Skip to main content
SpringerLink
Log in

Achieving side-channel high-order correlation immunity with leakage squeezing

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This article deeply analyzes high-order (HO) Boolean masking countermeasures against side-channel attacks in contexts where the shares are manipulated simultaneously and the correlation coefficient is used as a statistical distinguisher. The latter attacks are sometimes referred to as zero-offset high-order correlation power analysis (HO-CPA). In particular, the main focus is to get the most out of a single mask (i.e., for masking schemes with two shares). The relationship between the leakage characteristics and the attack efficiency is thoroughly studied. Our main contribution is to link the minimum attack order (called HO-CPA immunity) to the amount of information leaked. Interestingly, the HO-CPA immunity can be much larger than the number of shares in the masking scheme. This is made possible by the leakage squeezing. It is a variant of the Boolean masking where masks are recoded relevantly by bijections. This technique and others from the state-of-the-art (namely leak-free masking and wire-tap codes) are overviewed, and put in perspective.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. In the context of polynomials in variables \(L_0, \ldots , L_d\) over the field \(\mathbb {K}\) (e.g., \(\mathbb {K}=\mathbb {R}\)), our definition of multivariate degree coincides with the “usual” degree of polynomials in the algebra \(\mathbb {K}[L_0, \ldots , L_d]/(\prod _{i=0}^d L_i^2-L_i)\), also called sometimes the algebraic degree.

  2. A similar result had already been derived by Le and Berthier in [30], based on a development of the Kullback–Leibler divergence (alike Lemma 3) at order \(4\) obtained also by Cardoso in an earlier work of his [9]. Our result, given in Eq. (6), can be seen as a generalization at any order.

References

  1. Akkar, M.-L., Giraud, C.: An Implementation of DES and AES Secure against Some Attacks. In LNCS (ed) Proceedings of CHES’01, vol. 2162 of LNCS, pp. 309–318. Springer, Berlin (2001)

  2. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  3. Bhasin, S., Carlet, C., Guilley, S.: Theory of masking with codewords in hardware: low-weight \(d\)th-order correlation-immune Boolean functions. Cryptology ePrint Archive, Report 2013/303, 2013. http://eprint.iacr.org/2013/303/

  4. Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. Cryptology ePrint Archive, Report 2013/717, 2013. http://eprint.iacr.org/2013/717

  5. Bhasin, S., Guilley, S., Heuser, A., Danger, J.-L.: From cryptography to hardware: analyzing and protecting embedded xilinx bram for cryptographic applications. J. Cryptogr. Eng. 3(4), 213–225 (2013)

    Article  Google Scholar 

  6. Brier, E., Clavier, C., Olivier, F.: Analysis, correlation power, with a leakage model. In: CHES, vol 3156 of LNCS, pp. 16–29. August 11–13, Cambridge, MA. Springer, Berlin (2004)

  7. Bringer, J., Chabanne, H., Le, T.-H.: Protecting AES against side-channel analysis using wire-tap codes. J. Cryptogr. Eng. 2(2), 129–141 (2012)

    Article  Google Scholar 

  8. Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On correlation-immune functions. In: Feigenbaum, J. (ed) CRYPTO, Lecture Notes in Computer Science, vol. 576, pp. 86–100. Springer, Berlin (1991)

  9. Cardoso, J.-F.: High-order contrasts for independent component analysis. Neural Comput. 11(1), 157–192 (January 1999)

  10. Cardoso, Jean-François: Dependence, correlation and gaussianity in independent component analysis. J. Mach. Learn. Res. 4, 1177–1203 (2003)

    MathSciNet  Google Scholar 

  11. Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P. (eds) Chapter of the Monography Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge. Preliminary version available at http://www.math.univ-paris13.fr/carlet/chap-fcts-Bool-corr.pdf (2010)

  12. Carlet, C., Danger, J.-L.: Sylvain Guilley, and Houssem Maghrebi. Leakage Squeezing of Order Two. In INDOCRYPT, vol. 7668 of LNCS, pp. 120–139. Springer, Berlin (2012)

  13. Carlet, C., Gaborit, P., Kim, J.-L., Solé, P.: A new class of codes for boolean masking of cryptographic computations. IEEE Trans. Inf. Theory 58(9), 6000–6011 (2012)

    Article  Google Scholar 

  14. Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for S-Boxes. In: FSE, Lecture Notes in Computer Science. Springer, Berlin (2012)

  15. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Approaches, towards sound, to counteract power-analysis attacks. In: CRYPTO, vol. 1666 of LNCS. Springer, Berlin (1999). ISBN 3-540-66347-9

  16. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: CHES, vol. 2523 of LNCS, pp. 13–28. Springer, Berlin (2002)

  17. Coron, J.-S.: Higher order masking of look-up tables. Cryptology ePrint Archive, Report 2013/700. 2013. http://eprint.iacr.org/

  18. Jean-Sébastien Coron, Emmanuel Prouff, and Matthieu Rivain. Side Channel Cryptanalysis of a Higher Order Masking Scheme. In CHES, vo. 4727 of LNCS, pp. 28–44. Springer, Berlin

