Results 1  10
of
140
A leakageresilient mode of operation
 In EUROCRYPT
, 2009
"... Abstract. A weak pseudorandom function (wPRF) is a pseudorandom functions with a relaxed security requirement, where one only requires the output to be pseudorandom when queried on random (and not adversarially chosen) inputs. We show that unlike standard PRFs, wPRFs are secure against memory attack ..."
Abstract

Cited by 76 (5 self)
 Add to MetaCart
(Show Context)
Abstract. A weak pseudorandom function (wPRF) is a pseudorandom functions with a relaxed security requirement, where one only requires the output to be pseudorandom when queried on random (and not adversarially chosen) inputs. We show that unlike standard PRFs, wPRFs are secure against memory attacks, that is they remain secure even if a bounded amount of information about the secret key is leaked to the adversary. As an application of this result we propose a simple mode of operation which – when instantiated with any wPRF – gives a leakageresilient streamcipher. Such a cipher is secure against any sidechannel attack, as long as the amount of information leaked per round is bounded, but overall can be arbitrary large. This construction is simpler than the only previous one (DziembowskiPietrzak FOCS’08) as it only uses a single primitive (a wPRF) in a straight forward manner. 1
Appendonly signatures
 in International Colloquium on Automata, Languages and Programming
, 2005
"... Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “sidechannel attacks ” which exploit leakage of information about the secret internal state. In this work we pu ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
(Show Context)
Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “sidechannel attacks ” which exploit leakage of information about the secret internal state. In this work we put forward the notion of “leakageresilient signatures, ” which strengthens the standard security notion by giving the adversary the additional power to learn a bounded amount of arbitrary information about the secret state that was accessed during every signature generation. This notion naturally implies security against all sidechannel attacks as long as the amount of information leaked on each invocation is bounded and “only computation leaks information.” The main result of this paper is a construction which gives a (treebased, stateful) leakageresilient signature scheme based on any 3time signature scheme. The amount of information that our scheme can safely leak per signature generation is 1/3 of the information the underlying 3time signature scheme can leak in total. Signature schemes that remain secure even if a bounded total amount of information is leaked were recently constructed, hence instantiating our construction with these schemes gives the first constructions of provably secure leakageresilient signature schemes. The above construction assumes that the signing algorithm can sample truly random bits, and thus an implementation would need some special hardware (randomness gates). Simply generating this randomness using a leakageresilient streamcipher will in general not work. Our second contribution is a sound general principle to replace uniform random bits in any leakageresilient construction with pseudorandom ones: run two leakageresilient streamciphers (with independent keys) in parallel and then apply a twosource extractor to their outputs. 1
Signature schemes with bounded leakage resilience
 In ASIACRYPT
, 2009
"... A leakageresilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (or possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show a signature scheme tolerating (optimal) leakage of up to n − nǫ ..."
Abstract

Cited by 41 (1 self)
 Add to MetaCart
(Show Context)
A leakageresilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (or possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show a signature scheme tolerating (optimal) leakage of up to n − nǫ bits of information about the secret key, and a more efficient onetime signature scheme that tolerates leakage of ( 1 4 −ǫ) ·n bits of information about the signer’s entire state. The latter construction extends to give a leakageresilient ttime signature scheme. All these constructions are in the standard model under general assumptions. 1
Achieving leakage resilience through dual system encryption
 In TCC
, 2011
"... In this work, we show that strong leakage resilience for cryptosystems with advanced functionalities can be obtained quite naturally within the methodology of dual system encryption, recently introduced by Waters. We demonstrate this concretely by providing fully secure IBE, HIBE, and ABE systems wh ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
In this work, we show that strong leakage resilience for cryptosystems with advanced functionalities can be obtained quite naturally within the methodology of dual system encryption, recently introduced by Waters. We demonstrate this concretely by providing fully secure IBE, HIBE, and ABE systems which are resilient to bounded leakage from each of many secret keys per user, as well as many master keys. This can be realized as resilience against continual leakage if we assume keys are periodically updated and no (or logarithmic) leakage is allowed during the update process. Our systems are obtained by applying a simple modification to previous dual system encryption constructions: essentially this provides a generic tool for making dual system encryption schemes leakageresilient. 1
Partition vs. Comparison SideChannel Distinguishers:an Empirical Evaluation of Statistical Tests for Univariate SideChannel Attacks against Two Unprotected CMOS Devices
 Information Security and Cryptology — ICISC 2008
, 2009
"... Abstract. Given a cryptographic device leaking sidechannel information, different distinguishers can be considered to turn this information into a successful key recovery. Such proposals include e.g. Kocher’s original DPA, correlation and template attacks. A natural question is therefore to dete ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Given a cryptographic device leaking sidechannel information, different distinguishers can be considered to turn this information into a successful key recovery. Such proposals include e.g. Kocher’s original DPA, correlation and template attacks. A natural question is therefore to determine the most efficient approach. In the last years, various experiments have confirmed the effectiveness of sidechannel attacks. Unfortunately, these attacks were generally conducted against different devices and using different distinguishers. Additionally, the public literature contains more proofs of concept (e.g. single experiments exhibiting a key recovery) than sound statistical evaluations using unified criteria. As a consequence, this paper proposes a fair experimental comparison of different statistical tests for sidechannel attacks. This analysis allows us to revisit a number of known intuitions and to put forward new ones. It also provides a methodological contribution to the analysis of physically observable cryptography. Additionally, we suggest an informal classification of sidechannel distinguishers that underlines the similarities between different attacks. We finally describe a new (but highly inspired from previous ones) statistical test to exploit sidechannel leakages. 1
A Provably Secure And Efficient Countermeasure Against Timing Attacks
"... We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to deriv ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
(Show Context)
We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to derive a novel countermeasure against timing attacks, where the strength of the security guarantee can be freely traded for the resulting performance penalty. We give algorithms that efficiently and optimally adjust this tradeoff for given constraints on the sidechannel leakage or on the efficiency of the cryptosystem. Finally, we perform a casestudy that shows that applying our countermeasure leads to implementations with minor performance overhead and formal security guarantees. 1.
