Cryptology ePrint Archive: Report 2017/1195

CAPA: The Spirit of Beaver against Physical Attacks

Oscar Reparaz and Lauren De Meyer and Begül Bilgin and Victor Arribas and Svetla Nikova and Ventzislav Nikov and Nigel Smart

Abstract: In this paper, we introduce CAPA: a combined countermeasure against physical attacks. Our countermeasure provides security against higher-order SCA, multiple-shot DFA and combined attacks, scales to arbitrary protection order and is suitable for implementation in embedded hardware and software. The methodology is based on an attack model which we call tile-probe-and-fault, which is an extension (in both attack surface and capabilities) of prior work such as the wire-probe model. The tile-probe-and-fault leads one to naturally look (by analogy) at actively secure multi-party computation protocols such as SPDZ. We detail several proof-of-concept designs using the CAPA methodology: a hardware implementation of the KATAN and AES block ciphers, as well as a software bitsliced AES S-box implementation. We program a second-order secure version of the KATAN design into a Spartan-6 FPGA and perform a side-channel evaluation. No leakage is detected with up to 18 million traces. We also deploy a second-order secure software AES S-box implementation into an ARM Cortex-M4. Neither first- nor second-order leakage is detected with up to 200 000 traces. Both our implementations can detect faults within a strong adversarial model with arbitrarily high probability.

Category / Keywords: MPC, masking, SCA, DFA, countermeasure, threshold implementation, AES, KATAN, leakage, physical attacks, side-channel, SCA

Date: received 11 Dec 2017, last revised 19 Jan 2018

Contact author: lauren demeyer at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Note: Added Acknowledgements Section

Version: 20180119:123438 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]