[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2018/869

Higher-Order DCA against Standard Side-Channel Countermeasures

Andrey Bogdanov, Matthieu Rivain, Philip S. Vejre, and Junwei Wang

Abstract

At CHES 2016, Bos et al. introduced $\textit{differential computational analysis}$ (DCA) as an attack on white-box software implementations of block ciphers. This attack builds on the same principles as DPA in the classical side-channel context, but uses computational traces consisting of plain values computed by the implementation during execution. This attack was shown to be able to recover the key of many existing AES white-box implementations. The DCA adversary is $\textit{passive}$, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. It is therefore important to develop implementations which are resistant to this attack. We investigate the approach of applying standard side-channel countermeasures such as $\textit{masking}$ and $\textit{shuffling}$. Under some necessary conditions on the underlying randomness generation, we show that these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce $\textit{higher-order DCA}$, along with an enhanced $\textit{multivariate}$ version, and analyze the security of the countermeasures against these attacks. We derive analytic expressions for the complexity of the attacks -- backed up through extensive attack experiments -- enabling a designer to quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. COSADE 2019
Keywords
White-boxDCAHigher-order DCAMaskingShuffling
Contact author(s)
junwei wang @ cryptoexperts com
History
2019-02-15: revised
2018-09-23: received
See all versions
Short URL
https://ia.cr/2018/869
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/869,
      author = {Andrey Bogdanov and Matthieu Rivain and Philip S.  Vejre and Junwei Wang},
      title = {Higher-Order {DCA} against Standard Side-Channel Countermeasures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/869},
      year = {2018},
      url = {https://eprint.iacr.org/2018/869}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.