Provable Secure Countermeasures Against Side-Channel Attacks

Abstract

Side-channel attacks are a prominent threat to the security of cryptographic implementations. Differently from the traditional black-box attacks, which exploit the inputs and outputs of cryptographic schemes, side-channel attacks partially access the inner working of the scheme as well, by observing the physical leakage emitted by the device executing cryptographic algorithms. A notable example is the class of power-analysis attacks, which exploits the power consumption of the underlying device to recover the secret keys of the implemented cryptosystem. Since their first presentation in the late 1990s, the problem of securing cryptographic systems in the presence of side-channel leakages received significant attention by the cryptographic community. In particular, the theory community has concentrated its research efforts on formally modeling the side-channel leakages and on designing cryptographic schemes \textit{provably} secure in such leakage models. However, conceiving a formal model that realistically captures possible physical leakages and constructing primitives sufficiently efficient to be deployed in practice are still challenging research objectives. This research area is usually referred to as leakage-resilient cryptography. In this dissertation, we examine three main research directions. The first one focuses on the technique of masking, which is the most popular approach to counteract power-analysis attacks. In this context, our work analyzes possible methods to improve the efficiency of masked implementations, with the goal of overcoming the decrease in performance, which is a common drawback of masking. In particular, we provide new and more efficient algorithms for the computation of basic operations in two kinds of masking schemes: the Boolean masking and the Inner Product masking. The second research direction of this work addresses the problem of formalizing security requirements for hardware implementations. While provable security of software-oriented masking has been studied since the origin of leakage resilient cryptography, the more complex task of formally proving the security of hardware-oriented masking is receiving attention by the community only recently. We discuss the different challenges of this field, and we introduce a new theoretical model, the robust probing model, capturing the conditions required for securely implementing complex algorithms in practice, providing a guide to practical implementers. Finally, the last part of this work is concerned with the protection of algorithms employed in lattice-based constructions, which are studied in the field of post-quantum cryptography. While several works investigate the application of masking schemes to standard cryptosystems, for most post-quantum schemes this is still an ongoing research. We contribute to this research area, by applying the masking countermeasure to a binomial sampler which is at the base of many lattice-based cryptosystems.