-speed cryptographic implementations. In 2020 IEEE Symposium on Security and Privacy (SP). 965–982.
[3]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet, Tiago Oliveira, Hugo Pacheco, Miguel Quaresma, Peter Schwabe, Antoine Séré, and Pierre-Yves Strub. 2023. Formally verifying Kyber Episode IV: Implementation correctness. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2023, 3 (2023), 164–193. https://doi.org/10.46586/TCHES.V2023.I3.164-193
[4]
José Bacelar Almeida, Manuel Barbosa, Manuel L Correia, Karim Eldefrawy, Stéphane Graham-Lengrand, Hugo Pacheco, and Vitor Pereira. 2021. Machine-checked ZKP for NP relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2587–2600.
[5]
José Bacelar Almeida, Cécile Baritel-Ruet, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Alley Stoughton, and Pierre-Yves Strub. 2019. Machine-checked proofs for cryptographic standards: Indifferentiability of sponge and secure high-assurance implementations of SHA-3. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1607–1622.
[6]
José Bacelar Almeida, Denis Firsov, Tiago Oliveira, and Dominique Unruh. 2024. Accompanying EasyCrypt Development. https://github.com/dfirsov/jasmin-leakage-freeness Accessed: 2025-12-03
[7]
José Bacelar Almeida, Denis Firsov, Tiago Oliveira, and Dominique Unruh. 2024. Archived Accompanying EasyCrypt Development. https://doi.org/10.5281/zenodo.14281008 Accessed: 2025-12-05
[8]
José Bacelar Almeida, Santiago Arranz Olmos, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet, Cameron Low, Tiago Oliveira, Hugo Pacheco, Miguel Quaresma, Peter Schwabe, and Pierre-Yves Strub. 2024. Formally Verifying Kyber - Episode V: Machine-Checked IND-CCA Security and Correctness of ML-KEM in EasyCrypt. In Advances in Cryptology - CRYPTO 2024 - 44th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2024, Proceedings, Part II, Leonid Reyzin and Douglas Stebila (Eds.) (Lecture Notes in Computer Science, Vol. 14921). Springer, 384–421. https://doi.org/10.1007/978-3-031-68379-4_12
[9]
Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. 2008. Termination-Insensitive Noninterference Leaks More Than Just a Bit. In Computer Security - ESORICS 2008, Sushil Jajodia and Javier Lopez (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 333–348. isbn:978-3-540-88313-5
[10]
Gilles Barthe, François Dupressoir, Benjamin Grégoire, César Kunz, Benedikt Schmidt, and Pierre-Yves Strub. 2013. EasyCrypt: A Tutorial. In Foundations of Security Analysis and Design VII. Springer, 146–166.
[11]
Gilles Barthe, Thomas Espitau, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2017. Proving uniformity and independence by self-composition and coupling. In LPAR-21, 21st International Conference on Logic for Programming, Artificial Intelligence and Reasoning, Maun, Botswana, May 7-12, 2017, Thomas Eiter and David Sands (Eds.) (EPiC Series in Computing, Vol. 46). EasyChair, 385–403. https://doi.org/10.29007/VZ48
[12]
Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, and Santiago Zanella Béguelin. 2011. Computer-aided security proofs for the working cryptographer. In Annual Cryptology Conference. 71–90.
[13]
Gilles Barthe, Benjamin Grégoire, Vincent Laporte, and Swarn Priya. 2021. Structured Leakage and Applications to Cryptographic Constant-Time and Cost. In CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi (Eds.). ACM, 462–476. https://doi.org/10.1145/3460120.3484761
[14]
Tom Chothia, Yusuke Kawamoto, Chris Novakovic, and David Parker. 2013. Probabilistic Point-to-Point Information Leakage. In 2013 IEEE 26th Computer Security Foundations Symposium. 193–205. https://doi.org/10.1109/CSF.2013.20
[15]
NIST Computer Security Division. 2024. ML-DSA: Module-Lattice-Based Digital Signature Standard. National Institute of Standards and Technology, U.S. Department of Commerce. https://csrc.nist.gov/pubs/fips/204/final
[16]
Denis Firsov and Dominique Unruh. 2022. Reflection, rewinding, and coin-toss in EasyCrypt. In Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs. 166–179.
[17]
A. Sabelfeld and A.C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21, 1 (2003), 5–19. https://doi.org/10.1109/JSAC.2002.806121
[18]
Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Swarn Priya, Peter Schwabe, and Lucas Tabary-Maujean. 2023. Typing High-Speed Cryptography against Spectre v1. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE, 1094–1111. https://doi.org/10.1109/SP46215.2023.10179418
[19]
Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, and Swarn Priya. 2022. Enforcing Fine-grained Constant-time Policies. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM, 83–96. https://doi.org/10.1145/3548606.3560689

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CPP '25: Proceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs
January 2025
298 pages
ISBN:9798400713477
DOI:10.1145/3703595
This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

In-Cooperation

  • SIGLOG: SIGLOG

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 January 2025

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. EasyCrypt
  2. Jasmin
  3. cryptography
  4. formal methods
  5. leakage-freeness
  6. rejection sampling
  7. side-channels
  8. timing attack

Qualifiers

  • Research-article

Funding Sources

  • FCT - Fundação para a Ciência e a Tecnologia
  • Estonian Research Council
  • Estonian Research Council
  • Estonian Centre of Excellence in IT
  • Estonian Centre of Excellence
  • Estonian Research Council

Conference

CPP '25
Sponsor:

Acceptance Rates

Overall Acceptance Rate 18 of 26 submissions, 69%

Upcoming Conference

POPL '26

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 47
    Total Downloads
  • Downloads (Last 12 months)47
  • Downloads (Last 6 weeks)47
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media