Block Ciphers Implementations Provably Secure Against Second Order - - PowerPoint PPT Presentation

8 +

Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis

Matthieu Rivain1,2, Emmanuelle Dottax1 & Emmanuel Prouff1

Oberthur Card Systems University of Luxembourg

February 11, 2008

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Outline

1

Introduction to (Second Order) Side Channel Analysis

2

Block Ciphers Implementations Secure Against 2O-SCA

3

S-box Implementations Secure Against 2O-SCA

4

Improvement

5

Comparison & Implementation Results

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Side Channel Analysis

Side Channel Analysis (SCA) is a strong cryptanalytic technique targeting physical implementations The physical leakage of the execution of any algorithm depends on the intermediate variables SCA exploits leakage on sensitive variables that depend on the secret key

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Side Channel Analysis

V depends on a few key bits

⇒ possible key recovery attack exploiting L(V )

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Side Channel Analysis

V depends on a few key bits

⇒ possible key recovery attack exploiting L(V )

Classical statistical distinguishers:

◮ correlation techniques – generic ◮ maximum likelihood – strong adversary model

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Masking & Higher Order SCA

One or several random values – the masks – are added to every sensitive variable

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Masking & Higher Order SCA

One or several random values – the masks – are added to every sensitive variable First order masking: one single mask

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Masking & Higher Order SCA

One or several random values – the masks – are added to every sensitive variable First order masking: one single mask Second Order Side Channel Analysis

◮ M : random mask ◮ V ⊕ M : masked variable

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Masking & Higher Order SCA

One or several random values – the masks – are added to every sensitive variable First order masking: one single mask Second Order Side Channel Analysis

◮ M : random mask ◮ V ⊕ M : masked variable

To thwart 2O-SCA: use second order masking

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Masking & Higher Order SCA

One or several random values – the masks – are added to every sensitive variable First order masking: one single mask Second Order Side Channel Analysis

◮ M : random mask ◮ V ⊕ M : masked variable

To thwart 2O-SCA: use second order masking dth order masking is broken by (d + 1)th order SCA

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Why Using Masking ?

[Chari+ CRYPTO’99] SCA complexity increases

◮ exponentially with the masking order ◮ polynomially with hiding-like countermeasures (noise addition,

• peration order randomization, ...)

Incrementing the masking order is of great interest for SCA resistance

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Why Using Masking ?

[Chari+ CRYPTO’99] SCA complexity increases

◮ exponentially with the masking order ◮ polynomially with hiding-like countermeasures (noise addition,

• peration order randomization, ...)

Incrementing the masking order is of great interest for SCA resistance Many papers focus on improving 2O-SCA A few papers deal with resistant implementations

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Why Using Masking ?

[Chari+ CRYPTO’99] SCA complexity increases

◮ exponentially with the masking order ◮ polynomially with hiding-like countermeasures (noise addition,

• peration order randomization, ...)

Incrementing the masking order is of great interest for SCA resistance Many papers focus on improving 2O-SCA A few papers deal with resistant implementations First step: provable security against 2O-SCA

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Security Against 2O-SCA

Definition (2O-SCA Security)

A cryptographic algorithm is said to be secure against 2O-SCA if every pair of its intermediate variables is independent of any sensitive variable. An algorithm security can be formally proved

◮ listing all intermediate variables ◮ checking every pair independency

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Block Cipher Description

Iterated block cipher

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Block Cipher Description

Iterated block cipher Round transformation: ρ[k](·) = λ ◦ γ ◦ σ[k](·)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing Block Ciphers Implementations

Second order masking:

◮ p = p0 ⊕ p1 ⊕ p2 ◮ k = k0 ⊕ k1 ⊕ k2

(p1, p2) and (k1, k2) randomly generated

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing Block Ciphers Implementations

Second order masking:

◮ p = p0 ⊕ p1 ⊕ p2 ◮ k = k0 ⊕ k1 ⊕ k2

(p1, p2) and (k1, k2) randomly generated Goal: perform a round transformation from the 3 shares

◮ The shares must be process separately ◮ The completeness relation must be preserved

