Paper 2024/1277

Robust but Relaxed Probing Model

Nicolai Müller, Ruhr University Bochum
Amir Moradi, TU Darmstadt
Abstract

Masking has become a widely applied and heavily researched method to protect cryptographic implementations against SCA attacks. The success of masking is primarily attributed to its strong theoretical foundation enabling it to formally prove security by modeling physical properties through so-called probing models. Specifically, the robust $d$-probing model enables us to prove the security for arbitrarily masked hardware circuits, manually or with the assistance of automated tools, even when considering the imperfect nature of physical hardware, including the occurrence of physical defaults such as glitches. However, the generic strategy employed by the robust $d$-probing model comes with a downside: It tends to over-conservatively model the information leakage caused by glitches meaning that the robust $d$-probing model considers glitches that can never occur in practice. This implies that in theory, an adversary could gain more information than she would obtain in practice. From a designer's perspective, this entails that (1) securely designed hardware circuits may need to be withdrawn due to potential insecurity under the robust $d$-probing model and (2) designs that satisfy the security requirements of the robust $d$-probing model may incur unnecessary overhead, such as increased circuit size or latency. In this work, we refine the formal treatment of glitches within the robust $d$-probing model to address glitches more accurately within a formal adversary model. Unlike the robust $d$-probing model, our approach considers glitches based on the operations performed and the data processed, ensuring that only manifesting glitches are accounted for. As a result, we introduce the RR $d$-probing model, a formal adversary model maintaining the same level of security as the robust $d$-probing model but without the overly conservative treatment of glitches. Leveraging our new model, we prove the security of \ac{LMDPL} gadgets, a class of physically secure gadgets reported as insecure based on the robust $d$-probing model. We provide manual proofs and automated security evaluations employing an updated version of PROLEAD capable of verifying the security of masked circuits under our new model.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published by the IACR in TCHES 2024
Keywords
Side-Channel AnalysisLeakage DetectionProbing SecurityHardwareGlitches
Contact author(s)
nicolai mueller @ rub de
amir moradi @ tu-darmstadt de
History
2024-08-16: approved
2024-08-13: received
See all versions
Short URL
https://ia.cr/2024/1277
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1277,
      author = {Nicolai Müller and Amir Moradi},
      title = {Robust but Relaxed Probing Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1277},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1277}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.