Information Theoretic Evaluation of SideChannel Resistant Logic Styles
 In Paillier, P., Verbauwhede, I., eds.: Cryptographic Hardware and Embedded Systems — CHES ’07. Volume 4727 of LNCS
"... Abstract. We propose to apply an information theoretic metric to the evaluation of sidechannel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We propose to apply an information theoretic metric to the evaluation of sidechannel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to replace the need of actual measurements, we show that simulations can be used as a meaningful first step in the validation chain of a cryptographic product. For illustration purposes, we apply our methodology to gatelevel simulations of different logic styles and stress that it allows a significant improvement of the previously considered evaluation methods. In particular, our results allow putting forward the respective strengths and weaknesses of actual countermeasures and determining to which extent they can practically lead to secure implementations (with respect to a noise parameter), if adversaries were provided with simulationbased sidechannel traces. Most importantly, the proposed methodology can be straightforwardly adapted to adversaries provided with any other kind of leakage traces (including physical ones). 1
The World is Not Enough: Another Look on SecondOrder DPA
"... Abstract. In a recent work, Mangard et al. showed that under certain assumptions, the (socalled) standard univariate sidechannel attacks using adistanceofmeans test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
(Show Context)
Abstract. In a recent work, Mangard et al. showed that under certain assumptions, the (socalled) standard univariate sidechannel attacks using adistanceofmeans test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguisher can be used to comparethesusceptibilityofdifferentunprotecteddevicestofirstorderDPA, understanding secondorder attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that explores these two topics in the case of a masked implementation exhibiting a Hamming weight leakage model. Our results lead to refined intuitions regarding the efficiency of various practicallyrelevant distinguishers. Further, we also investigate the case of second and thirdorder masking (i.e. using three and four shares torepresentonevalue). Thisevaluation confirms thathigherorder maskingonlyleads tosignificant securityimprovementsifthesecret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods. 1
Revisiting HigherOrder DPA Attacks: Multivariate Mutual Information Analysis
"... Abstract. Security devices are vulnerable to sidechannel attacks that perform statistical analysis on data leaked from cryptographic computations. Higherorder (HO) attacks are a powerful approach to break protected implementations. They inherently demand multivariate statistics because multiple as ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Security devices are vulnerable to sidechannel attacks that perform statistical analysis on data leaked from cryptographic computations. Higherorder (HO) attacks are a powerful approach to break protected implementations. They inherently demand multivariate statistics because multiple aspects of signals have to be analyzed jointly. However, all published works on HO attacks follow the approach to first apply a preprocessing function to map the multivariate problem to a univariate problem and then to apply established 1 st order techniques. We propose a novel and different approach to HO attacks, Multivariate Mutual Information Analysis (MMIA), that allows to directly evaluate joint statistics without preprocessing. While this approach can benefit from a good power model, it also works without an assumption. A thorough empirical evaluation of MMIA and established HO attacks confirms the overwhelming advantage of the new approach: MMIA is more efficient and less affected by noise. Most important and opposed to all published approaches, MMIA’s measurement cost grows subexponentially with the attack order. As a consequence, the security provided by the masking countermeasure needs to be reconsidered as 3 rd and higher order attacks become very practical. 1
Algebraic SideChannel Attacks
, 2009
"... In 2002, algebraic attacks using overdefined systems of equations have been proposed as a potentially very powerful cryptanalysis technique against block ciphers. However, although a number of convincing experiments have been performed against certain reduced algorithms, it is not clear wether thes ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
In 2002, algebraic attacks using overdefined systems of equations have been proposed as a potentially very powerful cryptanalysis technique against block ciphers. However, although a number of convincing experiments have been performed against certain reduced algorithms, it is not clear wether these attacks can be successfully applied in general and to a large class of ciphers. In this paper, we show that algebraic techniques can be combined with sidechannel attacks in a very effective and natural fashion. As an illustration, we apply them to the block cipher PRESENT that is a stimulating first target, due to its simple algebraic structure. The proposed attacks have a number of interesting features: (1) they exploit the information leakages of all the cipher rounds, (2) in common implementation contexts (e.g. assuming a Hamming weight leakage model), they recover the block cipher keys after the observation of a single encryption, (3) these attacks can succeed in an unknownplaintext/ciphertext adversarial scenario and (4) they directly defeat countermeasures such as boolean masking. Eventually, we argue that algebraic sidechannel attacks can take advantage of any kind of physical leakage, leading to a new tradeoff between the robustness and informativeness of the sidechannel information extraction.