Paper 2023/1550
A Thorough Evaluation of RAMBAM
Abstract
The application of masking, widely regarded as the most robust and reliable countermeasure against Side-Channel Analysis (SCA) attacks, has been the subject of extensive research across a range of cryptographic algorithms, especially AES. However, the implementation cost associated with applying such a countermeasure can be significant and even in some scenarios infeasible due to considerations such as area and latency overheads, as well as the need for fresh randomness to ensure the security properties of the resulting design. Most of these overheads originate from the ability to maintain security in the presence of physical defaults such as glitches and transitions. Among several schemes with a trade-off between such overheads, RAMBAM, presented at CHES 2022, offers an ultra-low latency in terms of the number of clock cycles. It is dedicated to the AES and utilizes redundant representations of the finite field elements to enhance protection against both passive and active physical attacks. In this paper, we have a deeper look at this technique and provide a comprehensive analysis. The original authors reported that the number of required traces to mount a successful attack increases exponentially with the size of the redundant representation. We however examine their scheme from theoretical point of view. More specifically, we investigate the relationship between RAMBAM and the well-established Boolean masking and, based on this, prove the insecurity of RAMBAM. Through the examples and use cases, we assess the leakage of the scheme in practice and use verification tools to demonstrate that RAMBAM does not necessarily offer adequate protection against SCA attacks neither in theory nor in practice. Confirmed by real-world experiments, we additionally highlight that -- if no dedicated facility is incorporated -- the RAMBAM designs are susceptible to fault-injection attacks despite providing some degree of protection against a sophisticated attack vector, i.e., SIFA.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. ACM Conference on Computer and Communications Security (CCS 2023)
- Keywords
- RAMBAMPower Analysis AttackHardwareMasking
- Contact author(s)
-
daniel lammers @ rub de
amir moradi @ rub de
nicolai mueller @ rub de
aein rezaeishahmirzadi @ rub de - History
- 2023-10-11: approved
- 2023-10-09: received
- See all versions
- Short URL
- https://ia.cr/2023/1550
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2023/1550, author = {Daniel Lammers and Amir Moradi and Nicolai Müller and Aein Rezaei Shahmirzadi}, title = {A Thorough Evaluation of {RAMBAM}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1550}, year = {2023}, url = {https://eprint.iacr.org/2023/1550} }