Filters








2,939 Hits in 2.7 sec

Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model [chapter]

Gilles Barthe, François Dupressoir, Sebastian Faust, Benjamin Grégoire, François-Xavier Standaert, Pierre-Yves Strub
2017 Lecture Notes in Computer Science  
In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes.  ...  Eventually, we discuss the independent leakage assumption required for masking to deliver its security promises, and its specificities related to the serial or parallel nature of an implementation.  ...  Yet, and as mentioned in Section 3.2, testing the security of abstract implementations of masking schemes (in the probing or bounded moment models) is a useful preliminary, before performing expensive  ... 
doi:10.1007/978-3-319-56620-7_19 fatcat:bjrjvrpu6rer3mm2opyhf5vgaq

Vectorizing Higher-Order Masking [chapter]

Benjamin Grégoire, Kostas Papagiannopoulos, Peter Schwabe, Ko Stoffelen
2018 Lecture Notes in Computer Science  
At Eurocrypt 2017, the bounded moment leakage model was proposed to study the (theoretical) security of parallel implementations of masking schemes [5] .  ...  We use refreshing and multiplication algorithms that are proven to be secure in the bounded moment leakage model and to be strongly non-interfering.  ...  Simultaneously at Eurocrypt 2017, a theoretical model was proposed to study the security of parallel implementations of masking schemes, called the bounded moment leakage model [5] .  ... 
doi:10.1007/978-3-319-89641-0_2 fatcat:nrowmdwtb5azrguqh3xgwna7pq

Very High Order Masking: Efficient Implementation and Security Evaluation [chapter]

Anthony Journault, François-Xavier Standaert
2017 Lecture Notes in Computer Science  
In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the  ...  This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters.  ...  This work has been funded in parts by the INNOVIRIS project SCAUT and by the European Commission through the ERC project 724725 and the H2020 project REASSURE.  ... 
doi:10.1007/978-3-319-66787-4_30 fatcat:k5jft5vp6jheje3cg7a3yq7qay

Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners [article]

Ana Covic, Fatemeh Ganji, Domenic Forte
2021 arXiv   pre-print
To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical properties of the information leakage as well as the capabilities of the adversary  ...  tool to choose when designing masking schemes, and (3) identifies interesting new research directions where masking models and assessment tools can be applied.  ...  Bounded moment model, -probing model, and security notions are used to assess the leakage independence of shares, whereas noisy leakage models are used to check the condition of sufficient noise [13]  ... 
arXiv:2106.12714v2 fatcat:djqmxdobv5e3becegkmscz2zae

Masking and leakage-resilient primitives: One, the other(s) or both?

Sonia Belaïd, Vincent Grosso, François-Xavier Standaert
2014 Cryptography and Communications  
As a result, constructions of leakage-resilient PRGs and PRFs proven under the same bounded leakage assumption, and instantiated with the same AES implementation, may lead to different practical security  ...  Masking and leakage-resilient cryptography are probably the most investigated and best understood representatives of these two approaches.  ...  The resulting process is expected to improve physical security since if the masking scheme is carefully implemented (i.e. if the leakages of all the shares are independent), higher-order moments of the  ... 
doi:10.1007/s12095-014-0113-6 fatcat:tk2dvatnsbcg7fcc3arlaf2opq

On the Easiness of Turning Higher-Order Leakages into First-Order [chapter]

Thorben Moos, Amir Moradi
2017 Lecture Notes in Computer Science  
Our approach, which focuses on (but is not limited to) univariate leakages of hardware masking schemes, is based on categorizing the power traces according to the distribution of leakage points.  ...  Thus, to learn any information about the key-involving computations a side-channel adversary has to estimate the higher-order statistical moments of the leakage distributions.  ...  Acknowledgements The authors would like to acknowledge Axel Poschmann for the hardware designs and Stefan Heyse for his help on taping out the prototype chip.  ... 
doi:10.1007/978-3-319-64647-3_10 fatcat:mvakxgmk2rfynnpib4ix2w2j3y

Share-slicing: Friend or Foe?

Si Gao, Ben Marshall, Dan Page, Elisabeth Oswald
2019 Transactions on Cryptographic Hardware and Embedded Systems  
Under certain assumptions (w.r.t. independence and noise level), masking provably prevents attacks up to a certain security order and leads to a predictable increase in the number of required leakages  ...  We take two highly regarded schemes (ISW and Barthe et al.), and some corresponding open source implementations that make use of share slicing, and discuss their true security on an ARM Cortex-M0 and an  ...  Acknowledgements We would like to thank the anonymous reviewers for their helpful and constructive comments.  ... 
doi:10.13154/tches.v2020.i1.152-174 dblp:journals/tches/GaoMPO20 fatcat:jhv3rb4c7bfzxomcbz7k54z3ii

Making Masking Security Proofs Concrete [chapter]

