Abstract
In this paper, we revisit the security conditions of masked hardware implementations. We describe a new, succinct, information-theoretic condition called d-glitch immunity which is both necessary and sufficient for security in the presence of glitches. We show that this single condition includes, but is not limited to, previous security notions such as those used in higher-order threshold implementations and in abstractions using ideal gates. As opposed to these previously known necessary conditions, our new condition is also sufficient. On the other hand, it excludes avoidable notions such as uniformity. We also treat the notion of (strong) noninterference from an information-theoretic point-of-view in order to unify the different security concepts and pave the way to the verification of composability in the presence of glitches. We conclude the paper by demonstrating how the condition can be used as an efficient and highly generic flaw detection mechanism for a variety of functions and schemes based on different operations.
Highlights
Cryptographic algorithms are designed such that they are mathematically secure
By combining it with a verification of the (S)NI properties, they avoid the prohibiting complexity of exhaustive search for all intermediates and achieve an efficient and powerful verification tool for both d-probing and d-glitch-extended probing security
We revisited an information-theoretic approach to d-probing security and extended it to include glitches
Summary
An adversary with access to, for instance, the ciphertext and plaintext, should not be able to derive the secret key with reasonable computing power. This black box model often does not suffice in practice, as the existence of side-channels can significantly aide the adversary in his quest for secret information. Since the seminal work of Kocher [Koc96], we have learned of many cheap and scalable side-channel attacks (SCA) that successfully exploit information such as instantaneous power consumption or electromagnetic radiation to recover secret keys, effectively turning the adversary’s black box into a grey box. Many countermeasures have been proposed, among which masking is one of the most established
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.