Leakage-Resilient Symmetric Cryptography - Overview of the ERC Project CRASH, Part II -

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. The first solutions in this direction were typically aiming at reducing the amount of information leakage directly at the hardware level, and independent of the algorithm implemented. Over the years, a complementary approach (next denoted as leakage-resilience) emerged, trying to exploit the formalism of modern cryptography in order to design new constructions and security models in which the guarantees of provable security can be extended from mathematical objects towards physical ones. This naturally raises the question whether the formal results obtained in these models are practically relevant (both in terms of performance and security)? The development of sound connections between the formal models of leakage-resilient (symmetric) cryptography and the practice of side-channel attacks was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction. For this purpose, I will start with a separation result for the security of stateful and stateless primitives. I will then follow with a discussion of (i ) pseudorandom building blocks together with the theoretical challenges they raise, and (ii ) authentication, encryption and authenticated encryption schemes together with the practical challenges they raise. I will finally conclude by discussing emerging trends in the field of physically secure implementations. Quite naturally, a large number of researchers and teams have worked on similar directions. For most of the topics discussed, I will add a couple of references to publications that I found inspiring/relevant. The list is (obviously) incomplete and only reflects my personal interests. I apologize in advance for omissions.