  19. Courtois, N., Goubin, L.: An algebraic masking method to protect AES against power attacks. In: Won, D., Kim, S. (eds) ICISC, vol. 3935 of Lecture Notes in Computer Science, pp. 199–209. Springer, Berlin (2005)

  20. Drimer, S., Güneysu, T., Paar, C.: DSPs, BRAMs, and a pinch of logic: Extended recipes for AES on FPGAs. ACM Trans. Reconfig. Technol. Syst. 3(1), 1–27 (2010). doi:10.1145/1661438.1661441

  21. Fischer, W., Gammel, B.M.: Masking at gate level in the presence of glitches. In: CHES, vol. 3659 of Lecture Notes in Computer Science, pp. 187–200. Springer, Berlin (2005)

  22. Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds) Selected Areas in Cryptography, vol. 6544 of LNCS, pp. 262–280. Springer, Berlin (2010)

  23. Goubin, L., Martinelli, A.: Protecting AES with Shamir’s Secret Sharing Scheme. In: Preneel and Takagi [42], pp. 79–94

  24. Goubin, L., Jacques P.: DES and differential power analysis. The “Duplication” Method. In: CHES, LNCS, pp. 158–172. Springer, Berlin (1999)

  25. Grosso, V., Standaert, F.-X., Prouff, E.: Leakage squeezing, Revisited. In: CARDIS, Lecture Notes in Computer Science. Springer, Berlin (2013)

  26. Guilley, S., Carlet, C., Maghrebi, H., Danger, J.-L., Prouff, E.: Leakage squeezing–defeating instantaneous \((d+1)\)th-order correlation power analysis with strictly less than \(d\) masks. In: CryptArchi, June 19–22 2012. Château de Goutelas, Marcoux, France; (abstract)

  27. Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Preneel and Takagi [42], pp. 33–48

  28. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed) CT-RSA, vol. 7178 of Lecture Notes in Computer Science, pp. 231–244. Springer, Berlin (2012)

  29. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Berlin (1999)

    Google Scholar 

  30. Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds) IWSEC, volume 6434 of LNCS, pp. 285–300. Springer, Berlin (2010)

  31. Maghrebi, H., Carlet, C., Guilley, S., Danger, J.-L.: Optimal first-order masking with linear and non-linear bijections. In: Mitrokotsa, A., Vaudenay, S. (eds) AFRICACRYPT, vol. 7374 of Lecture Notes in Computer Science, pp. 360–377. Springer, Berlin (2012)

  32. Maghrebi, H., Guilley, S., Carlet, C., Danger, J.-L.: Classification of high-order boolean masking schemes and improvements of their efficiency. Cryptology ePrint Archive, Report 2011/520, September 2011. http://eprint.iacr.org/2011/520

  33. Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order atacks. In: WISTP, vol. 6633 of LNCS, pp. 208–223. Springer, Berlin (2011). doi:10.1007/978-3-642-21040-2_14

  34. Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: A first-order leak-free masking countermeasure. In: CT-RSA, vol. 7178 of LNCS, pp. 156–170. Springer, Berlin (2012). doi:10.1007/978-3-642-27954-6_10

  35. Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: Register leakage masking using gray code. In: HOST, IEEE Computer Society, pp. 37–42 (2012). doi:10.1109/HST.2012.6224316

  36. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Springer, Berlin (2006). ISBN 0-387-30857-1, http://www.dpabook.org/

  37. Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: CHES, vol. 4249 of LNCS, pp. 76–90. Springer, Berlin (2006)

  38. Moradi, A., Mischke, O.: How far should theory be from practice? Evaluation of a countermeasure. In: CHES, Leuven, Belgium (2012)

  39. Nassar, M., Guilley, S., Danger, J.-L.: Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks. In: INDOCRYPT, vol. 7107 of LNCS, pp. 22–39. Springer, Berlin (2011). doi:10.1007/978-3-642-25578-6_4

  40. Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In: DATE, pp. 1173–1178. IEEE Computer Society, March 12–16, 2012. Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”)

  41. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)

    Article  MATH  Google Scholar 

  42. Preneel, B., Takagi, T. (eds) Cryptographic hardware and embedded systems-CHES 2011—13th International Workshop, Nara, Japan, September 28-October 1, 2011. Proceedings, vol. 6917 of LNCS. Springer, Berlin (2011)

  43. Prouff, E., McEvoy, R.P.: First-order side-channel attacks on the permutation tables countermeasure. In: CHES, vol. 5747 of Lecture Notes in Computer Science, pp. 81–96. Springer, Berlin (2009)

  44. Prouff, E., Rivain, M.: Masking against side channel attacks: a formal security proof. In: EUROCRYPT, vol. 7881 of LNCS, pp. 142–159. Springer, Berlin (2013)

  45. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  46. Prouff, E., Roche, T.: Attack on a higher-order masking of the AES based on homographic functions. In: Gong, G., Chand Gupta, K. (eds) INDOCRYPT, vol. 6498 of Lecture Notes in Computer Science, pp. 262–281. Springer, Berlin (2010)

  47. Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel and Takagi [42], pp. 63–78

