Abstract
We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde, in ARM Cortex-M0 and M3 devices. Rather than looking for possibly reduced security orders (as frequently considered in the literature), we directly target these implementations by assuming their maximum security order and aim at reducing their noise level thanks to multivariate, horizontal and analytical attacks. Our investigations point out that the Cortex-M0 device has so limited physical noise that masking is close to ineffective. The Cortex-M3 shows a better trend but still requires a large number of shares to provide strong security guarantees. Practically, we first exhibit a full 128-bit key recovery in less than 10 traces for a 6-share masked AES implementation running on the Cortex-M0 requiring 232 enumeration power. A similar attack performed against the Cortex-M3 with 5 shares require 1,000 measurements with 244 enumeration power. We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of the CHES 2020 CTF. We complement these experiments with a careful information theoretic analysis, which allows interpreting our results. We also discuss our conclusions under the umbrella of “backwards security evaluations” recently put forwards by Azouaoui et al. We finally extrapolate the evolution of the proposed attack complexities in the presence of additional countermeasures using the local random probing model proposed at CHES 2020.
Highlights
The leakage samples should be sufficiently noisy. Such strong theoretical guarantees recently motivated the NIST to initiate an effort in order to standardize masking schemes for the protection of single devices against side-channel attacks
As we are interested in a worst-case scenario, we built the best measurement setup we could and our analysis shows that it is possible for an adversary to reduce the physical noise down to a point where it is limited and the main noise source is algorithmic
We recall that our goal in this paper is to provide tools for the analysis of the noise level needed to implement masking, for example to support the NIST standardization of masking schemes effort
Summary
Masking (aka secret sharing) is a popular countermeasure against side-channel attacks It amplifies the noise of an implementation exponentially in a security parameter (known as the security order) that depends on the number of shares [CJRR99, ISW03, PR13, DDF14, DFS15]. The leakage samples should be sufficiently noisy Such strong theoretical guarantees recently motivated the NIST to initiate an effort in order to standardize masking schemes for the protection of single devices against side-channel attacks.. Such strong theoretical guarantees recently motivated the NIST to initiate an effort in order to standardize masking schemes for the protection of single devices against side-channel attacks.1 This naturally raises the question of what are. In order to extract information about a sensitive variable (x), a side-channel adversary can estimate the Probability Density Function (PDF) of the n-dimensional leakage trace l given x. The adversary can use Bayes’s theorem to obtain Pr[x|l]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
