Paper 2014/413

On the Cost of Lazy Engineering for Masked Software Implementations

Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, and François-Xavier Standaert

Abstract

Masking is one of the most popular countermeasures to mitigate side-channel analysis. Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that the leakage corresponding to different shares is independent. Several works have shown that such an independent leakage assumption may be contradicted in practice, because of physical effects such as ``glitches" or ``transition-based" leakages. As a result, implementing masking securely can be a time-consuming engineering problem. This is in strong contrast with recent and promising approaches for the automatic insertion of countermeasures exploiting compilers, that aim to limit the development time of side-channel resistant software. Motivated by this contrast, we question what can be hoped for these approaches - or more generally for masked software implementations based on careless assembly generation. For this purpose, our first contribution is a simple reduction from security proofs obtained in a (usual but not always realistic) model where leakages depend on the intermediate variables manipulated by the target device, to security proofs in a (more realistic) model where the transitions between these intermediate variables are leaked. We show that the cost of moving from one context to the other implies a division of the security order by two for masking schemes. Next, our second and main contribution is to provide an exhaustive empirical validation of this reduction, based on two microcontrollers, several (handwritten and compiler-based) ways of generating assembly codes, with and without ``recycling" the randomness used for sharing. These experiments confirm the relevance of our analysis, and therefore quantify the cost of lazy engineering for masking.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Contact author(s)
fstandae @ uclouvain be
History
2014-06-04: received
Short URL
https://ia.cr/2014/413
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/413,
      author = {Josep Balasch and Benedikt Gierlichs and Vincent Grosso and Oscar Reparaz and François-Xavier Standaert},
      title = {On the Cost of Lazy Engineering for Masked Software Implementations},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/413},
      year = {2014},
      url = {https://eprint.iacr.org/2014/413}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.