Conversion of security proofs from one leakage model to another: a new issue

Authors:
Jean-Sébastien Coron;Christophe Giraud;Emmanuel Prouff;Soline Renner;Matthieu Rivain;Praveen Kumar Vadnala
Affiliations:
Université du Luxembourg, Luxembourg,Tranef, France;Crypto and Security Group, Oberthur Technologies, Pessac, France;Crypto and Security Group, Oberthur Technologies, Nanterre, France;Crypto and Security Group, Oberthur Technologies, Pessac, France,Université Bordeaux I, Talence cedex, France;CryptoExperts, Paris, France;Université du Luxembourg, Luxembourg
Venue:
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Year:
2012

Citing 14
Cited 0

Towards Sound Approaches to Counteract Power-Analysis Attacks

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Securing the AES Finalists Against Power Analysis Attacks

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
DES and Differential Power Analysis (The "Duplication" Method)

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Power and electromagnetic analysis: improved model, consequences and comparisons

Integration, the VLSI Journal - Special issue: Embedded cryptographic hardware
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis

Fast Software Encryption
Statistical Analysis of Second Order Differential Power Analysis

IEEE Transactions on Computers
A generic method for secure Sbox implementation

WISA'07 Proceedings of the 8th international conference on Information security applications
Provably secure higher-order masking of AES

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Higher-order glitches free implementation of the AES using secure multi-party computation protocols

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Thwarting higher-order side channel analysis with additive and multiplicative maskings

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Provably secure masking of AES

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Higher order masking of the AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
A stochastic model for differential side channel cryptanalysis

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
An efficient masking scheme for AES software implementations

WISA'05 Proceedings of the 6th international conference on Information Security Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

To guarantee the security of a cryptographic implementation against Side Channel Attacks, a common approach is to formally prove the security of the corresponding scheme in a model as pertinent as possible. Nowadays, security proofs for masking schemes in the literature are usually conducted for models where only the manipulated data are assumed to leak. However in practice, the leakage is better modeled encompassing the memory transitions as e.g. the Hamming distance model. From this observation, a natural question is to decide at which extent a countermeasure proved to be secure in the first model stays secure in the second. In this paper, we look at this issue and we show that it must definitely be taken into account. Indeed, we show that a countermeasure proved to be secure against second-order side-channel attacks in the first model becomes vulnerable against a first-order side-channel attack in the second model. Our result emphasize the issue of porting an implementation from devices leaking only on the manipulated data to devices leaking on the memory transitions.