Cryptology ePrint Archive: Report 2020/786

Random Probing Security: Verification, Composition, Expansion and New Constructions

Sonia Belaïd and Jean-Sébastien Coron and Emmanuel Prouff and Matthieu Rivain and Abdul Rahman Taleb

Abstract: The masking countermeasure is among the most powerful countermeasures to counteract side-channel attacks. Leakage models have been exhibited to theoretically reason on the security of such masked implementations. So far, the most widely used leakage model is the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003). While it is advantageously convenient for security proofs, it does not capture an adversary exploiting full leakage traces as, e.g., in horizontal attacks. Those attacks target the multiple manipulations of the same share to reduce noise and recover the corresponding value. To capture a wider class of attacks another model was introduced and is referred to as the random probing model. From a leakage parameter p, each wire of the circuit leaks its value with probability $p$. While this model much better reflects the physical reality of side channels, it requires more complex security proofs and does not yet come with practical constructions. In this paper, we define the first framework dedicated to the random probing model. We provide an automatic tool, called VRAPS, to quantify the random probing security of a circuit from its leakage probability. We also formalize a composition property for secure random probing gadgets and exhibit its relation to the strong non-interference (SNI) notion used in the context of probing security. We then revisit the expansion idea proposed by Ananth, Ishai, and Sahai (CRYPTO 2018) and introduce a compiler that builds a random probing secure circuit from small base gadgets achieving a random probing expandability property. We instantiate this compiler with small gadgets for which we verify the expected properties directly from our automatic tool. Our construction can tolerate a leakage probability up to $2^{-8}$, against $2^{-25}$ for the previous construction, with a better asymptotic complexity.

Category / Keywords: foundations / Compiler, Masking, Automated verification, Random probing model

Original Publication (with major differences): IACR-CRYPTO-2020

Date: received 24 Jun 2020, last revised 28 Jun 2020

Contact author: sonia belaid at cryptoexperts com,jean-sebastien coron@uni lu,emmanuel prouff@ssi gouv fr,matthieu rivain@cryptoexperts com,abdul taleb@cryptoexperts com

Available format(s): PDF | BibTeX Citation

Version: 20200628:103950 (All versions of this report)

Short URL: ia.cr/2020/786


[ Cryptology ePrint archive ]