Leakage Resilience from Lattices Marco Martinoli ( ESR10 ) - - PowerPoint PPT Presentation

11th October 2017

Leakage Resilience from Lattices

Marco Martinoli (ESR10)

Supervised by Prof. Elisabeth Oswald and Dr. Martijn Stam

University of Bristol

Leaky Lattices 11th October 2017

HIGHLIGHTS 09/16 – 09/17

I went to NXP for my secondment; I started to write a draft of my long-lasting project; I presented my first paper.

Marco 3 - 0∗ PhD

∗Events that might have increased this score are out of scope.

Leaky Lattices 11th October 2017

Frodo meets ELMO

Joint work with Joppe Bos, Simon Friedberger (ESR12), Martijn Stam and Elisabeth Oswald.

(a) Frodo (b) ELMO

Leaky Lattices 11th October 2017

Introducing: ELMO

Emulator for power Leakages for the M0 is a tool for simulating power consumption for side-channel measurements; allows evaluating attacks on software running on an ARM Cortex-M0 without requiring a hardware measurement setup; simulates leakage with instruction accuracy; was checked against real leakage measured on an STM32F0 Discovery Board. Available at https://github.com/bristol-sca/ELMO.

Leaky Lattices 11th October 2017

Introducing: Frodo

Available at https://github.com/lwe-frodo/lwe-frodo.

Leaky Lattices 11th October 2017

Profiling

  A[0, 0] A[0, 1] A[0, 2] A[1, 0] A[1, 1] A[1, 2] A[2, 0] A[2, 1] A[2, 2]   ·   S[0, 0] S[0, 1] S[0, 2] S[1, 0] S[1, 1] S[1, 2] S[2, 0] S[2, 1] S[2, 2]  

Leaky Lattices 11th October 2017

Profiling

  A[0, 0] A[0, 1] A[0, 2] A[1, 0] A[1, 1] A[1, 2] A[2, 0] A[2, 1] A[2, 2]   ·   S[0, 0] S[0, 1] S[0, 2] S[1, 0] S[1, 1] S[1, 2] S[2, 0] S[2, 1] S[2, 2]  

Leaky Lattices 11th October 2017

Profiling

  A[0, 0] A[0, 1] A[0, 2] A[1, 0] A[1, 1] A[1, 2] A[2, 0] A[2, 1] A[2, 2]   ·   S[0, 0] S[0, 1] S[0, 2] S[1, 0] S[1, 1] S[1, 2] S[2, 0] S[2, 1] S[2, 2]  

Leaky Lattices 11th October 2017

Profiling

  A[0, 0] A[0, 1] A[0, 2] A[1, 0] A[1, 1] A[1, 2] A[2, 0] A[2, 1] A[2, 2]   ·   S[0, 0] S[0, 1] S[0, 2] S[1, 0] S[1, 1] S[1, 2] S[2, 0] S[2, 1] S[2, 2]  

Leaky Lattices 11th October 2017

Attack techniques

LWE-based key agreement protocol implies: weakly non-linear operations; internal secrets must be freshly regenerated at every invocation. DPA-style attacks need a lot of traces which are not provided. But secrets are small, hence there is a very small number of possible guesses to build template for.

Leaky Lattices 11th October 2017

Template profiles

q = 211, n = 352, S[0, 0] ∈ {0, ±1, ±2, ±3} ← χ

Leaky Lattices 11th October 2017

Template profiles: loading

−1 11111111111 −2 11111111110 −3 11111111101 +3 00000000011 +2 00000000010 +1 00000000001 00000000000

Depends on S[0, 0] only, constant with varying A[0, 0].

Leaky Lattices 11th October 2017

Template profiles: multiplication

−1 11111111111 −3 11111111101 −2 11111111110 +3 00000000011 +1 00000000001 +2 00000000010 00000000000 A[0, 0] contributes to power

consumption too.

Leaky Lattices 11th October 2017

Signal variance

Leaky Lattices 11th October 2017

SNR comparison

Leaky Lattices 11th October 2017

SCA of Frodo

Where we are: set up simulations and profiling; template matching in noiseless case; analysis of noise in PoI;

Leaky Lattices 11th October 2017

SCA of Frodo

Where we are: set up simulations and profiling; template matching in noiseless case; analysis of noise in PoI; template attack for first order recovery; alternative implementations;

Leaky Lattices 11th October 2017

SCA of Frodo

Where we are: set up simulations and profiling; template matching in noiseless case; analysis of noise in PoI; template attack for first order recovery; alternative implementations; shuffling; including leakage in BKZ to boost lattice attacks.

Leaky Lattices 11th October 2017

Totally non singular key update mechanism

Joint work with Martijn Stam and Elisabeth Oswald. Setting is continuous

d-probing model. s ← KeyGen(n) (˙ s0,¨ s0) ← Share(s) (˙ si, Oi) ← ˙ Update(˙ si−1) ¨ si ← ¨ Update(¨ si−1, Oi) s ← Recombine(˙ si,¨ si)

Leaky Lattices 11th October 2017

Totally non singular KU mechanism

Target is LWE public key encryption scheme over Zq for a prime q, secret is

s ∈ Zn

q . Share(s) = (˙

s,¨ s) such that    

s

=    

• B

 

• 



˙ s

+    

¨ s

B needs to be TNS to avoid linear dependencies among positions of the secret.

Leaky Lattices 11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Leaky Lattices 11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Update is secure;

Leaky Lattices 11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Update is secure;

composition of KU + Dec is secure;

Leaky Lattices 11th October 2017

Future work and more ideas

Finalise side-channel analysis of Frodo and TNS KU mechanism. Glitchtool, joint work with Erik Boss (ESR6), Duˇ san Boˇ zilov (ESR13), Miroslav Kneˇ zevi´ c, Ventzi Nikov. Involutory SBoxes, joint work with Erik Boss (ESR6), Ralph Ankele (ESR7). BKZ on leaky lattices, joint work with Matthias Minihold (ESR5).

Leaky Lattices 11th October 2017

Related activities

Secondment: NXP Semiconductors, Leuven (BE) ; Outreach: Digimaker on 11th November, Bristol; Teaching: Security 101, Cryptography A; Travels: SPACE16, RWC17, School on lattices in Oxford, Eurocrypt17, second London Crypto day. Subreviewer: Crypto17, Asiacrypt17, SPACE17, Transaction on Computers 2017, CT-RSA17.