Provably secure compilation of side-channel countermeasures: the - PowerPoint PPT Presentation

Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Gilles Barthe Benjamin Grégoire Vincent Laporte CSF’18, 2018-07-12 Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 0 / 16

Side channels Running a program of physical devices leak information through side channels. Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 1 / 16 ▶ Light ▶ Heat ▶ Memory cache ▶ Sound ▶ Branch predictor ▶ Power ▶ … ▶ Time ▶ …

Constant-time programming Sofuware-based countermeasure against timing atuacks and cache atuacks. Guideline: control-fmow and memory accesses should not depend on sensitive data. Rationale: crypto implementations without this property are vulnerable. Caveat: wide range of atuacker models. Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 2 / 16

Secure compilation Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 3 / 16 ▶ Can we reason about “constant-time” at the source level? ▶ Do compilers preserve “constant-time”-ness?

Counter-example Α: emulation of conditional-move return x; 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii } } } else { Before return y; if (b) { int cmove(int x, int y, bool b) { Afuer } return x + (y − x) * b; int cmove(int x, int y, bool b) { 4 / 16

Counter-example Α: emulation of conditional-move return x; 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii } } } else { Before return y; if (b) { int cmove(int x, int y, bool b) { Afuer } return x + (y − x) * b; int cmove(int x, int y, bool b) { 4 / 16

Counter-example Β: double-word multiplication if (a | c) { 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii } } return Low(x) * Low(y); } else { /* … */ long c = High(y); Before long a = High(x); long long llmul(long long x, long long y) { Afuer 𝑧 = 𝑑𝑒 = 𝑑𝑂 + 𝑒 } return x * y; long long llmul(long long x, long long y) { 5 / 16 𝑦𝑧 = (𝑏𝑒 + 𝑑𝑐)𝑂 + 𝑐𝑒 ( mod 𝑂 2 ) 𝑦 = 𝑏𝑐 = 𝑏𝑂 + 𝑐

Counter-example Β: double-word multiplication if (a | c) { 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii } } return Low(x) * Low(y); } else { /* … */ long c = High(y); Before long a = High(x); long long llmul(long long x, long long y) { Afuer 𝑧 = 𝑑𝑒 = 𝑑𝑂 + 𝑒 } return x * y; long long llmul(long long x, long long y) { 5 / 16 𝑦𝑧 = (𝑏𝑒 + 𝑑𝑐)𝑂 + 𝑐𝑒 ( mod 𝑂 2 ) 𝑦 = 𝑏𝑐 = 𝑏𝑂 + 𝑐

Counter-example Γ: tabulation Before char rot13(char x) { return 'a' + ((x - 'a' + 13) % 26); } Afuer char rot13(char x) { static char table[26] = ”nopqrstuvwxyzabcdefghijklm”; return table[x - 'a']; } Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 6 / 16

Counter-example Γ: tabulation Before char rot13(char x) { return 'a' + ((x - 'a' + 13) % 26); } Afuer char rot13(char x) { static char table[26] = ”nopqrstuvwxyzabcdefghijklm”; return table[x - 'a']; } Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 6 / 16

Counter-example Δ: speculative load introduction Before if (false) { let x = *ptr; … x … } Afuer let x = *ptr; if (false) { … x … } Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 7 / 16

Counter-example Δ: speculative load introduction Before if (false) { let x = *ptr; … x … } Afuer let x = *ptr; if (false) { … x … } Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 7 / 16

Good news… Some compilers do preserve “constant-time”-ness. 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii 8 / 16 Let’s prove it (very formally)! Case studies: ▶ Constant folding ▶ Constant propagation ▶ Variable spilling ▶ Expression fmatuening ▶ Loop peeling ▶ Pull common instructions out of branches ▶ Swap independent instructions ▶ Linearization

𝜒(𝑗, 𝑗 ′ ) ⟹ ℓ 0 ⋅ ℓ 1 ⋅ ℓ 2 = ℓ ′ 0 ⋅ ℓ ′ 1 ⋅ ℓ ′ A non-interference property Defjnition (Constant-time) For every two execution prefjxes the leakages agree whenever the inputs agree: 2 Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 9 / 16 ℓ Decorate the small-step relation with a leakage : a b

A non-interference property the leakages agree whenever the inputs agree: 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii 2 9 / 16 For every two execution prefjxes Defjnition (Constant-time) ℓ Decorate the small-step relation with a leakage : a b ℓ 0 ℓ 1 ℓ 2 s 0 s 1 s 2 i . . . ℓ ′ ℓ ′ ℓ ′ 0 1 2 s ′ s ′ s ′ i ′ . . . 0 1 2 𝜒(𝑗, 𝑗 ′ ) ⟹ ℓ 0 ⋅ ℓ 1 ⋅ ℓ 2 = ℓ ′ 0 ⋅ ℓ ′ 1 ⋅ ℓ ′

Leakage? Any combination of: Vincent Laporte et alii Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” CSF’18 2018-07-12 10 / 16 ▶ tick per step ▶ branching conditions ▶ dereferenced addresses ▶ arguments of arithmetic operators (division, shifu, etc.) ▶ content of freed memory ▶ …

Compiler correctness & simulation diagrams Given a relation ≈ between source and target execution states, 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii (moreover, the ≈ relation is a relational invariant of any two related executions). then the compiler is correct 11 / 16 if related fjnal states yield the same result If the following diagram holds if initial states (for the same input values) are in relation a b ≈ ≈ α β

Lockstep 2-simulation Use relations ≡ between states to link the two executions. 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii 12 / 16 and prove that target leakages are equal: ▶ Each target step is related by the simulation proof to a source step. ▶ Use this relation to justify that the target leakage is benign. ▶ Take two instances of the simulation diagram with equal source leakage; t a ′ b ′ t a b ≈ ≈ ≈ τ ≈ β ′ α ′ τ α β

Lockstep 2-simulation Use relations ≡ between states to link the two executions. 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii 12 / 16 and prove that target leakages are equal: ▶ Each target step is related by the simulation proof to a source step. ▶ Use this relation to justify that the target leakage is benign. ▶ Take two instances of the simulation diagram with equal source leakage; t a ′ b ′ t a b ≈ ≈ ≈ τ ≈ β ′ α ′ τ α β

▶ Issue : how to (universally) quantify over instances of this diagram? ▶ Complying with hypotheses and conclusions is not enough ▶ Explicitly state the number of target steps: use a function “ 𝑜 = num-steps (𝑏, 𝛽) ” 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii and prove the simulation diagram for this number of steps Many-steps simulation 13 / 16 ▶ Some compilation passes require a more general simulation diagram a b ≈ ≈ + α β

▶ Explicitly state the number of target steps: use a function “ 𝑜 = num-steps (𝑏, 𝛽) ” Many-steps simulation 2018-07-12 CSF’18 Provably secure compilation of side-channel countermeasures: the case of cryptographic “constant-time” Vincent Laporte et alii and prove the simulation diagram for this number of steps 13 / 16 ▶ Some compilation passes require a more general simulation diagram a a b b ≈ ≈ ≈ ≈ ≈ + + + α β α β β ′ ▶ Issue : how to (universally) quantify over instances of this diagram? ▶ Complying with hypotheses and conclusions is not enough