Results 1  10
of
18
Masking against sidechannel attacks: A formal security proof
 EUROCRYPT, volume 7881 of LNCS
, 2013
"... Abstract. Masking is a wellknown countermeasure to protect block cipher implementations against sidechannel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Masking is a wellknown countermeasure to protect block cipher implementations against sidechannel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a security parameter. Although widely used in practice, masking is often considered as an empirical solution and its effectiveness is rarely proved. In this paper, we provide a formal security proof for masked implementations of block ciphers. Specifically, we prove that the information gained by observing the leakage from one execution can be made negligible (in the masking order). To obtain this bound, we assume that every elementary calculation in the implementation leaks a noisy function of its input, where the amount of noise can be chosen by the designer (yet linearly bounded). We further assume the existence of a leakfree component that can refresh the masks of shared variables. Our work can be viewed as an extension of the seminal work of Chari et al. published at CRYPTO in 1999 on the soundness of combining masking with noise to thwart sidechannel attacks. 1
Faust.: LeakageResilient Cryptography from the InnerProduct Extractor
 ASIACRYPT2011, LNCS 7073
, 2011
"... Abstract. We present a generic method to secure various widelyused cryptosystems against arbitrary sidechannel leakage, as long as the leakage adheres three restrictions: first, it is bounded per observation but in total can be arbitrary large. Second, memory parts leak independently, and, third, ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a generic method to secure various widelyused cryptosystems against arbitrary sidechannel leakage, as long as the leakage adheres three restrictions: first, it is bounded per observation but in total can be arbitrary large. Second, memory parts leak independently, and, third, the randomness that is used for certain operations comes from a simple (nonuniform) distribution. As a fundamental building block, we construct a scheme to store a cryptographic secret such that it remains information theoretically hidden, even given arbitrary continuous leakage from the storage. To this end, we use a randomized encoding and develop a method to securely refresh these encodings even in the presence of leakage. We then show that our encoding scheme exhibits an efficient additive homomorphism which can be used to protect important cryptographic tasks such as identification, signing and encryption. More precisely, we propose efficient implementations of the Okamoto identification scheme, and of an ElGamalbased cryptosystem with security against continuous leakage, as long as the leakage adheres the above mentioned restrictions. We prove security of the Okamoto scheme under the DL assumption and CCA2 security of our encryption scheme under the DDH assumption.
Achieving Constant Round LeakageResilient ZeroKnowledge
"... Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of th ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of the device. Designing protocols that deliver meaningful security even in the presence of such leakage attacks is a challenging task. The recent work of Garg, Jain, and Sahai formulates a meaningful notion of zeroknowledge in presence of leakage; and provides a construction which satisfies a weaker variant of this notion called (1 + ϵ)leakageresilientzeroknowledge, for every constant ϵ> 0. In this weaker variant, roughly speaking, if the verifier learns ℓ bits of leakage during the interaction, then the simulator is allowed to access (1 + ϵ) · ℓ bits of leakage. The round complexity of their protocol is ⌈ n ϵ ⌉. In this work, we present the first construction of leakageresilient zeroknowledge satisfying the ideal requirement of ϵ = 0. While our focus is on a feasibility result for ϵ = 0, our construction also enjoys a constant number of rounds. At the heart of our construction is a new “publiccoin preamble ” which allows the simulator to recover arbitrary information from a (cheating) verifier in a “straight line. ” We use nonblackbox simulation techniques to accomplish this goal. 1
Y.: Multiparty computation secure against continual memory leakage
 In: STOC (2012
"... We construct a multiparty computation (MPC) protocol that is secure even if a malicious adversary, in addition to corrupting 1 fraction of all parties for an arbitrarily small constant > 0, can leak information about the secret state of each honest party. This leakage can be continuous for an u ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We construct a multiparty computation (MPC) protocol that is secure even if a malicious adversary, in addition to corrupting 1 fraction of all parties for an arbitrarily small constant > 0, can leak information about the secret state of each honest party. This leakage can be continuous for an unbounded number of executions of the MPC protocol, computing different functions on the same or different set of inputs. We assume a (necessary) “leakfree ” preprocessing stage. We emphasize that we achieve leakage resilience without weakening the security guarantee of classical MPC. Namely, an adversary who is given leakage on honest parties ’ states, is guaranteed to learn nothing beyond the input and output values of corrupted parties. This is in contrast with previous works on leakage in the multiparty protocol setting, which weaken the security notion, and only guarantee that a protocol which leaks ` bits about the parties ’ secret states, yields at most ` bits of leakage on the parties ’ private inputs. For some functions, such as voting, such leakage can be detrimental. Our result relies on standard cryptographic assumptions, and our security parameter is polynomially related to the number of parties.
