High Order Side-Channel Security for Elliptic-Curve Implementations

IACR Trans. Cryptogr. Hardw. Embed. Syst. Pub Date : 2022-11-29 DOI:10.46586/tches.v2023.i1.238-276

Sonia Belaïd, Matthieu Rivain

{"title":"High Order Side-Channel Security for Elliptic-Curve Implementations","authors":"Sonia Belaïd, Matthieu Rivain","doi":"10.46586/tches.v2023.i1.238-276","DOIUrl":null,"url":null,"abstract":"Elliptic-curve implementations protected with state-of-the-art countermeasures against side-channel attacks might still be vulnerable to advanced attacks that recover secret information from a single leakage trace. The effectiveness of these attacks is boosted by the emergence of deep learning techniques for side-channel analysis which relax the control or knowledge an adversary must have on the target implementation. In this paper, we provide generic countermeasures to withstand these attacks for a wide range of regular elliptic-curve implementations. We first introduce a framework to formally model a regular algebraic program which consists of a sequence of algebraic operations indexed by key-dependent values. We then introduce a generic countermeasure to protect these types of programs against advanced single-trace side-channel attacks. Our scheme achieves provable security in the noisy leakage model under a formal assumption on the leakage of randomized variables. To demonstrate the applicability of our solution, we provide concrete examples on several widely deployed scalar multiplication algorithms and report some benchmarks for a protected implementation on a smart card.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"6 1","pages":"238-276"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2023.i1.238-276","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Elliptic-curve implementations protected with state-of-the-art countermeasures against side-channel attacks might still be vulnerable to advanced attacks that recover secret information from a single leakage trace. The effectiveness of these attacks is boosted by the emergence of deep learning techniques for side-channel analysis which relax the control or knowledge an adversary must have on the target implementation. In this paper, we provide generic countermeasures to withstand these attacks for a wide range of regular elliptic-curve implementations. We first introduce a framework to formally model a regular algebraic program which consists of a sequence of algebraic operations indexed by key-dependent values. We then introduce a generic countermeasure to protect these types of programs against advanced single-trace side-channel attacks. Our scheme achieves provable security in the noisy leakage model under a formal assumption on the leakage of randomized variables. To demonstrate the applicability of our solution, we provide concrete examples on several widely deployed scalar multiplication algorithms and report some benchmarks for a protected implementation on a smart card.

查看原文本刊更多论文

椭圆曲线实现的高阶侧信道安全性

采用最先进的反侧信道攻击措施保护的椭圆曲线实现可能仍然容易受到高级攻击的攻击，这些攻击可以从单个泄漏跟踪中恢复秘密信息。这些攻击的有效性被用于侧信道分析的深度学习技术的出现所提高，这种技术放松了对手对目标实现的控制或知识。在本文中，我们为广泛的正则椭圆曲线实现提供了抵御这些攻击的通用对策。我们首先引入一个框架来形式化建模一个正则代数程序，该程序由一系列由键相关值索引的代数操作组成。然后，我们介绍了一种通用的对策来保护这些类型的程序免受高级单迹侧信道攻击。在随机变量泄漏的形式化假设下，我们的方案在噪声泄漏模型下实现了可证明的安全性。为了演示我们的解决方案的适用性，我们提供了几个广泛部署的标量乘法算法的具体示例，并报告了智能卡上受保护实现的一些基准测试。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Trans. Cryptogr. Hardw. Embed. Syst.

自引率

0.00%

发文量