Strong Non-Interference and Type-Directed Higher-Order Masking

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2016-10-24 DOI:10.1145/2976749.2978427

G. Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, B. Grégoire, Pierre-Yves Strub, Rébecca Zucchini

{"title":"Strong Non-Interference and Type-Directed Higher-Order Masking","authors":"G. Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, B. Grégoire, Pierre-Yves Strub, Rébecca Zucchini","doi":"10.1145/2976749.2978427","DOIUrl":null,"url":null,"abstract":"Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"211","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976749.2978427","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 211

Abstract

Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.

查看原文本刊更多论文

强无干扰和有型高阶掩模

差分功率分析(DPA)是一种侧信道攻击，攻击者通过测量和分析执行加密算法的设备的功耗来检索加密材料。针对DPA的有效对策是通过在一组共享上对秘密进行概率编码来屏蔽秘密，并运行基于这些编码进行计算的屏蔽算法。掩码算法通常被期望至少提供一定程度的探测安全性。利用概率信息流和探测安全性之间的深层联系，我们开发了一种精确的、可扩展的、全自动的方法来验证掩码算法的探测安全性，并从未受保护的算法描述中生成它们。我们的方法依赖于独立兴趣的几个贡献，包括支持组合推理的更强的探测安全概念，以及用于执行探测策略的表达类的类型系统。最后，我们通过实例验证了我们的方法，这些例子远远超出了最先进的水平。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量