Filters








37,168 Hits in 3.1 sec

Verified Proofs of Higher-Order Masking [chapter]

Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub
2015 Lecture Notes in Computer Science  
x 0 , ..., x t such that x = x 0 ... x t generally, we consider that an adversary that observes at most t program variables should not be able to recover x t is called masking order or security order  ...  Masking countermeasure which aims to render partial power consumption traces independent from the secrets by randomizing them each sensitive value x is replaced in the computations by t + 1 random variables  ...  security of masked programs no false positive, i.e., a program typed as secure is secure verification programs at high orders (> 2) Further Work § verify larger masked programs at higher orders § exhibit  ... 
doi:10.1007/978-3-662-46800-5_18 fatcat:ekaweuptbzfp3a3pcllqqplhpu

Formal Verification of Masked Hardware Implementations in the Presence of Glitches [chapter]

Roderick Bloem, Hannes Gross, Rinat Iusupov, Bettina Könighofer, Stefan Mangard, Johannes Winter
2018 Lecture Notes in Computer Science  
Our verifier is efficient enough to prove the security of a full masked first-order AES S-box, and of the Keccak S-box up to the third protection order.  ...  The verification is performed directly on the circuit's netlist in the probing model with glitches and covers also higher-order flaws.  ...  Verification of Higher-Order Masked Implementations To evaluate the performance of our verification approach for higher-order masked circuits, we run our tool on the generically masked DOM AND gate [24  ... 
doi:10.1007/978-3-319-78375-8_11 fatcat:nhb3nzzjojamblncd2bstq7bni

Technical Report: Property-Directed Verified Monitoring of Signal Temporal Logic [article]

Thomas Wright, Ian Stark
2020 arXiv   pre-print
We then show how the performance of monitoring can be increased substantially by introducing masks, a property-directed refinement of our method which restricts flowpipe monitoring to the time regions  ...  Finally, we apply our implementation of these methods to verifying properties of a challenging continuous system, evaluating the impact of each aspect of our procedure on monitoring performance.  ...  of Informatics.  ... 
arXiv:2008.06589v1 fatcat:d73dgydlmzcwzk3q5lcij53he4

Strong Non-Interference and Type-Directed Higher-Order Masking

Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub, Rébecca Zucchini
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms  ...  Masked algorithms are often expected to provide, at least, a certain level of probing security.  ...  Indeed, our closest competitor [4] report the verification of all 10 rounds of AES (including key schedule) at order 1 in 10 minutes, and could not verify all 10 rounds for higher orders.  ... 
doi:10.1145/2976749.2978427 dblp:conf/ccs/BartheBDFGSZ16 fatcat:lsl7sab7tfavnf6tf6g74hdj3e

Side-Channel Protections for Picnic Signatures

Diego F. Aranha, Sebastian Berndt, Thomas Eisenbarth, Okan Seker, Akira Takahashi, Luca Wilke, Greg Zaverucha
2021 Transactions on Cryptographic Hardware and Embedded Systems  
the underlying zero-knowledge proof system due to Katz–Kolesnikov–Wang (CCS 2018) for any masking order, and by formally proving that our approach meets the standard security notions of non-interference  ...  We then implement different masked versions of Picnic signing providing first order protection for the ARM Cortex M4 platform, and quantify the overhead of these different masking approaches.  ...  However, our manual security analysis indeed guarantees SNI security of higher-order masking.  ... 
doi:10.46586/tches.v2021.i4.239-282 fatcat:guzutmudgjbbtnlt5e3dlhl7hq

Anonymous authentication with subset queries (extended abstract)

Dan Boneh, Matt Franklin
1999 Proceedings of the 6th ACM conference on Computer and communications security - CCS '99  
We use the higher-residuosity assumption, which leads to greater efficiency and more natural security proofs than previous constructions.  ...  Our protocols also allow a prover to demonstrate membership in an arbitrary subset of users; key revocation is an important special case of this feature.  ...  The use of higher-residuosity leads to increased efficiency and more natural security proofs than previous constructions.  ... 
doi:10.1145/319709.319725 dblp:conf/ccs/BonehF99 fatcat:bq5rbacd2vb4zmh642v64ak4s4

Portable Software Fault Isolation

Joshua A. Kroll, Gordon Stewart, Andrew W. Appel
2014 2014 IEEE 27th Computer Security Foundations Symposium  
By composing our program transformer with the verified back-end of CompCert and leveraging CompCert's formally proved preservation of the behavior of safe programs, we can obtain binary modules that satisfy  ...  We present a new technique for architecture portable software fault isolation (SFI), together with a prototype implementation in the Coq proof assistant.  ...  ACKNOWLEDGMENTS We wish to thank sincerely the anonymous referees and everyone who read drafts of this work, especially Lennart Beringer, Drew Dean, and Edward W. Felten.  ... 
doi:10.1109/csf.2014.10 dblp:conf/csfw/KrollSA14 fatcat:3nbs6e6gtza5veoggnepamndeu

