Filters








5,553 Hits in 5.9 sec

Masking Proofs Are Tight and How to Exploit it in Security Evaluations [chapter]

Vincent Grosso, François-Xavier Standaert
2018 Lecture Notes in Computer Science  
In this paper, we show that by taking advantage of the tightness of masking security proofs, we can significantly simplify this evaluation task in a very general manner.  ...  This is especially true when countermeasures such as masking are implemented since in this case: (i) the amount of measurements to perform a key recovery may become prohibitive for certification laboratories  ...  This work has been funded in parts by the ERC project 724725 (acronym SWORD).  ... 
doi:10.1007/978-3-319-78375-8_13 fatcat:7nfrs7mc2jh35ovsjw7m6suqay

On the Cost of Lazy Engineering for Masked Software Implementations [chapter]

Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, François-Xavier Standaert
2015 Lecture Notes in Computer Science  
by the target device, to security proofs in a (more realistic) model where the transitions between these intermediate variables are leaked.  ...  Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that the leakage corresponding to different shares is independent.  ...  In practice though, security proofs for masking heavily rely on an independence assumption.  ... 
doi:10.1007/978-3-319-16763-3_5 fatcat:xqkkai7b2bclppjvwzmdpvkv2y

Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version

Alexandre Duc, Sebastian Faust, François-Xavier Standaert
2018 Journal of Cryptology  
In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations.  ...  Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios.  ...  This work has been funded in parts by the ERC project 280141 (CRASH).  ... 
doi:10.1007/s00145-018-9277-0 fatcat:plkoujkigbgebbbjtqdtfhihqe

Making Masking Security Proofs Concrete [chapter]

Alexandre Duc, Sebastian Faust, François-Xavier Standaert
2015 Lecture Notes in Computer Science  
In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations.  ...  Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios.  ...  This work has been funded in parts by the ERC project 280141 (CRASH).  ... 
doi:10.1007/978-3-662-46800-5_16 fatcat:6osh7j6upveutezcycxko3cs7y

Compiling Sandboxes: Formally Verified Software Fault Isolation [chapter]

Frédéric Besson, Sandrine Blazy, Alexandre Dang, Thomas Jensen, Pierre Wilke
2019 Lecture Notes in Computer Science  
This eliminates the need for a binary verifier and, instead, leverages the soundness proof of the compiler to prove the security of the sandboxing transformation.  ...  To ensure that the untrusted module cannot escape its sandbox, existing approaches such as Google's Native Client rely on a binary verifier to check that all memory accesses are within the sandbox.  ...  Section 7 presents the design of our runtime library and how it exploits compiler support. Experimental results are detailed in Sect. 8. Section 9 presents related work and Sect. 10 concludes.  ... 
doi:10.1007/978-3-030-17184-1_18 fatcat:hoqmb4tyazdkfp42ejkavs3oya

Very High Order Masking: Efficient Implementation and Security Evaluation [chapter]

Anthony Journault, François-Xavier Standaert
2017 Lecture Notes in Computer Science  
In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the  ...  This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters.  ...  This work has been funded in parts by the INNOVIRIS project SCAUT and by the European Commission through the ERC project 724725 and the H2020 project REASSURE.  ... 
doi:10.1007/978-3-319-66787-4_30 fatcat:k5jft5vp6jheje3cg7a3yq7qay

Secure Transmission With Multiple Antennas I: The MISOME Wiretap Channel

Ashish Khisti, Gregory W. Wornell
2010 IEEE Transactions on Information Theory  
In addition, we study a masked beamforming scheme that radiates power isotropically in all directions and show that it attains near-optimal performance in the high SNR regime.  ...  Insights into the scaling behavior of the capacity in the large antenna regime as well as extensions to ergodic fading channels are also provided.  ...  ACKNOWLEDGMENT The authors would like to thank Y. C. Eldar and A.  ... 
doi:10.1109/tit.2010.2048445 fatcat:mszojjr2cbhprd26hdc5hktbni

Tight Private Circuits: Achieving Probing Security with the Least Refreshing [chapter]

Sonia Belaïd, Dahmun Goudarzi, Matthieu Rivain
2018 Advances in Industrial Control  
While many works have provided security proofs for small masked components, called gadgets, within this model, no formal method allowed to securely compose gadgets with a tight number of shares (namely  ...  As a result, it is overconservative and might insert more refresh gadgets than actually needed to ensure t-probing security.  ...  Acknowledgments We would like to thank François-Xavier Standaert and Gaëtan Cassiers for their in-depth review and helpful comments.  ... 
doi:10.1007/978-3-030-03329-3_12 fatcat:k7bcv6xmcrdhzar2gal5tq5s4e

