Don't Learn What You Already Know Scheme-Aware Modeling for Profiling Side-Channel Analysis against Masking

IACR Trans. Cryptogr. Hardw. Embed. Syst. Pub Date : 2022-11-29 DOI:10.46586/tches.v2023.i1.32-59

Loïc Masure, Valence Cristiani, Maxime Lecomte, François-Xavier Standaert

{"title":"Don't Learn What You Already Know Scheme-Aware Modeling for Profiling Side-Channel Analysis against Masking","authors":"Loïc Masure, Valence Cristiani, Maxime Lecomte, François-Xavier Standaert","doi":"10.46586/tches.v2023.i1.32-59","DOIUrl":null,"url":null,"abstract":"Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in an uninformed setting to evaluate implementations protected with higher-order masking. On the opposite, worst-case evaluations may be seen as possibly far from what a real-world adversary could do, thereby leading to too conservative security bounds. In this paper, we propose a new threat model that we name scheme-aware benefiting from a trade-off between uninformed and worst-case models. Our scheme-aware model is closer to a real-world adversary, in the sense that it does not need to have access to the random nonces used by masking during the profiling phase like in a worst-case model, while it does not need to learn the masking scheme as implicitly done by an uninformed adversary. We show how to combine the power of deep learning with the prior knowledge of scheme-aware modeling. As a result, we show on simulations and experiments on public datasets how it sometimes allows to reduce by an order of magnitude the profiling complexity, i.e., the number of profiling traces needed to satisfyingly train a model, compared to a fully uninformed adversary.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"75 1","pages":"32-59"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2023.i1.32-59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in an uninformed setting to evaluate implementations protected with higher-order masking. On the opposite, worst-case evaluations may be seen as possibly far from what a real-world adversary could do, thereby leading to too conservative security bounds. In this paper, we propose a new threat model that we name scheme-aware benefiting from a trade-off between uninformed and worst-case models. Our scheme-aware model is closer to a real-world adversary, in the sense that it does not need to have access to the random nonces used by masking during the profiling phase like in a worst-case model, while it does not need to learn the masking scheme as implicitly done by an uninformed adversary. We show how to combine the power of deep learning with the prior knowledge of scheme-aware modeling. As a result, we show on simulations and experiments on public datasets how it sometimes allows to reduce by an order of magnitude the profiling complexity, i.e., the number of profiling traces needed to satisfyingly train a model, compared to a fully uninformed adversary.

查看原文本刊更多论文

不要学你已经知道的东西——对侧信道分析的方案感知建模

在过去的几年里，基于深度学习的攻击已经成为一种事实上的标准，这要归功于它们能够在没有预处理的情况下破坏加密原语的实现，甚至可以对抗广泛使用的反措施，如隐藏和屏蔽。然而，Bronchain和Standaert最近在Tches 2020上的工作质疑了这些工具的可靠性，如果在不知情的环境中使用，以评估受高阶遮蔽保护的实现。相反，最坏情况的评估可能与现实世界的对手所能做的相差甚远，从而导致过于保守的安全界限。在本文中，我们提出了一种新的威胁模型，我们将其命名为方案感知模型，它受益于不知情模型和最坏情况模型之间的权衡。我们的模式感知模型更接近现实世界的对手，因为它不需要像最坏情况模型那样在分析阶段访问屏蔽所使用的随机随机数，同时它也不需要像不知情的对手那样隐式地学习屏蔽方案。我们展示了如何将深度学习的力量与方案感知建模的先验知识相结合。因此，我们在公共数据集的模拟和实验中展示了与完全不知情的对手相比，它有时如何允许通过一个数量级的分析复杂性来减少分析的数量，即令人满意地训练模型所需的分析跟踪的数量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Trans. Cryptogr. Hardw. Embed. Syst.

自引率

0.00%

发文量