Paper 2020/200

Exploring the Golden Mean Between Leakage and Fault Resilience and Practice

Christoph Dobraunig and Bart Mennink and Robert Primas

Abstract

The area of leakage resilient cryptography aims to provide proofs under the assumption that the side channel leakage of implementations behaves in a certain way, e.g., the leakage is bounded, hard-to-invert, or simulatable. On the other hand, it is often hard to show that a practical implementation has such a behavior. Moreover, these models are typically targeted exclusively towards side channel attacks and hence, other implementation attacks like fault attacks are excluded. In this paper, we provide an alternative approach that we call accumulated leakage. In our model, no a priori restriction or assumption on the leakage is made. Instead, leakage resilience bounds are expressed in terms of an accumulated gain, which is a function of the leakage obtained by an attacker. In particular, we express the accumulated gain as a function of the number of computations of a primitive using a secret that an attacker can observe, one of the major restrictions that determines whether a certain implementation attack is possible or not. Having the advantage of a scheme expressed with the help of accumulated leakage, we have two roads to go. One option is to stick to the a priori bounding made in, e.g., the bounded leakage model and put an a priori restriction on the maximum allowed leakage per primitive call. Another option is to compute the accumulated gain based on measurements a posteriori. As a proof of concept, we apply the accumulated leakage concept to a sponge-based stream encryption scheme called asakey: first, a formal leakage resilience analysis is delivered as a function of the accumulated gain, and second, leakage measurements on permutations are performed to demonstrate how the accumulated gain can be estimated a posteriori.