Paper 2023/835

Unifying Freedom and Separation for Tight Probing-Secure Composition

Sonia Belaïd, CryptoExperts (France)
Gaëtan Cassiers, TU Graz
Matthieu Rivain, CryptoExperts (France)
Abdul Rahman Taleb, CryptoExperts (France), Sorbonne University
Abstract

The masking countermeasure is often analyzed in the probing model. Proving the probing security of large circuits at high masking orders is achieved by composing gadgets that satisfy security definitions such as non-interference (NI), strong non-interference (SNI) or free SNI. The region probing model is a variant of the probing model, where the probing capabilities of the adversary scale with the number of regions in a masked circuit. This model is of interest as it allows better reductions to the more realistic noisy leakage model. The efficiency of composable region probing secure masking has been recently improved with the introduction of the input-output separation (IOS) definition. In this paper, we first establish equivalences between the non-interference framework and the IOS formalism. We also generalize the security definitions to multiple-input gadgets and systematically show implications and separations between these notions. Then, we study which gadgets from the literature satisfy these. We give new security proofs for some well-known arbitrary-order gadgets, and also some automated proofs for fixed-order, special-case gadgets. To this end, we introduce a new automated formal verification algorithm that solves the open problem of verifying free SNI, which is not a purely simulation-based definition. Using the relationships between the security notions, we adapt this algorithm to further verify IOS. Finally, we look at composition theorems. In the probing model, we use the link between free SNI and the IOS formalism to generalize and improve the efficiency of the tight private circuit (Asiacrypt 2018) construction, also fixing a flaw in the original proof. In the region probing model, we relax the assumptions for IOS composition (TCHES 2021), which allows to save many refresh gadgets, hence improving the efficiency.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in CRYPTO 2023
Keywords
MaskingProbing modelRegion probing modelNon-interferenceInput output separationTight private circuit
Contact author(s)
sonia belaid @ cryptoexperts com
gaetan cassiers @ iaik tugraz at
matthieu rivain @ cryptoexperts com
abdul taleb @ cryptoexperts com
History
2023-06-06: approved
2023-06-05: received
See all versions
Short URL
https://ia.cr/2023/835
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/835,
      author = {Sonia Belaïd and Gaëtan Cassiers and Matthieu Rivain and Abdul Rahman Taleb},
      title = {Unifying Freedom and Separation for Tight Probing-Secure Composition},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/835},
      year = {2023},
      url = {https://eprint.iacr.org/2023/835}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.