Paper 2023/1550

A Thorough Evaluation of RAMBAM

Daniel Lammers, Ruhr University Bochum
Amir Moradi, Ruhr University Bochum
Nicolai Müller, Ruhr University Bochum
Aein Rezaei Shahmirzadi, Ruhr University Bochum
Abstract

The application of masking, widely regarded as the most robust and reliable countermeasure against Side-Channel Analysis (SCA) attacks, has been the subject of extensive research across a range of cryptographic algorithms, especially AES. However, the implementation cost associated with applying such a countermeasure can be significant and even in some scenarios infeasible due to considerations such as area and latency overheads, as well as the need for fresh randomness to ensure the security properties of the resulting design. Most of these overheads originate from the ability to maintain security in the presence of physical defaults such as glitches and transitions. Among several schemes with a trade-off between such overheads, RAMBAM, presented at CHES 2022, offers an ultra-low latency in terms of the number of clock cycles. It is dedicated to the AES and utilizes redundant representations of the finite field elements to enhance protection against both passive and active physical attacks. In this paper, we have a deeper look at this technique and provide a comprehensive analysis. The original authors reported that the number of required traces to mount a successful attack increases exponentially with the size of the redundant representation. We however examine their scheme from theoretical point of view. More specifically, we investigate the relationship between RAMBAM and the well-established Boolean masking and, based on this, prove the insecurity of RAMBAM. Through the examples and use cases, we assess the leakage of the scheme in practice and use verification tools to demonstrate that RAMBAM does not necessarily offer adequate protection against SCA attacks neither in theory nor in practice. Confirmed by real-world experiments, we additionally highlight that -- if no dedicated facility is incorporated -- the RAMBAM designs are susceptible to fault-injection attacks despite providing some degree of protection against a sophisticated attack vector, i.e., SIFA.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. ACM Conference on Computer and Communications Security (CCS 2023)
Keywords
RAMBAMPower Analysis AttackHardwareMasking
Contact author(s)
daniel lammers @ rub de
amir moradi @ rub de
nicolai mueller @ rub de
aein rezaeishahmirzadi @ rub de
History
2023-10-11: approved
2023-10-09: received
See all versions
Short URL
https://ia.cr/2023/1550
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX 

@misc{cryptoeprint:2023/1550,
      author = {Daniel Lammers and Amir Moradi and Nicolai Müller and Aein Rezaei Shahmirzadi},
      title = {A Thorough Evaluation of RAMBAM},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1550},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1550}},
      url = {https://eprint.iacr.org/2023/1550}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.