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: simple

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: λ(p) = λ(p0) ⊕ λ(p1) ⊕ λ(p2)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: λ(p) = λ(p0) ⊕ λ(p1) ⊕ λ(p2) Key addition layer: simple

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: λ(p) = λ(p0) ⊕ λ(p1) ⊕ λ(p2) Key addition layer: σ[k](p) = σ[k0](p0) ⊕ σ[k1](p1) ⊕ σ[k2](p2)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: λ(p) = λ(p0) ⊕ λ(p1) ⊕ λ(p2) Key addition layer: σ[k](p) = σ[k0](p0) ⊕ σ[k1](p1) ⊕ σ[k2](p2) Non-linear layer: issue

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Securing the Round Transformation

Linear layer: λ(p) = λ(p0) ⊕ λ(p1) ⊕ λ(p2) Key addition layer: σ[k](p) = σ[k0](p0) ⊕ σ[k1](p1) ⊕ σ[k2](p2) Non-linear layer: issue

◮ Problem: secure an S-box implementation

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Secure S-box Implementation – Problem

S : n × m S-box

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Secure S-box Implementation – Problem

S : n × m S-box ˜ x = x ⊕ r1 ⊕ r2 : n-bit masked input, (r1, r2) : n-bit input masks

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Secure S-box Implementation – Problem

S : n × m S-box ˜ x = x ⊕ r1 ⊕ r2 : n-bit masked input, (r1, r2) : n-bit input masks (s1, s2) : m-bit output masks

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Secure S-box Implementation – Problem

S : n × m S-box ˜ x = x ⊕ r1 ⊕ r2 : n-bit masked input, (r1, r2) : n-bit input masks (s1, s2) : m-bit output masks Goal : process S(x) ⊕ s1 ⊕ s2 Requirement : every pair of inter. var. must be indep. of x

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Our Proposition

Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. r3 ← rand(n)
• 2. r′ ← (r1 ⊕ r3) ⊕ r2
• 3. for a from 0 to 2n − 1 do

4. a′ ← a ⊕ r′ 5. T[a′] ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 6. return T[r3]
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Our Proposition

Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. r3 ← rand(n)
• 2. r′ ← (r1 ⊕ r3) ⊕ r2
• 3. for a from 0 to 2n − 1 do

4. a′ ← a ⊕ r′ 5. T[a′] ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 6. return T[r3]

When a = r1 ⊕ r2 :

◮ ˜

x ⊕ a = x – desired masked output

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Our Proposition

Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. r3 ← rand(n)
• 2. r′ ← (r1 ⊕ r3) ⊕ r2
• 3. for a from 0 to 2n − 1 do

4. a′ ← a ⊕ r′ 5. T[a′] ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 6. return T[r3]

When a = r1 ⊕ r2 :

◮ ˜

x ⊕ a = x – desired masked output

◮ a′ = r3

– stored in T[r3]

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Our Proposition

Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. r3 ← rand(n)
• 2. r′ ← (r1 ⊕ r3) ⊕ r2
• 3. for a from 0 to 2n − 1 do

4. a′ ← a ⊕ r′ 5. T[a′] ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 6. return T[r3]

When a = r1 ⊕ r2 :

◮ ˜

x ⊕ a = x – desired masked output

◮ a′ = r3

– stored in T[r3]

Every pair of inter. var. is indep. of x

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. for a from 0 to 2n − 1 do

2. cmp ← compare(a ⊕ r1, r2) 3. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 4. return R0
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. for a from 0 to 2n − 1 do

2. cmp ← compare(a ⊕ r1, r2) 3. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 4. return R0

When a = r1 ⊕ r2:

◮ ˜

x ⊕ a = x – desired masked output

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. for a from 0 to 2n − 1 do

2. cmp ← compare(a ⊕ r1, r2) 3. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 4. return R0

When a = r1 ⊕ r2:

◮ ˜

x ⊕ a = x – desired masked output

◮ cmp = 0

– stored in R0

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. for a from 0 to 2n − 1 do

2. cmp ← compare(a ⊕ r1, r2) 3. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 4. return R0

When a = r1 ⊕ r2:

◮ ˜

x ⊕ a = x – desired masked output

◮ cmp = 0

– stored in R0

However there is a flaw: (cmp, ˜ x ⊕ a) depends on x!

