Resilience of randomized RNS arithmetic with respect to side-channel - PowerPoint PPT Presentation

Resilience of randomized RNS arithmetic with respect to side-channel leaks of cryptographic computation Jérôme Courtois jerome.courtois@lip6.fr May 5, 2019 In collaboration with Lokmane Abbas-Turki and Jean-Claude Bajard Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 1 / 20

The context Plaintext Moduli configuration Cryptographic System with RNS n Key K Cyphertext B n = { m 1 , ..., m n } , m i pairwise coprime. Chinese Remainder theorem � n → unique representation of integers in [0;M[, M = m i , with theirs residues in B n i = 1 X is denoted { x 1 , ..., x n } in B n with x i = X mod m i Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 2 / 20

Find K from leakage Plaintext Moduli configuration Cryptographic System with RNS n Key K Cyphertext Side Channel leakage Power Consumption Electromagnetic leaks Sound Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 2 / 20

Find K from Hamming distances Plaintext Moduli configuration Cryptographic System with RNS n Key K Cyphertext Hamming Distances ................... H d − 1 H 0 H 1 Side Channel Leakage proportional to Hamming distances. Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 2 / 20

Find K from Hamming distances Plaintext Random Moduli configuration Cryptographic System with RNS n Key K Cyphertext Hamming Distances Random? ................... H d − 1 H 0 H 1 J.C. Bajard & al.(2004) “Leak Resistant Arithmetic”. Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 2 / 20

Scalar Multiplication on ECC Denote RNS n an RNS representation with n moduli. Algorithm Montgomery Powering Ladder (MPL) for ECC in RNS n Require: A point G in RNS n representation A key K with a binary representation K = 2 d − 1 b 0 + 2 d − 2 b 1 + ... + 2 b d − 2 + b d − 1 Ensure: A 0 = [ K ] G ( H i ) i ∈{ 0 ,.., d − 1 } , the Hamming distances function A 1 = [ 2 ] A 0 for i=1 to d-1 do A b i = A b i + A b i A b i = [ 2 ] A b i end for end function Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 3 / 20

Scalar Multiplication on ECC Denote RNS n an RNS representation with n moduli. Algorithm Montgomery Powering Ladder (MPL) for ECC in RNS n Require: A point G in RNS n representation A key K with a binary representation K = 2 d − 1 b 0 + 2 d − 2 b 1 + ... + 2 b d − 2 + b d − 1 Ensure: A 0 = [ K ] G ( H i ) i ∈{ 0 ,.., d − 1 } , the Hamming distances function Random Moduli configuration C A 1 = [ 2 ] A 0 for i=1 to d-1 do A b i = A b i + A b i A b i = [ 2 ] A b i end for end function Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 3 / 20

Scalar Multiplication on ECC Denote RNS n an RNS representation with n moduli. Algorithm Montgomery Powering Ladder (MPL) for ECC in RNS n Require: A point G in RNS n representation A key K with a binary representation K = 2 d − 1 b 0 + 2 d − 2 b 1 + ... + 2 b d − 2 + b d − 1 Ensure: A 0 = [ K ] G ( H i ) i ∈{ 0 ,.., d − 1 } , the Hamming distances function Random Moduli configuration C A 1 = [ 2 ] A 0 H 0 = Hamming Weight of ( A 0 , A 1 ) for i=1 to d-1 do A b i = A b i + A b i A b i = [ 2 ] A b i H i = Hamming distance between actual ( A 0 , A 1 ) and previous ( A 0 , A 1 ) end for end function We obtain a vector of Hamming distances H = ( H 0 , ..., H d − 1 ) . Question! Can we find K if we know the sequence H ? Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 3 / 20

Modular multiplication Montgomery Algorithm Algorithm RNS modular multiplication Require: A base B n = { m 1 , ..., m n } where M = � n i = 0 m i M = � n A base � m n } where � B n = { � m 1 , ..., � m i � i = 0 N in B n and � B n with gcd(N,M)=1 and 0<2N<M A , B ∈ Z in B n and � B n with A × B < NM function Q ← ( − A × B ) × N − 1 in base B n Extension 1 of Q, from B n to � B n R ← ( A × B + Q × N ) × M − 1 in base � B n Extension 2 of R, from � B n to B n end function Ensure: R ≡ ABM − 1 mod N with R<2N J.C. Bajard & al.(2004) “Leak Resistant Arithmetic”. Choose 2 n fixed moduli { µ 1 , .., µ 2 n } pairwise coprime. m n } for � Draw { m 1 , ..., m n } among { µ 1 , .., µ 2 n } for B n , the remaining { � B n . m 1 , ..., � Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 4 / 20

