Cryptology ePrint Archive: Report 2015/119

Making Masking Security Proofs Concrete or How to Evaluate the Security of any Leaking Device (Extended Version)

Alexandre Duc and Sebastian Faust and François-Xavier Standaert

Abstract: We investigate the relationships between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between the measurement complexity and the key enumeration time complexity in divide-and-conquer side-channel attacks, and show that these complexities can be lower bounded based on the mutual information metric, using simple and efficient algorithms. The combination of these observations enables significant reductions of the evaluation costs for certification bodies.

Category / Keywords: side-channel analysis, masking, security proofs, fair evaluations

Original Publication (with minor differences): IACR-EUROCRYPT-2015

Date: received 16 Feb 2015, last revised 23 Feb 2016

Contact author: fstandae at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20160223:100428 (All versions of this report)

Short URL: ia.cr/2015/119

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]