Paper 2024/147

Prime Masking vs. Faults - Exponential Security Amplification against Selected Classes of Attacks

Thorben Moos, Université Catholique de Louvain
Sayandeep Saha, Université Catholique de Louvain, Indian Institute of Technology Bombay
François-Xavier Standaert, Université Catholique de Louvain
Abstract

Fault injection attacks are a serious concern for cryptographic hardware. Adversaries may extract sensitive information from the faulty output that is produced by a cryptographic circuit after actively disturbing its computation. Alternatively, the information whether an output would have been faulty, even if it is withheld from being released, may be exploited. The former class of attacks, which requires the collection of faulty outputs, such as Differential Fault Analysis (DFA), then either exploits some knowledge about the position of the injected fault or about its value. The latter class of attacks, which can be applied without ever obtaining faulty outputs, such as Statistical Ineffective Fault Attacks (SIFA), then either exploits a dependency between the effectiveness of the fault injection and the value to be faulted (e.g., an LSB stuck-at-0 only affecting odd numbers), denoted as SIFA-1, or a conditional propagation of a faulted value based on a sensitive intermediate (e.g., multiplication of a faulted value by 0 prevents propagation), denoted as SIFA-2. The aptitude of additive masking schemes, which were designed to prevent side-channel analysis, to also thwart fault attacks is typically assumed to be limited. Common fault models, such as toggle/bit-flip, stuck-at-0 or stuck-at-1 survive the recombination of Boolean shares well enough for generic attacks to succeed. More precisely, injecting a fault into one or multiple Boolean shares often results in the same, or at least a predictable, error appearing in the sensitive variable after recombination. In this work, we show that additive masking in prime-order fields breaks such relationships, causing frequently exploited biases to decrease exponentially in the number of shares. As a result, prime masking offers surprisingly strong protection against generic statistical attacks, which require a dependency between the effectiveness of an injected fault and the secret variable that is manipulated, such as SIFA-1. Operation-dependent statistical attacks, such as SIFA-2 and Fault Template Attacks (FTA), may still be performed against certain prime-field structures, even if they are masked with many shares. Yet, we analyze the corresponding cases and are able to provide specific guidelines on how to avoid vulnerabilities either at the cipher design or implementation level by making informed decisions about the primes, non-linear mappings and masked gadgets used. Since prime-field masking appears to be one of the rare instances of affordable countermeasures that naturally provide sound protection against sidechannel analysis and certain fault injection attacks, we believe there is a strong incentive for developing new ciphers to leverage these advantages.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2024
Keywords
prime-field maskingfault injection attacksSIFAsecurity amplification
Contact author(s)
thorben moos @ uclouvain be
sayandeep saha @ uclouvain be
fstandae @ uclouvain be
History
2024-07-13: revised
2024-02-01: received
See all versions
Short URL
https://ia.cr/2024/147
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/147,
      author = {Thorben Moos and Sayandeep Saha and François-Xavier Standaert},
      title = {Prime Masking vs. Faults - Exponential Security Amplification against Selected Classes of Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/147},
      year = {2024},
      url = {https://eprint.iacr.org/2024/147}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.