User menu

Accès à distance ? S'identifier sur le proxy UCLouvain

Masking vs. multiparty computation: How large is the gap for AES?

Primary tabs

download
  • Open access
  • PDF
  • 1.71 M
Grosso, Vincent [UCL] Faust, Sebastian [Ecole Polytechnique Fédérale de Lausanne] Standaert, François-Xavier [UCL]

In this paper, we evaluate the performances of state-of-the-art higher order masking schemes for the AES. Doing so, we pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal by Roche and Prouff exploiting multiparty computation (MPC) techniques. We show that the additional security features this latter scheme provides (e.g., its glitch-freeness) come at the cost of large performance overheads. We then study how exploiting standard optimization techniques from the MPC literature can be used to reduce this gap. In particular, we show that "packed secret sharing" based on a modified multiplication algorithm can speed up MPC-based masking when the order of the masking scheme increases. Eventually, we discuss the randomness requirements of masked implementations. For this purpose, we first show with information theoretic arguments that the security guarantees of masking are only preserved if this randomness is uniform, and analyze the consequences of a deviation from this requirement. We then conclude the paper by including the cost of randomness generation in our performance evaluations. These results should help actual designers to choose a masking scheme based on security and performance constraints. © 2014 Springer-Verlag Berlin Heidelberg.

Document type Article de périodique (Journal article) – Article de recherche
Access type Accès restreint
Publication date 2014
Language Anglais
Journal information "Journal of Cryptographic Engineering" - Vol. 4, no. 1, p. 47-57 (2014)
Peer reviewed yes
Publisher Springer
e-issn 2190-8516
issn 2190-8508
Publication status Publié
Affiliation UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique
Links
  1. Balasch, J., Faust, S., Gierlichs, B., Verbauwhede, I.: Theory and practice of a leakage resilient masking scheme. In Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012—8th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2–6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science, pp. 758–775. Springer (2012)
  2. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) STOC, pp. 1–10. ACM (1988)
  3. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) CRYPTO, volume 1666 of Lecture Notes in Computer Science, pp. 398–412. Springer (1999)
  4. Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES, volume 4727 of Lecture Notes in Computer Science, pp. 28–44. Springer (2007)
  5. Coron, J.-S., Prouff, E., Roche, T.: On the use of shamir’s secret sharing against side-channel analysis. In: Mangard, S. (ed.) CARDIS, volume 7771 of Lecture Notes in Computer Science, pp. 77–90. Springer (2012)
  6. Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Gilbert, H. (ed.) EUROCRYPT, volume 6110 of Lecture Notes in Computer Science, pp. 445–465. Springer (2010)
  7. Damgård, I., Keller, M.: Secure multiparty AES (full paper). IACR Cryptol. ePrint Arch. 2009, 614 (2009)
  8. Damgård, I., Keller, M., Larraia, E., Miles, C., Smart, N.P.: Implementing AES via an actively/covertly secure dishonest-majority MPC protocol. In: Visconti, I., De Prisco, R. (eds.) SCN, volume 7485 of Lecture Notes in Computer Science, pp. 241–263. Springer (2012)
  9. Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO, volume 7417 of Lecture Notes in Computer Science, pp. 643–662. Springer (2012)
  10. Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: Rao Kosaraju, S., Fellows, M., Wigderson, A., Ellis, J.A. (eds.) STOC, pp. 699–710. ACM, (1992)
  11. Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, volume 6544 of Lecture Notes in Computer Science, pp. 262–280. Springer (2010)
  12. Genelle, L., Prouff, E., Quisquater, M.: Montgomery’s trick and fast implementation of masked AES. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT, volume 6737 of Lecture Notes in Computer Science, pp. 153–169. Springer (2011)
  13. Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, Sept 28–Oct 1, 2011. Proceedings, volume 6917 of Lecture Notes in Computer Science, pp. 240–255. Springer (2011)
  14. Golic, J.Dj., Tymen, C.: Multiplicative masking and power analysis of AES. In: Kaliski Jr. B.S., Koç, Ç.K., Paar, C. (eds.) CHES, volume 2523 of Lecture Notes in Computer Science, pp. 198–212. Springer (2002)
  15. Goubin, L., Martinelli, A.: Protecting AES with Shamir’s secret sharing scheme. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, Sept 28–Oct 1, 2011. Proceedings, volume 6917 of Lecture Notes in Computer Science, pp. 79–94. Springer (2011)
  16. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp. 463–481. Springer (2003)
  17. Kim, H.S., Hong, S., Lim, J.: A fast and provably secure higher-order masking of AES S-box. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, Sept 28–Oct 1, 2011. Proceedings, volume 6917 of Lecture Notes in Computer Science, pp. 95–107. Springer (2011)
  18. Liu, C.L.: Introduction to combinatorial mathematics, McGraw-Hill, New York (1968)
  19. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)
  20. Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA, volume 3376 of Lecture Notes in Computer Science, pp. 351–365. Springer (2005)
  21. Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate—(case study of a glitch-resistant masking scheme). In: Bertoni, G., Coron, J.-S. (eds.) CHES, volume 8086 of Lecture Notes in Computer Science, pp. 1–20. Springer (2013)
  22. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS, volume 4307 of Lecture Notes in Computer Science, pp. 529–545. Springer (2006)
  23. Nikova Svetla, Rijmen Vincent, Schläffer Martin, Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches, 10.1007/s00145-010-9085-7
  24. Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, Sept 28–Oct 1, 2011. Proceedings, volume 6917 of Lecture Notes in Computer Science. Springer (2011)
  25. Prouff, E., Rivain, M.: Masking against side-channel attacks: A formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT, volume 7881 of Lecture Notes in Computer Science, pp. 142–159. Springer (2013)
  26. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES, volume 6225 of Lecture Notes in Computer Science, pp. 413–427. Springer (2010)
  27. Roche, T., Prouff, E.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols—extended version. J. Cryptogr. Eng. 2(2), 111–127 (2012)
  28. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA, volume 3860 of Lecture Notes in Computer Science, pp. 208–225. Springer (2006)
  29. Shamir Adi, How to share a secret, 10.1145/359168.359176
  30. Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT, volume 5479 of Lecture Notes in Computer Science, pp. 443–461. Springer (2009)
  31. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT, volume 6477 of Lecture Notes in Computer Science, pp. 112–129. Springer (2010)
  32. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: A comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012—8th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2–6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science, pp. 740–757. Springer (2012)
  33. von Willich, M.: A technique with an information-theoretic basis for protecting secret data from differential power attacks. In: Honary, B. (ed.) IMA International Conference, volume 2260 of Lecture Notes in Computer Science, pp. 44–62. Springer (2001)
  34. Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012—8th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, Dec 2–6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science. Springer (2012)
Bibliographic reference Grosso, Vincent ; Faust, Sebastian ; Standaert, François-Xavier. Masking vs. multiparty computation: How large is the gap for AES?. In: Journal of Cryptographic Engineering, Vol. 4, no. 1, p. 47-57 (2014)
Permanent URL http://hdl.handle.net/2078.1/159613