Modular multiplication Montgomery Algorithm Algorithm RNS modular multiplication Require: A base B n = { m 1 , ..., m n } where M = � n i = 0 m i M = � n A base � m n } where � B n = { � m 1 , ..., � m i � i = 0 N in B n and � B n with gcd(N,M)=1 and 0<2N<M A , B ∈ Z in B n and � B n with A × B < NM function Q ← ( − A × B ) × N − 1 in base B n Extension 1 of Q, from B n to � B n R ← ( A × B + Q × N ) × M − 1 in base � B n Extension 2 of R, from � B n to B n end function Ensure: R ≡ ABM − 1 mod N with R<2N J.C. Bajard & al.(2004) “Leak Resistant Arithmetic”. Choose 2 n fixed moduli { µ 1 , .., µ 2 n } pairwise coprime. m n } for � Draw { m 1 , ..., m n } among { µ 1 , .., µ 2 n } for B n , the remaining { � B n . m 1 , ..., � Question What is the level of protection ensured by random moduli? Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 4 / 20

Perfect Noise Plaintext Random Moduli configuration C Cryptographic System with RNS n Key K Cyphertext Hamming Distances Random? H = ( H 0 H 1 ................... H d − 1 ) L ( H , K ) the joint distribution of ( H , K ) , L ( H | K ) the conditional distribution of H given K , L ( H ) and L ( K ) the marginal distributions of H and K . The perfect noise must fulfill L ( H , K ) = L ( H | K ) L ( K ) = L ( H ) L ( K ) . Said differently L ( H ) − L ( H | K ) = 0 . Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 5 / 20

Total Variation to Independence (TVI) with Monte Carlo Method Evaluation of the distance between L ( H ) and L ( H | K ) 2 p ′ − 1 q − 1 � � I k and H i = [ min ( H i ) , max ( H i )] = I = [ 0 , 2 p [= H i j k = 0 j = 0 2 p ′ − 1 q − 1 TVI i = 1 � � � � � � � � � H i ∈ H i H i ∈ H i � − P j | K ∈ I k � P � . � j � 2 k = 0 j = 0 Total Variation as a function of the calculation step. Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 6 / 20

Testing tools Given values of H = ( H 0 , ..., H d − 1 ) , what can be done to evaluate the quality of randomization? 1 Nist Statistical Tests Issue: the vector H has a multivariate Gaussian distribution. 2 Leakage Analysis Total Variation to Independence (TVI). Mutual Information Analysis (MIA). Differential Power Analysis (DPA). Correlation Power Analysis (CPA). Maximum Likelihood Estimator (MLE) used for Template Attack. Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 7 / 20

Mutual Information Analysis (MIA) for randomized moduli 2 p ′ − 1 � � q − 1 P ( H i ∈ H i � � j | K ∈ I k ) P ( H i ∈ H i MIA i = P ( K ∈ I k ) j | K ∈ I k ) log . P ( H i ∈ H i j ) k = 0 j = 0 Using Mean Square Error MSE = variance ( P ) � � σ 2 1 { Hi ∈H i j | K ∈ Ik } � ≈ MSE P . � Hi ∈H i j | K ∈ Ik S Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 8 / 20

Mutual Information Analysis (MIA) for randomized moduli 2 p ′ − 1 � � q − 1 P ( H i ∈ H i � � j | K ∈ I k ) P ( H i ∈ H i MIA i = P ( K ∈ I k ) j | K ∈ I k ) log . P ( H i ∈ H i j ) k = 0 j = 0 Using Mean Square Error MSE = variance ( P ) � � σ 2 1 { Hi ∈H i j | K ∈ Ik } � ≈ MSE P . � Hi ∈H i j | K ∈ Ik S � � �� � � �� H i ∈ H i H i ∈ H i log and log j | K ∈ I k have biased Monte Carlo estimators. P P j Using Mean Square Error MSE = bias 2 (log( P )) + variance (log( P )) � � � � σ 2 σ 2 1 { Hi ∈H i 1 { Hi ∈H i j } j | K ∈ Ik } �� ≈ �� ≈ MSE log and MSE log j | K ∈ I k ) . � � � � Hi ∈H i Hi ∈H i SP 2 ( H i ∈ H i j | K ∈ Ik SP 2 ( H i ∈ H i P j ) P j Conclusion For quantities smaller than one, the logarithm increases the distances but amplifies significantly the variance. It becomes difficult to use MIA i as a distinguisher . Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 8 / 20

DPA for randomized moduli Denote S S � � H i ( K , C ) = 1 j , C ′ ) = 1 H i ( K , C l ) H i ( K ′ H i ( K ′ j , C l + S ) . and S S l = 1 l = 1 We use the difference: DIFF i = H i ( K , C ) − H i ( K ′ j , C ′ ) . For example, when K = 110111101110 2 : We get 1 st zero from K = 110111101110 2 and K ′ 1 = 111111111111 2 . We get 2 de zero from K = 110111101110 2 and K ′ 2 = 110111111111 2 . We get 3 rd zero from K = 110111101110 2 and K ′ 3 = 110111101111 2 . Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 9 / 20

DPA for randomized moduli RNS6 and RNS7: DPA between 0 xfffffff and 0 xdeeefbf 7 with respectively a sample of size S = 1000000 and S = 90000. 0 xdeeefbf 7 = 11011110111011101111101111110111 2 Jérôme Courtois (LIP6) Resilience of Randomize RNS Arithmetic May 5, 2019 10 / 20