Paper 2023/1341

Combined Private Circuits - Combined Security Refurbished

Jakob Feldtkeller, Ruhr University Bochum
Tim Güneysu, Ruhr University Bochum
Thorben Moos, Université catholique de Louvain
Jan Richter-Brockmann, Ruhr University Bochum
Sayandeep Saha, Université catholique de Louvain
Pascal Sasdrich, Ruhr University Bochum
François-Xavier Standaert, Université catholique de Louvain

Physical attacks are well-known threats to cryptographic implementations. While countermeasures against passive Side-Channel Analysis (SCA) and active Fault Injection Analysis (FIA) exist individually, protecting against their combination remains a significant challenge. A recent attempt at achieving joint security has been published at CCS 2022 under the name CINI-MINIS. The authors introduce relevant security notions and aim to construct arbitrary-order gadgets that remain trivially composable in the presence of a combined adversary. Yet, we show that all CINI-MINIS gadgets at any order are susceptible to a devastating attack with only a single fault and probe due to a lack of error correction modules in the compression. We explain the details of the attack, pinpoint the underlying problem in the constructions, propose an additional design principle, and provide new (fixed) provably secure and composable gadgets for arbitrary order. Luckily, the changes in the compression stage help us to save correction modules and registers elsewhere, making the resulting Combined Private Circuits (CPC) more secure and more efficient than the original ones. We also explain why the discovered flaws have been missed by the associated formal verification tool VERICA (TCHES 2022) and propose fixes to remove its blind spot. Finally, we explore alternative avenues to repair the compression stage without additional corrections based on non-completeness, i.e., constructing a compression that never recombines any secret. Yet, while this approach could have merit for low-order gadgets, it is, for now, hard to generalize and scales poorly to higher orders. We conclude that our refurbished arbitrary order CINI gadgets provide a solid foundation for further research.

Available format(s)
Publication info
Published elsewhere. CCS '23
ide-Channel AnalysisFault-Injection AnalysisCombined AttacksGadgetsCINI MINIS
Contact author(s)
jakob feldtkeller @ rub de
tim gueneysu @ rub de
thorben moos @ uclouvain be
jan richter-brockmann @ rub de
sayandeep saha @ uclouvain be
pascal sasdrich @ rub de
fstandae @ uclouvain be
2023-09-08: approved
2023-09-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jakob Feldtkeller and Tim Güneysu and Thorben Moos and Jan Richter-Brockmann and Sayandeep Saha and Pascal Sasdrich and François-Xavier Standaert},
      title = {Combined Private Circuits - Combined Security Refurbished},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1341},
      year = {2023},
      doi = {10.1145/3576915.3623129},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.