  48. Japanese RCIS-AIST. SASEBO (Side-channel Attack Standard Evaluation Board, Akashi Satoh) development board: 2013. http://www.risec.aist.go.jp/project/sasebo/

  49. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds) CHES, vol. 6225 of LNCS, pp. 413–427. Springer, Berlin (2010)

  50. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. Cryptology ePrint Archive, Report 2009/420, September 2009. http://eprint.iacr.org/2009/420

  51. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: LNCS (ed) CHES, vol. 3659 of LNCS, pp. 30–46. Springer, Berlin (2005)

  52. Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, vol. 5479 of LNCS, pp. 443–461. Springer, Berlin (2009)

Download references

Acknowledgments

The authors are grateful to Shivam Bhasin for providing the estimation of the signal-to-noise ratio on FPGAs. We also thank Thanh-Ha Le and Maël Berthier from Safran-Morpho for interesting discussions regarding the use of cumulants in the development of the mutual information in the presence of strong noise. The interaction with them was a key for the rigorous demonstration of Theorem 1. Besides, this work, originating from IACR Cryptology ePrint Archive 2011/520 [32] and from a presentation at CRYPTARCHI 2012 [26], has greatly improved after the numerous fruitful exchanges with the anonymous reviewers. This work has been partly supported by the French National Research Agency (ANR), under Grant ANR-09-SEGI-013 (ARPEGE project SecReSoC, “Secured Reconfigurable System on Chip”).

Author information

Authors and Affiliations

  1. LAGA, UMR 7539, CNRS, Department of Mathematics, University of Paris VIII and University of Paris XIII, 2 rue de la liberté, 93 526 , Saint-Denis Cedex, France

    Claude Carlet

  2. Department COMELEC, Institut MINES-TELECOM/TELECOM-ParisTech, CNRS LTCI (UMR 5141), 46 rue Barrault, 75 634 , Paris Cedex 13, France

    Jean-Luc Danger

  3. Secure-IC S.A.S., 80 avenue des Buttes de Coësmes, 35 700 , Rennes, France

    Jean-Luc Danger & Sylvain Guilley

  4. Department COMELEC, Institut MINES-TELECOM/TELECOM-ParisTech, CNRS LTCI (UMR 5141), 37/39 rue Dareau, 75 014 , Paris, France

    Sylvain Guilley & Houssem Maghrebi

  5. Morpho-Safran, 18, chaussée Jules César, 95 520 , Osny, France

    Houssem Maghrebi

  6. Agence Nationale de la Sécurité des Systèmes d’Information, 51 boulevard de La Tour-Maubourg, 75 700 , Paris 07 SP, France

    Emmanuel Prouff

Authors
  1. Claude Carlet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Houssem Maghrebi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Emmanuel Prouff
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Houssem Maghrebi.

Appendix A: Estimation of the noise level in hardware implementations

Appendix A: Estimation of the noise level in hardware implementations

This appendix presents a method to estimate the signal-to-noise ratio (SNR) from real traces. For the sake of illustration, we use traces gathered from an FPGA (Xilinx Virtex 5) soldered on a SASEBO-GII board [48]. The traces are captured from the electromagnetic field emitted by the FPGA by an oscilloscope with a bandwidth of \(6\) GHz. The FPGA is programmed with an AES, that leaks values \(Y\) that depend on the distance between two state values \(X\). The architecture of the AES is that described in [40] (but with the countermeasure inhibited): one round is computed for every clock cycle. For each of the \(16\)-state bytes (but the first line, invariant through the ShiftRows transform, that has a poor SNR), the SNR is computed at the last round. The definition of the SNR requires two notions:

  1. 1.

    the signal is the inter-class variance, i.e., \(\mathsf {Var}\left[\, \mathbb {E}[Y|X ] \right]\), whereas

  2. 2.

    the noise is the total variance minus the signal, i.e., the intra-class variance \(\mathbb {E}[\mathsf {Var}\left[\, Y|X \right] ]\).

The SNR (in power, i.e., squared) is defined as the ratio between the inter- and the intra-class variances (refer to [4, 36]). These values are plotted over time in Fig. 8 when \(X\) is the transition of the last round. It appears that the value of the “squared” SNR is about \(0.005\), hence \(1/\sigma ^2 \approx 0.005\), which means \(\sigma \approx 14\). This value of \(\sigma \), representative of million-gate parallel devices like FPGAs, is significantly larger than the noise that taints measurements over ASICs such as smart-cards. This definitely shows that the hypothesis of “large values” of \(\sigma \) in FPGAs is supported, all the more so as the designer can decide to further increase the noise variance by activating pseudo-random logic, as explained for instance in [27].

Fig. 8
figure 8

SNR in power for an AES within a Xilinx Virtex 5 FPGA

Full size image

Rights and permissions

Reprints and permissions

About this article

Cite this article

Carlet, C., Danger, JL., Guilley, S. et al. Achieving side-channel high-order correlation immunity with leakage squeezing. J Cryptogr Eng 4, 107–121 (2014). https://doi.org/10.1007/s13389-013-0067-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-013-0067-1

Keywords

Search

Navigation