You are looking at a specific version 20200917:173941 of this paper. See the latest version.

Paper 2020/786

Random Probing Security: Verification, Composition, Expansion and New Constructions

Sonia Belaïd and Jean-Sébastien Coron and Emmanuel Prouff and Matthieu Rivain and Abdul Rahman Taleb

Abstract

The masking countermeasure is among the most powerful countermeasures to counteract side-channel attacks. Leakage models have been exhibited to theoretically reason on the security of such masked implementations. So far, the most widely used leakage model is the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003). While it is advantageously convenient for security proofs, it does not capture an adversary exploiting full leakage traces as, e.g., in horizontal attacks. Those attacks target the multiple manipulations of the same share to reduce noise and recover the corresponding value. To capture a wider class of attacks another model was introduced and is referred to as the random probing model. From a leakage parameter p, each wire of the circuit leaks its value with probability $p$. While this model much better reflects the physical reality of side channels, it requires more complex security proofs and does not yet come with practical constructions. In this paper, we define the first framework dedicated to the random probing model. We provide an automatic tool, called VRAPS, to quantify the random probing security of a circuit from its leakage probability. We also formalize a composition property for secure random probing gadgets and exhibit its relation to the strong non-interference (SNI) notion used in the context of probing security. We then revisit the expansion idea proposed by Ananth, Ishai, and Sahai (CRYPTO 2018) and introduce a compiler that builds a random probing secure circuit from small base gadgets achieving a random probing expandability property. We instantiate this compiler with small gadgets for which we verify the expected properties directly from our automatic tool. Our construction can tolerate a leakage probability up to $2^{-8}$, against $2^{-25}$ for the previous construction, with a better asymptotic complexity.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in CRYPTO 2020
Keywords
CompilerMaskingAutomated verificationRandom probing model
Contact author(s)
sonia belaid @ cryptoexperts com,jean-sebastien coron @ uni lu,emmanuel prouff @ ssi gouv fr,matthieu rivain @ cryptoexperts com,abdul taleb @ cryptoexperts com
History
2020-10-29: last of 3 revisions
2020-06-27: received
See all versions
Short URL
https://ia.cr/2020/786
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.