Higher-Order DCA against Standard Side-Channel Countermeasures

[en] At CHES 2016, Bos et al. introduced differential computational analysis (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses computational traces consisting of plain values computed by the implementation during execution. It was shown to be able to recover the key of many existing AES white-box implementations. The DCA adversary is passive, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. It is therefore important to develop implementations which are resistant to this attack. We investigate the approach of applying standard side-channel countermeasures such as masking and shuffling. Under some necessary conditions on the underlying randomness generation, we show that these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce higher-order DCA, along with an enhanced multivariate version, and analyze the security of the countermeasures against these attacks. We derive analytic expressions for the complexity of the attacks – backed up through extensive attack experiments – enabling a designer to quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

Bogdanov, Andrey; Technical University of Denmark

Rivain, Matthieu; CryptoExperts

Philip, S. Vejre; Technical University of Denmark

WANG, Junwei ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) ; CryptoExperts ; Université Paris 8

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

Higher-Order DCA against Standard Side-Channel Countermeasures

Date de publication/diffusion :

16 mars 2019

Nom de la manifestation :

10th International Workshop, COSADE 2019

Lieu de la manifestation :

Darmstadt, Allemagne

Date de la manifestation :

from 03-04-2019 to 05-04-2019

Manifestation à portée :

International

Titre de l'ouvrage principal :

Constructive Side-Channel Analysis and Secure Design

Auteur, co-auteur :

Polian, Ilia

Stöttinger, Marc

Maison d'édition :

Springer

ISBN/EAN :

978-3-030-16349-5

Collection et n° de collection :

Lecture Notes in Computer Science 11421

Pagination :

118-141

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://link.springer.com/chapter/10.1007/978-3-030-16350-1_8

Projet européen :

H2020 - 643161 - ECRYPT-NET - European Integrated Research Training Network on Advanced Cryptographic Technologies for the Internet of Things and the Cloud

Intitulé du projet de recherche :

ECRYPT-NET

Organisme subsidiant :

CE - Commission Européenne

Disponible sur ORBilu :

depuis le 17 septembre 2020

Statistiques

Nombre de vues

156 (dont 6 Unilu)

Nombre de téléchargements

0 (dont 0 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

CHES 2017 Capture the Flag Challenge-The WhibOx Contest, An ECRYPT White-Box Cryptography Competition. https://whibox.cr.yp.to/. Accessed Oct 2017
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16
Biryukov, A., Udovenko, A.: Attacks and countermeasures for white-box designs. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 373– 402. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_13
Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2 11
Bringer, J., Chabanne, H., Dottax, E.: Perturbing and protecting a traceable block cipher. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 109– 119. Springer, Heidelberg (2006). https://doi.org/10.1007/11909033 10
Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. IACR Cryptology ePrint Archive 2006, 468 (2006)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1 26
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5 3
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-51
Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17
Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5 25
Coron, J.-S., Kizhvatov, I.: Analysis and improvement of the random delay countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9 7
Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 410–424. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_21
Fisher, R.A., Yates, F., et al.: Statistical tables for biological, agricultural and medical research. Statistical tables for biological, agricultural and medical research (1938)
Goubin, L., Paillier, P., Rivain, M., Wang, J.: How to reveal the secrets of an obscure white-box implementation. Cryptology ePrint Archive, Report 2018/098 (2018). https://eprint.iacr.org/2018/098
Goubin, L., Patarin, J.: DES and differential power analysis the “Duplication” method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_15
Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0 19
Kerckhoffs, A.: La cryptographic militaire. J. Sci. Mil. IX, 5–38 (1883). https://www.petitcolas.net/kerckhoffs/crypto militaire 1.pdf
Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7 14
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks-Revealing Thes-ecrets of Smart Cards. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-38162-6
Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4 27
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3
De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8 21
Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_28
Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-913
Strobel, D., Paar, C.: An efficient method for eliminating random delays in power traces of embedded software. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 48–60. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_4
Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory, 2012. WIC (Werkgemeen-schap voor Inform.-en Communicatietheorie) (2012)
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4 44
Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Computer Science and its Applications, CSA 2009, pp. 1–6. IEEE (2009)