Modelling afterthefact leakage for key exchange
 In ASIACCS
, 2014
"... Security models for twoparty authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of longterm secrets of protocol principals, ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Security models for twoparty authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of longterm secrets of protocol principals, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partialleakagebased security model for key exchange protocols. We propose a generic construction of a twopass leakageresilient key exchange protocol that is secure in the proposed model, by introducing a new concept: the leakageresilient NAXOS trick. We identify a special property for publickey cryptosystems: pair generation indistinguishability, and show how to obtain the leakageresilient NAXOS trick from a pair generation indistinguishable leakageresilient
Certified Security Proofs of Cryptographic Protocols in the Computational Model: an Application to Intrusion Resilience ⋆
"... Abstract. Security proofs for cryptographic systems can be carried out in different models which reflect different kinds of security assumptions. In the symbolic model, an attacker cannot guess a secret at all and can only apply a predefined set of operations, whereas in the computational model, he ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Security proofs for cryptographic systems can be carried out in different models which reflect different kinds of security assumptions. In the symbolic model, an attacker cannot guess a secret at all and can only apply a predefined set of operations, whereas in the computational model, he can hope to guess secrets and apply any polynomialtime operation. Security properties in the computational model are more difficult to establish and to check. In this paper we present a framework for certified proofs of computational indistinguishability, written using the Coq proof assistant, and based on CIL, a specialized logic for computational frames that can be applied to primitives and protocols. We demonstrate how CIL and its Coqformalization allow proofs beyond the blackbox security framework, where an attacker only uses the input/output relation of the system by executing on chosen inputs without having additional information on the state. More specifically, we use it to prove the security of a protocol against a particular kind of sidechannel attack which aims at modeling leakage of information caused by an intrusion into Alice and Bob’s computers.
Efficient Pairings and ECC for Embedded Systems
"... Abstract. The research on pairingbased cryptography brought forth a wide range of protocols interesting for future embedded applications. One significant obstacle for the widespread deployment of pairingbased cryptography are its tremendous hardware and software requirements. In this paper we pres ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The research on pairingbased cryptography brought forth a wide range of protocols interesting for future embedded applications. One significant obstacle for the widespread deployment of pairingbased cryptography are its tremendous hardware and software requirements. In this paper we present three sidechannel protected hardware/software designs for pairingbased cryptography yet small and practically fast: our plain ARM CortexM0+based design computes a pairing in less than one second. The utilization of a multiplyaccumulate instructionset extension or a lightweight dropin hardware accelerator that is placed between CPU and data memory improves runtime up to six times. With a 10.1 kGE large dropin module and a 49 kGE large platform, our design is one of the smallest pairing designs available. Its very practical runtime of 162 ms for one pairing on a 254bit BN curve and its reusability for other ellipticcurve based crypto systems offer a great solution for every microprocessorbased embedded application.
Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks
"... Abstract. Security of an encryption system is formally established through the properties of an abstract game played between a challenger and an adversary. During the game, the adversary will be provided with all information that he could obtain in an attack model so that the adversary is fully empo ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Security of an encryption system is formally established through the properties of an abstract game played between a challenger and an adversary. During the game, the adversary will be provided with all information that he could obtain in an attack model so that the adversary is fully empowered to carry out the break. The information will be provided to the adversary through the answers of appropriately defined oracle queries. Thus, during the game, adversary will ask various oracle queries and obtain the related responses and have them at his disposal to effect a break. This kind of interaction between challenger and adversary is called as training to the adversary. For example, in the lunch time attack model, the adversary may ask encryption as well as decryption oracle queries. The indistinguishability of ciphertext under this model (INDCCA2 model) is considered to offer strongest security for confidentiality. In the recent past, an adversary could obtain several additional information than what he could normally obtain in the CCA2 model, thanks to the availability of powerful malwares. In order to realistically model the threats posed by such malwares, we need to empower the adversary with answers to few other kinds of oracles. This paper initiates such a research to counter malwares such as RAM scrapers and extend the CCA2 model with additional oracles to capture the effect of RAM scrapers precisely. After discussing the new kind of attack/threat and the related oracle, we show that the transformation in [8] that yields a CCA2 secure system does not offer security against RAM scraper based attack. We refer the decryption oracle as glass box decryption oracle. We then propose two new schemes that offer security against glassbox decryption and also establish the formal security proof for the new schemes in random oracle and standard model.
Short Paper On the Generic Hardness of DDHII
"... Abstract. The well known Decisional DiffieHellman assumption states that given g, ga and gb, for random a, b, the element gab is pseudorandom. Canetti in [Can97] introduced a variant of this assumption in which b is still random but a is drawn according to some wellspread distribution. In this p ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The well known Decisional DiffieHellman assumption states that given g, ga and gb, for random a, b, the element gab is pseudorandom. Canetti in [Can97] introduced a variant of this assumption in which b is still random but a is drawn according to some wellspread distribution. In this paper we prove that his assumption holds in the generic group model and demonstrate its broad applicability in the context of leakage resilient cryptography. 1
Rational Protection Against Timing Attacks*
"... Abstract—Timing attacks can effectively recover keys from cryptosystems. While they can be defeated using constanttime implementations, this defensive approach comes at the price of a performance penalty. One is hence faced with the problem of striking a balance between performance and security aga ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Timing attacks can effectively recover keys from cryptosystems. While they can be defeated using constanttime implementations, this defensive approach comes at the price of a performance penalty. One is hence faced with the problem of striking a balance between performance and security against timing attacks. In this paper, we propose a systematic approach for determining the optimal protection against timing attacks, on the example of cryptosystems based on discrete logarithms. Our model includes a resourcebounded timing adversary who strives to maximize the probability of key recovery, and a defender who strives to reduce the cost while maintaining a certain degree of security. We obtain the optimal protection as an equilibrium in a game between the defender and the adversary. At the heart of the equilibrium computation are novel bounds for the probability of key recovery, which are expressed as a function of the applied protection and the attack strategy of a timing adversary. We put our techniques to work in a case study in which we identify optimal protections for libgcrypt’s ElGamal implementation. We determine situations in which the optimal choice is to use a defensive, constanttime implementation and a small key, and situations in which the optimal choice is a more aggressively tuned (but leaky) implementation with a longer key. I.