Efficient Masked Ciphers Cryptanalysis 2020 Insights
Explore cutting-edge research on efficient masked ciphers cryptanalysis, including second-order secure threshold implementations, probing adversaries, and advancements in achieving second-order secure round functions. Discover innovative techniques such as non-completeness over stages, pairing masked S-boxes, and the use of noisy probing models to enhance security. Uncover the limitations of the Asiacrypt 2020 designs and how they impact cryptanalytic properties. Delve into the world of cryptography with this insightful study.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Cryptanalysis of Efficient Masked Ciphers: Applications to Low Latency Tim Beyne, Siemen Dhooghe, Amir Moradi, Aein Rezaei Shahmirzadi
Asiacrypt 2020 Beyne et al. Cryptanalysis of Masked Ciphers Second-order secure threshold implementations without randomness Security based on linear cryptanalysis A probing adversary with limited queries Applied to a seven-shared LED cipher over 3 cycles per round Every stage is second-order non-complete and uniform ? Achieved an advantage of 2121for ? queries 2 KU Leuven, COSIC-imec
CHES 2021 Shahmirzadi et al. Re-Consolidating First-Order Masking Schemes Nullifying Fresh Randomness Second-Order SCA Security with almost no Fresh Randomness First and secure order secure and uniform sharings over multiple cycles 3 KU Leuven, COSIC-imec
Achieving a second-order secure round function Using re-usable randomness 4 KU Leuven, COSIC-imec
Masking Technique 1 Non-completeness over two stages Each quadratic function requires two stages Security: Two probes in ?1: secure because of ? Probing ?1and ?2: secure since both are first-order non-complete 5 KU Leuven, COSIC-imec
Masking Technique 2 Pairing masked S-boxes One cycle per quadratic function Security: Probe one pair: masked by randomness Probe two pairs: masked by the paired input 6 KU Leuven, COSIC-imec
Noisy Probing Model Adding noise in a bounded query model 7 KU Leuven, COSIC-imec
Limitations of Asiacrypt 2020 Problems with the new designs Bound of the adversary worsens when more bits are viewed by the probes With paired S-boxes, many bits are viewed Fewer shares means worse cryptanalytic properties of the shared S-box The noise on the observations is not considered Can be used to significantly improve the bounds 8 KU Leuven, COSIC-imec
Noisy Probing Model 9 KU Leuven, COSIC-imec
Case Study Midori 10 KU Leuven, COSIC-imec
Case Study: Midori S-box is composed of two quadratic maps Four cycles with technique 1 Three cycles with technique 2 400-450 random bits per encryption Including the sharing of the key and plaintext 11 KU Leuven, COSIC-imec
Case Study: Midori 12 KU Leuven, COSIC-imec
Experimental Analysis 13 KU Leuven, COSIC-imec
Efficiency 14 KU Leuven, COSIC-imec
Future Work Prolead A Probing-Based Hardware Leakage Detection Tool by M ller and Moradi Flaws when not re-masking linear coordinates of a quadratic function Composition with the linear layer Updated Midori, Prince, and SKINNY on Github Permuting the static random bits Adding an extra 20 bits randomness Other masking techniques to make Asiacrypt 2020 efficient Investigation of the security of low randomness 15 KU Leuven, COSIC-imec
Thank you! Questions? 16 KU Leuven, COSIC-imec