Alexandre Duc, Sebastian Faust, François-Xavier Standaert
2015 Lecture Notes in Computer Science  
Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies.  ...  bounded based on the mutual information metric, using simple and efficient algorithms.  ...  François-Xavier Standaert is a research associate of the Belgian Fund for Scientific Research. This work has been funded in parts by the ERC project 280141 (CRASH).  ... 
doi:10.1007/978-3-662-46800-5_16 fatcat:6osh7j6upveutezcycxko3cs7y

Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version

Alexandre Duc, Sebastian Faust, François-Xavier Standaert
2018 Journal of Cryptology  
Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies.  ...  bounded based on the mutual information metric, using simple and efficient algorithms.  ...  François-Xavier Standaert is a research associate of the Belgian Fund for Scientific Research. This work has been funded in parts by the ERC project 280141 (CRASH).  ... 
doi:10.1007/s00145-018-9277-0 fatcat:plkoujkigbgebbbjtqdtfhihqe

Codes for Side-Channel Attacks and Protections [chapter]

Sylvain Guilley, Annelie Heuser, Olivier Rioul
2017 Lecture Notes in Computer Science  
In terms of attacks, we discuss optimal strategy in various practical contexts, such as type of noise, dimensionality of the leakage and of the model, etc.  ...  Regarding countermeasures, we give a formal analysis of some masking schemes, including enhancements based on codes contributed via fruitful collaborations with Claude Carlet.  ...  Acknowledgements Part of this work has been funded by the ANR CHIST-ERA project SECODE (Secure Codes to thwart Cyber-physical Attacks).  ... 
doi:10.1007/978-3-319-55589-8_3 fatcat:sgc3ll4ayjemvdfuzzqmdmgftm

Masking Proofs Are Tight and How to Exploit it in Security Evaluations [chapter]

Vincent Grosso, François-Xavier Standaert
2018 Lecture Notes in Computer Science  
More precisely, we show that the evaluation of a masked implementation can essentially be reduced to the one of an unprotected implementation.  ...  Evaluating the security level of a leaking implementation against side-channel attacks is a challenging task.  ...  Vincent Grosso is funded by the DFG Research Training Group GRK 1817 Ubicrypt. François-Xavier Standaert is an associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).  ... 
doi:10.1007/978-3-319-78375-8_13 fatcat:7nfrs7mc2jh35ovsjw7m6suqay

Hardware Countermeasures against Power Analysis Attacks: a Survey from Past to Present

Rafael Soares, Vitor Lima, Rodrigo Lellis, Plínio Finkenauer Jr., Vinícius Camargo
2021 Journal of Integrated Circuits and Systems  
A summary is highlighted to compare the pros and cons of the approaches to help designers choose a better solution, or even provide subsidies so that new solutions can be proposed.  ...  Since its invention, power analysis attacks are a threat to the security of such circuits.  ...  The authors would like to thank PPGC and UFPel for support our research. R. Lellis would like to thank the IFSUL for his license to pursuing the Ph.D.  ... 
doi:10.29292/jics.v16i2.501 fatcat:y4zvlpnujrdchnjcmfm7ivif7m

Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison [chapter]

Dahmun Goudarzi, Anthony Journault, Matthieu Rivain, François-Xavier Standaert
2018 Lecture Notes in Computer Science  
Our evaluations should therefore allow a designer to select a masking scheme based on implementation constraints and security requirements.  ...  In this paper, we optimize the performances and compare several recent masking schemes in bitslice on 32-bit arm devices, with a focus on multiplication.  ...  This work has been funded in part by the European Commission and the Walloon Region through the FEDER project USERMedia (convention number 501907-379156) and by the INNOVIRIS project SCAUT .  ... 
doi:10.1007/978-3-319-89641-0_1 fatcat:nqo676jwozco5cpcvzfnbbwcve

Higher-Order Threshold Implementations [chapter]

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2014 Lecture Notes in Computer Science  
The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and  ...  In particular, glitches in the circuit make it hard to protect the implementation with masking.  ...  Bilgin was partially supported by the FWO project G0B4213N and Benedikt Gierlichs is a Postdoctoral Fellow of the Research Foundation -Flanders (FWO).  ... 
doi:10.1007/978-3-662-45608-8_18 fatcat:prm5ogxf7veihhw4w53topjre4

Unknown-Input Attacks in the Parallel Setting: Improving the Security of the CHES 2012 Leakage-Resilient PRF [chapter]

Marcel Medwed, François-Xavier Standaert, Ventzislav Nikov, Martin Feldhofer
2016 Lecture Notes in Computer Science  
AES is implemented in parallel and that its S-boxes have similar leakage models [20] .  ...  Threshold implementations are a specialization of masking that reduces the independence requirement (by ensuring that glitches do not harm the security of the masked implementations) [5, 23] , which can  ...  We start by analyzing the deviation from Hamming weight leakages, then discuss the case of transition-based leakages (aka Hamming distance model), and finally look at the impact of a more realistic (bounded  ... 
doi:10.1007/978-3-662-53887-6_22 fatcat:xgkxmjtj6rcpxkieojdppb5ccu
« Previous Showing results 1 — 15 out of 2,939 results