Towards Globally Optimized Masking: From Low Randomness to Low Noise Rate

Gaëtan Cassiers, François-Xavier Standaert
2019 Transactions on Cryptographic Hardware and Embedded Systems  
We then use it to propose new improved algorithms, leading to better tradeoffs between randomness complexity and noise rate, and suggesting the possibility to design efficient masked multiplication algorithms  ...  It captures a sufficient requirement for designing masked implementations in a trivial way, by combining PINI multiplications and linear operations performed share by share.  ...  This conclusion is based on quantitative but heuristic evaluations in the LRPM. Obtaining tight proofs in the RPM is an interesting open problem.  ... 
doi:10.13154/tches.v2019.i2.162-198 dblp:journals/tches/CassiersS19 fatcat:ggngfqbbgfgxvk67fh5kzdztwa

There Is Wisdom in Harnessing the Strengths of Your Enemy: Customized Encoding to Thwart Side-Channel Attacks [chapter]

Houssem Maghrebi, Victor Servant, Julien Bringer
2016 Lecture Notes in Computer Science  
Our solution has been evaluated within several security metrics, proving its efficiency against side-channel attacks in realistic scenarios.  ...  Side-channel attacks are an important concern for the security of cryptographic algorithms.  ...  We thank anonymous reviewers of FSE 2016 for the various constructive comments and suggestions.  ... 
doi:10.1007/978-3-662-52993-5_12 fatcat:zc3ojhwtezhgpnawj3frlxiaji

On the Resilience of Even-Mansour to Invariant Permutations

Bart Mennink, Samuel Neves
2021 Designs, Codes and Cryptography  
In this work, we investigate how to thwart invariance exploitation at the mode level, namely by assuring that a mode never evaluates its underlying primitive under any invariance.  ...  We further demonstrate how the model composes, and apply it to the keyed sponge construction.  ...  The security model is outlined in Sect. 3.1, and Even-Mansour and its security in the invariant permutation model are stated in Sect. 3.2. The security proof is given in Sect. 3.3.  ... 
doi:10.1007/s10623-021-00850-2 fatcat:g7gxepprufbkdgxlhsruvia45y

Towards Sound Fresh Re-keying with Hard (Physical) Learning Problems [chapter]

Stefan Dziembowski, Sebastian Faust, Gottfried Herold, Anthony Journault, Daniel Masny, François-Xavier Standaert
2016 Lecture Notes in Computer Science  
Both constructions are efficient and easy to mask, since they are key homomorphic or almost key homomorphic.  ...  In the case of symmetric algorithms, it is rather key evolution that is exploited.  ...  More importantly, it is the starting point of most of the (e.g. template and regression-based) attacks that are usually considered in sidechannel security evaluations [20, 56] .  ... 
doi:10.1007/978-3-662-53008-5_10 fatcat:xy63yuhrf5ajpexha2bdjhlkru

Symmetric Cryptography (Dagstuhl Seminar 16021)

Frederik Armknecht, Tetsu Iwata, Kaisa Nyberg, Bart Preneel, Marc Herbstritt
2016 Dagstuhl Reports  
It was the fifth in the series of the Dagstuhl seminars "Symmetric Cryptography" held in 2007, 2009, 2012, and 2014.  ...  The first section describes the seminar topics and goals in general.  ...  We show in particular how recent advancements in computing discrete logarithms over finite fields of characteristic 2 can be exploited in a constructive way to realize highly efficient, constant-time masking  ... 
doi:10.4230/dagrep.6.1.34 dblp:journals/dagstuhl-reports/ArmknechtINP16 fatcat:3p4woms76ncrdm5hkd2iempk74

Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs

Carmit Hazay
2017 Journal of Cryptology  
In this paper we study the two fundamental functionalities oblivious polynomial evaluation in the exponent and set-intersection, and introduce a new technique for designing efficient secure protocols for  ...  Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.  ...  Proof: We prove security for each corruption case separately. We assume that the simulator is given m X and m Y as part of its auxiliary input.  ... 
doi:10.1007/s00145-017-9263-y fatcat:6ozcdk355zdd5l4yb5pvbuahhu

Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs [chapter]

Carmit Hazay
2015 Lecture Notes in Computer Science  
In this paper we study the two fundamental functionalities oblivious polynomial evaluation in the exponent and set-intersection, and introduce a new technique for designing efficient secure protocols for  ...  Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.  ...  Proof: We prove security for each corruption case separately. We assume that the simulator is given m X and m Y as part of its auxiliary input.  ... 
doi:10.1007/978-3-662-46497-7_4 fatcat:qxra4n7m25hf7kkklepqsce3ua
« Previous Showing results 1 — 15 out of 5,553 results