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. for a from 0 to 2n − 1 do

2. cmp ← compare(a ⊕ r1, r2) 3. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 4. return R0
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compare(x, y) = if x = y 1 if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. b ← rand(1)
• 2. for a from 0 to 2n − 1 do

3. cmp ← compare(a ⊕ r1, r2) 4. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 5. return R0
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compareb(x, y) = b if x = y ¯ b if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. b ← rand(1)
• 2. for a from 0 to 2n − 1 do

3. cmp ← compareb(a ⊕ r1, r2) 4. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 5. return R0
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compareb(x, y) = b if x = y ¯ b if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. b ← rand(1)
• 2. for a from 0 to 2n − 1 do

3. cmp ← compareb(a ⊕ r1, r2) 4. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 5. return Rb
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compareb(x, y) = b if x = y ¯ b if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. b ← rand(1)
• 2. for a from 0 to 2n − 1 do

3. cmp ← compareb(a ⊕ r1, r2) 4. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 5. return Rb

The security relies on the compareb implementation

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Another Proposition

compareb(x, y) = b if x = y ¯ b if x = y Input: ˜ x = x ⊕ r1 ⊕ r2, (r1, r2), (s1, s2) Output: S(x) ⊕ s1 ⊕ s2

• 1. b ← rand(1)
• 2. for a from 0 to 2n − 1 do

3. cmp ← compareb(a ⊕ r1, r2) 4. Rcmp ←

• S(˜

x ⊕ a) ⊕ s1

• ⊕ s2
• 5. return Rb

The security relies on the compareb implementation Less efficient than the previous solution but less memory consuming

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Both methods process a loop on every possible S-box output Improvement: process several S-box outputs at the same time

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Both methods process a loop on every possible S-box output Improvement: process several S-box outputs at the same time

◮ e.g. 4 S-box outputs can be stored in one µP word

S(1..1, 11) S(0..0, 00) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(0..0, 01)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Both methods process a loop on every possible S-box output Improvement: process several S-box outputs at the same time

◮ e.g. 4 S-box outputs can be stored in one µP word

S(xH, xL) xH S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL

S′(xH) =

• S(xH, 00), S(xH, 01), S(xH, 10), S(xH, 11)
• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Without improvement – S : n × m S-box

(˜ x, r1, r2) SecSBox(S) S(x) ⊕ s1 ⊕ s2 (s1, s2) n m m

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Without improvement – S : n × m S-box

(˜ x, r1, r2) SecSBox(S) S(x) ⊕ s1 ⊕ s2 (s1, s2) n m m

With improvement – S′ : (n − 2) × 4m S-box

4m (s′

1, s′ 2)

S′(xH) ⊕ s′

1 ⊕ s′ 2

SecSBox(S′) (˜ xH, r1,H, r2,H) n-2 4m

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Without improvement – S : n × m S-box

(˜ x, r1, r2) SecSBox(S) S(x) ⊕ s1 ⊕ s2 (s1, s2) n m m

With improvement – S′ : (n − 2) × 4m S-box

4m (s′

1, s′ 2)

S′(xH) ⊕ s′

1 ⊕ s′ 2

SecSBox(S′) (˜ xH, r1,H, r2,H) n-2 4m

◮ 4 times faster !

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Without improvement – S : n × m S-box

(˜ x, r1, r2) SecSBox(S) S(x) ⊕ s1 ⊕ s2 (s1, s2) n m m

With improvement – S′ : (n − 2) × 4m S-box

4m (s′

1, s′ 2)

S′(xH) ⊕ s′

1 ⊕ s′ 2

SecSBox(S′) (˜ xH, r1,H, r2,H) n-2 4m

◮ 4 times faster ! ◮ Returns the whole line of the matrix containing the masked output

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11)

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL = 0?

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL = 1?

