Tight Private Circuits: Achieving Probing Security with the Least Refreshing

@inproceedings{Belad2018TightPC,
  title={Tight Private Circuits: Achieving Probing Security with the Least Refreshing},
  author={Sonia Bela{\"i}d and Dahmun Goudarzi and Matthieu Rivain},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2018}
}
Masking is a common countermeasure to secure implementations against side-channel attacks. In 2003, Ishai, Sahai, and Wagner introduced a formal security model, named \(t\)-probing model, which is now widely used to theoretically reason on the security of masked implementations. While many works have provided security proofs for small masked components, called gadgets, within this model, no formal method allowed to securely compose gadgets with a tight number of shares (namely, \(t+1\)) until… 
Randomness Optimization for Gadget Compositions in Higher-Order Masking
TLDR
This work presents a novel approach to reduce the demands for randomness in such gadget-composed circuits by reusing randomness across gadgets while maintaining security in the probing adversary model, embedded into an Electronic Design Automation toolchain.
IronMask: Versatile Verification of Masking Security
TLDR
IronMask is the first to verify the verification of standard simulation-based security notions in the probing model as well as recent composition and expandability notion in the random probing model, and is the only previous tool providing complete verification for quadratic gadgets with non-linear randomness.
Probing Security through Input-Output Separation and Revisited Quasilinear Masking
TLDR
A new framework for the composition of probing-secure circuits is introduced and the security notion of input-output separation (IOS) for a refresh gadget is introduced, showing that any uniform SNI gadget achieves the IOS security notion, while the converse is not true.
Random Probing Security: Verification, Composition, Expansion and New Constructions
TLDR
This work states that the most widely used leakage model, the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003), requires more complex security proofs and does not yet come with practical constructions.
Composable Gadgets with Reused Fresh Masks First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks
TLDR
This work gives an instantiation of gadgets realizing arbitrary XOR and AND gates with an arbitrary number of inputs which can be trivially extended to all basic logic gates, breaking the linear dependency between the number of gates in a circuit and the randomness requirements.
Side-Channel Masking with Common Shares
TLDR
A new masking scheme in which many intermediates can be precomputed before executing the masked function, and a new security notion intrinsically supporting randomness / variables reusing across gadgets, and bridging the security of parallel compositions of gadgets to general compositions, is proposed.
maskVerif : automated analysis of software and hardware higher-order masked implementations
TLDR
New information flow-based techniques for proving security of hardware implementations in the models of Bloem et al. and Faust improve over the algorithms of (Barthe et al, EUROCRYPT 2015) in terms of coverage and efficiency, allowing for verification at higher orders and minimizing the possibility of false negatives.
Transitional Leakage in Theory and Practice - Unveiling Security Flaws in Masked Circuits
TLDR
SILVER is extended, a recently proposed tool for formal security verification of masked logic circuits, to also detect and verify information leakage resulting from combinations of glitches and transitions, and confirms the accuracy and practical relevance of the methodology when assessing and verifying information leakage in hardware implementations.
SILVER - Statistical Independence and Leakage Verification
TLDR
This work presents a new framework to analyze and verify masked implementations against various security notions using different security models as reference and particularly relies on Reduced Ordered Binary Decision Diagrams (ROBDDs) and the concept of statistical independence of probability distributions.
Table Recomputation-Based Higher-Order Masking Against Horizontal Attacks
TLDR
This work proposes a new table recomputation-based higher-order masking scheme, named as table compression masking (TCM) scheme, and gives the formal security proof under the <inline-formula> <tex-math notation="LaTeX">${t}$ </tex- math></inline- formula>-SNI security definition, as well as a heuristic security analysis considering the HSCA.
...
...

References

SHOWING 1-10 OF 21 REFERENCES
Higher-Order Side Channel Security and Mask Refreshing
TLDR
This paper shows that the method proposed at CHES 2010 to do mask refreshing introduces a security flaw in the overall masking scheme, and proposes a new solution which avoids the use of mask refreshing, and proves its security.
Masking against Side-Channel Attacks: A Formal Security Proof
TLDR
It is proved that the information gained by observing the leakage from one execution can be made negligible (in the masking order) and a formal security proof for masked implementations of block ciphers is provided.
High Order Masking of Look-up Tables with Common Shares
TLDR
This paper improves the efficiency of the high-order masking of look-up tables countermeasure introduced at Eurocrypt 2014, based on a combination of three techniques, and still with a proof of security in the Ishai-Sahai-Wagner (ISW) probing model.
Very High Order Masking: Efficient Implementation and Security Evaluation
TLDR
This paper proposes a new “multi-model” evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature and concludes that these implementations withstand worst-case adversaries with \(>\!2^{64}\) measurements under falsifiable assumptions.
Provably Secure Higher-Order Masking of AES
TLDR
This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead and can be efficiently implemented in software on any general-purpose processor.
Further Improving Efficiency of Higher Order Masking Schemes by Decreasing Randomness Complexity
TLDR
This paper promotes the efficiency of Coron’s scheme by decreasing the random generations according to two observations and proposes two new schemes, one of which improves the original scheme with a 50% randomness reduction and satisfies a stronger compositional security notion -SNI.
How Fast Can Higher-Order Masking Be in Software?
TLDR
This paper investigates efficient higher-order masking techniques by conducting a case study on ARM architectures by investigating the implementation of the base field multiplication at the assembly level and investigating an alternative to these methods which is based on bitslicing at the s-box level.
Strong Non-Interference and Type-Directed Higher-Order Masking
TLDR
This work develops a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm.
Unifying Leakage Models: From Probing Attacks to Noisy Leakage
TLDR
A new reduction from noisy leakage to the important model of probing adversaries is achieved by a new reduction that significantly simplifies the formal security analysis of masking schemes against realistic side-channel leakages.
Private Circuits: Securing Hardware against Probing Attacks
TLDR
This paper proposes several efficient techniques for building private circuits resisting side channel attacks, and provides a formal threat model and proofs of security for their constructions.
...
...