Masking Kyber: First- and Higher-Order Implementations

Joppe W. Bos, Marc Gourjon, Joost Renes, Tobias Schneider, Christine Van Vredendaal
2021 Transactions on Cryptographic Hardware and Embedded Systems  
To the best of our knowledge, this results in the first higher-order masked implementation of any post-quantum secure key encapsulation mechanism algorithm.  ...  which is protected against first- and higher-order attacks.  ...  Notably, we show techniques how to construct both first-and higher-order masking schemes for Kyber with formal proofs in the probing model for the newly-proposed masked components.  ... 
doi:10.46586/tches.v2021.i4.173-214 fatcat:nkvlktgvnjgulco2kplttqndtq

Constant-time higher-order Boolean-to-arithmetic masking

Michael Hutter, Michael Tunstall
2018 Journal of Cryptographic Engineering  
We show that our solution is more efficient than previously proposed methods for any choice of maskingscheme order, typically by several orders of magnitude.  ...  We propose explicit algorithms for a second-order secure Boolean-to-arithmetic mask conversion that uses 31 instructions and for a third-order secure mask conversion that uses 74 instructions.  ...  Definition 1 generalizes to higher-order masking schemes as follows: Definition 2 (Higher-Order Boolean-to-Arithmetic Mask Conversion Problem). Assuming a masking scheme of order n.  ... 
doi:10.1007/s13389-018-0191-z fatcat:4wrfc2cberfn3f7htjhess7xgy

Detecting Flawed Masking Schemes with Leakage Detection Tests [chapter]

Oscar Reparaz
2016 Lecture Notes in Computer Science  
In this paper, we report on a method to verify the soundness of a masking scheme before implementing it on a device.  ...  Many proposed masking schemes, even carrying "security proofs", are eventually broken because they are flawed by design.  ...  The author is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO).  ... 
doi:10.1007/978-3-662-52993-5_11 fatcat:qtkcptberra5ndyr24ll6l2ile

Formal Verification of Side-Channel Countermeasures via Elementary Circuit Transformations [chapter]

Jean-Sébastien Coron
2018 Lecture Notes in Computer Science  
We describe a technique to formally verify the security of masked implementations against side-channel attacks, based on elementary circuit transforms.  ...  , but at any order.  ...  Verified proofs of higher-order masking.  ... 
doi:10.1007/978-3-319-93387-0_4 fatcat:7y44k6m6tvfondulmih7c2kvmq

Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners [article]

Ana Covic, Fatemeh Ganji, Domenic Forte
2021 arXiv   pre-print
To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical properties of the information leakage as well as the capabilities of the adversary  ...  Thus, this survey serves as an essential reference for hardware security practitioners interested in the theory behind masking techniques, the tools useful to verify the security of masked circuits, and  ...  Algorithms such as this one produce small proof-of-concept circuits, which are further validated and verified, usually in the same work.  ... 
arXiv:2106.12714v2 fatcat:djqmxdobv5e3becegkmscz2zae

A kripke logical relation for effect-based program transformations

Jacob Thamsborg, Lars Birkedal
2011 Proceeding of the 16th ACM SIGPLAN international conference on Functional programming - ICFP '11  
We show how to use our model to verify a number of interesting program transformations that rely on effect annotations.  ...  One of the key challenges in the model construction for dynamically allocated higher-order store is that the meaning of a type may change since references, conceptually speaking, may become dangling due  ...  Kasper Svendsen and Filip Sieczkowski gave useful comments on a late draft of the paper.  ... 
doi:10.1145/2034773.2034831 dblp:conf/icfp/ThamsborgB11 fatcat:o44ivyynqzfalhxdmzrurzfh3a

A kripke logical relation for effect-based program transformations

Jacob Thamsborg, Lars Birkedal
2011 SIGPLAN notices  
We show how to use our model to verify a number of interesting program transformations that rely on effect annotations.  ...  One of the key challenges in the model construction for dynamically allocated higher-order store is that the meaning of a type may change since references, conceptually speaking, may become dangling due  ...  Kasper Svendsen and Filip Sieczkowski gave useful comments on a late draft of the paper.  ... 
doi:10.1145/2034574.2034831 fatcat:t4ckxnm3vbetjd3x6jqa3c6f2m

A Kripke logical relation for effect-based program transformations

Lars Birkedal, Guilhem Jaber, Filip Sieczkowski, Jacob Thamsborg
2016 Information and Computation  
We show how to use our model to verify a number of interesting program transformations that rely on effect annotations.  ...  One of the key challenges in the model construction for dynamically allocated higher-order store is that the meaning of a type may change since references, conceptually speaking, may become dangling due  ...  Kasper Svendsen and Filip Sieczkowski gave useful comments on a late draft of the paper.  ... 
doi:10.1016/j.ic.2016.04.003 fatcat:cuxtvtce2fgd3knnrrxuiwdnxa
« Previous Showing results 1 — 15 out of 37,168 results