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL = 00

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL = 01

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Improvement

Returned value: S′(xH) ⊕ s′

1 ⊕ s′ 2

Second step: extract masked S(x) ⊕ s1 ⊕ s2

◮ Requires a Select algorithm which from a masked bit securely selects

the corresponding half

xH S(xH, 00) S(xH, 01) S(xH, 10) S(xH, 11) S(0..0, 00) S(0..0, 01) S(0..0, 10) S(0..0, 11) S(1..1, 00) S(1..1, 01) S(1..1, 10) S(1..1, 11) xL = 01

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Schramm & Paar Solution (CT-RSA 2006)

Computation of a masked S-box : S⋆(y) = S(y ⊕ r1 ⊕ r2) ⊕ s1 ⊕ s2

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Schramm & Paar Solution (CT-RSA 2006)

Computation of a masked S-box : S⋆(y) = S(y ⊕ r1 ⊕ r2) ⊕ s1 ⊕ s2 Schramm & Paar 1:

◮ Two table re-computations

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Schramm & Paar Solution (CT-RSA 2006)

Computation of a masked S-box : S⋆(y) = S(y ⊕ r1 ⊕ r2) ⊕ s1 ⊕ s2 Schramm & Paar 1:

◮ Two table re-computations

Schramm & Paar 2:

◮ Involves the last masked S-box ◮ One single table re-computation ◮ Potential flaws for straightforward implementation

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Schramm & Paar Solution (CT-RSA 2006)

Computation of a masked S-box : S⋆(y) = S(y ⊕ r1 ⊕ r2) ⊕ s1 ⊕ s2 Schramm & Paar 1:

◮ Two table re-computations

Schramm & Paar 2:

◮ Involves the last masked S-box ◮ One single table re-computation ◮ Potential flaws for straightforward implementation

Compared to our solutions:

◮ Fewer operations ◮ More memory

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

AES implementations

Solution cycles RAM (bytes) ROM (bytes) Schramm & Paar 1 1083 × 103 512 + 86 2247 Schramm & Paar 2 594 × 103 512 + 90 2336 Our solution 672 × 103 256 + 86 2215 AES implementations secure against 2O-DSCA on an 8-bit microcontroller

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

8 × 8 S-box Implementations

Solution Cycles RAM (bytes) ROM (bytes) 8-bit architecture Schramm & Paar 1 6703 512 + 3 119 + 256 Schramm & Paar 2 3638 512 + 7 89 + 256 Our solution 4142 256 + 3 88 + 256 16-bit architecture Schramm & Paar 1 6418 512 96 + 512 Schramm & Paar 2 3090 512 56 + 256 Our solution 4125 256 98 + 512 32-bit architecture Schramm & Paar 2 3359 512 na. Our solution 4143 256 na.

Comparison of 8 × 8 S-box implementations secure against 2O-SCA on 8-bit, 16-bit and 32-bit architectures.

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

8 × 8 S-box Implementations

Solution Cycles RAM (bytes) ROM (bytes) 8-bit architecture Schramm & Paar 1 6703 512 + 3 119 + 256 Schramm & Paar 2 3638 512 + 7 89 + 256 Our solution 4142 256 + 3 88 + 256 16-bit architecture Schramm & Paar 1 6418 512 96 + 512 Schramm & Paar 2 3090 512 56 + 256 Our solution 4125 256 98 + 512 Our improved solution 2099 256 260 + 256 32-bit architecture Schramm & Paar 2 3359 512 na. Our solution 4143 256 na. Our improved solution 1415 256 na.

Comparison of 8 × 8 S-box implementations secure against 2O-SCA on 8-bit, 16-bit and 32-bit architectures.

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA

8 +

Conclusion

Block ciphers implementations provably secure against 2O-SCA Two new methods to secure S-box implementations against 2O-SCA Our solutions allow different efficiency/memory trade-offs Improvement when several S-box outputs can be stored on one microprocessor word The security of all our propositions is formally demonstrated

• M. Rivain, E. Dottax & E. Prouff

Block Ciphers Implementations Provably Secure ag. 2O-SCA