A statistical verification method of random permutations for hiding countermeasure against side-channel attacks

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jong-Yeon Park , Jang-Won Ju , Wonil Lee , Bo Gyeong Kang , Yasuyuki Kachi , Kouichi Sakurai
{"title":"A statistical verification method of random permutations for hiding countermeasure against side-channel attacks","authors":"Jong-Yeon Park ,&nbsp;Jang-Won Ju ,&nbsp;Wonil Lee ,&nbsp;Bo Gyeong Kang ,&nbsp;Yasuyuki Kachi ,&nbsp;Kouichi Sakurai","doi":"10.1016/j.jisa.2024.103797","DOIUrl":null,"url":null,"abstract":"<div><p>Hiding countermeasure is among the best-known secure implementation techniques designed to counteract side-channel attacks. It uses a permutation algorithm to shuffle data. In today’s Post-Quantum Cryptography (PQC), hiding countermeasure has earned the limelight for its “shufflability” in lattice-based, and code-based, cryptographic algorithms. In this narrative, most importantly, as a rule, fast generation of permutations is paramount to both efficacy and security of an algorithm. The Fisher–Yates (FY) shuffling method has long been a popular choice for this purpose: the FY method generates randomly shuffled (finite) indices. However, despite its theoretical verity, with the FY method we anticipate the following risks of misuse, which can lead to biased shuffling sequences: (i) incorrect implementation, (ii) poor random source, and (iii) the chosen random number being too small. In this paper, we introduce a new statistical test called “approximate permutation criterion” (“APC”). We use it to examine some known cases of misused FY shuffling (i–iii). APC takes into consideration the fact that the super-exponential rate of growth of the factorial function <span><math><mrow><mi>N</mi><mo>!</mo></mrow></math></span>, which represents the number of permutations of <span><math><mi>N</mi></math></span> indices, defies any meaningful form of statistical tests. With APC one can verify whether the output permutations are biased or not with much lower testing cost. Mathematically, in this paper we introduce the so-called “<span><math><mi>k</mi></math></span>th order permutation verification”, the underpinning notion upon which APC is based. We also compare APC with full sample space to demonstrate how well it encapsulates the statistical randomness of random permutations. We thereby provide a new method that identifies a bias that exists in the output permutations when implementing FY Shuffling through a visual ratio test and the chi-square (<span><math><msup><mrow><mi>χ</mi></mrow><mrow><mn>2</mn></mrow></msup></math></span>) distribution test.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103797"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001005/pdfft?md5=667e687ea99769a6ff80e01b65747c51&pid=1-s2.0-S2214212624001005-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001005","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Hiding countermeasure is among the best-known secure implementation techniques designed to counteract side-channel attacks. It uses a permutation algorithm to shuffle data. In today’s Post-Quantum Cryptography (PQC), hiding countermeasure has earned the limelight for its “shufflability” in lattice-based, and code-based, cryptographic algorithms. In this narrative, most importantly, as a rule, fast generation of permutations is paramount to both efficacy and security of an algorithm. The Fisher–Yates (FY) shuffling method has long been a popular choice for this purpose: the FY method generates randomly shuffled (finite) indices. However, despite its theoretical verity, with the FY method we anticipate the following risks of misuse, which can lead to biased shuffling sequences: (i) incorrect implementation, (ii) poor random source, and (iii) the chosen random number being too small. In this paper, we introduce a new statistical test called “approximate permutation criterion” (“APC”). We use it to examine some known cases of misused FY shuffling (i–iii). APC takes into consideration the fact that the super-exponential rate of growth of the factorial function N!, which represents the number of permutations of N indices, defies any meaningful form of statistical tests. With APC one can verify whether the output permutations are biased or not with much lower testing cost. Mathematically, in this paper we introduce the so-called “kth order permutation verification”, the underpinning notion upon which APC is based. We also compare APC with full sample space to demonstrate how well it encapsulates the statistical randomness of random permutations. We thereby provide a new method that identifies a bias that exists in the output permutations when implementing FY Shuffling through a visual ratio test and the chi-square (χ2) distribution test.

Abstract Image

用于隐藏侧信道攻击对策的随机排列统计验证方法
隐藏对策是最著名的安全实施技术之一,旨在对抗侧信道攻击。它使用一种排列算法来洗牌数据。在当今的后量子密码学(PQC)中,隐藏对策因其在基于网格和代码的密码算法中的 "可洗牌性 "而备受瞩目。在这一叙述中,最重要的是,作为一项规则,快速生成排列组合对算法的有效性和安全性至关重要。长期以来,费舍尔-耶茨(FY)洗牌法一直是这一目的的热门选择:FY 法生成随机洗牌(有限)索引。然而,尽管 FY 方法在理论上是正确的,但我们预计它存在以下误用风险,可能导致有偏差的洗牌序列:(i) 实施不正确,(ii) 随机源不佳,(iii) 所选随机数太小。在本文中,我们引入了一种新的统计检验方法,称为 "近似置换准则"("APC")。我们用它来检验一些已知的滥用 FY 洗牌(i-iii)的情况。APC 考虑到了阶乘函数 N!的超指数增长率这一事实,该函数代表了 N 个指数的排列次数,这使得任何有意义的统计检验形式都无法进行。有了 APC,我们就可以用更低的测试成本来验证输出排列是否有偏差。本文从数学角度介绍了所谓的 "kth 阶排列验证",这是 APC 的基础概念。我们还将 APC 与全样本空间进行了比较,以证明它能很好地概括随机排列的统计随机性。因此,我们提供了一种新方法,通过视觉比率检验和秩方(χ2)分布检验来识别在实施 FY Shuffling 时输出排列中存在的偏差。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信