Randomness Optimization for Gadget Compositions in Higher-Order Masking
Physical characteristics of electronic devices, leaking secret and sensitive information to an adversary with physical access, pose a long-known threat to cryptographic hardware implementations. Among a variety of proposed countermeasures against such Side-Channel Analysis attacks, masking has emer...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Ruhr-Universität Bochum
2022-08-01
|
Series: | Transactions on Cryptographic Hardware and Embedded Systems |
Subjects: | |
Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/9818 |
_version_ | 1797326086157107200 |
---|---|
author | Jakob Feldtkeller David Knichel Pascal Sasdrich Amir Moradi Tim Güneysu |
author_facet | Jakob Feldtkeller David Knichel Pascal Sasdrich Amir Moradi Tim Güneysu |
author_sort | Jakob Feldtkeller |
collection | DOAJ |
description |
Physical characteristics of electronic devices, leaking secret and sensitive information to an adversary with physical access, pose a long-known threat to cryptographic hardware implementations. Among a variety of proposed countermeasures against such Side-Channel Analysis attacks, masking has emerged as a promising, but often costly, candidate. Furthermore, the manual realization of masked implementations has proven error-prone and often introduces flaws, possibly resulting in insecure circuits. In the context of automatic masking, a new line of research emerged, aiming to replace each physical gate with a secure gadget that fulfills well-defined properties, guaranteeing security when interconnected to a large circuit. Unfortunately, those gadgets introduce a significant amount of additional overhead into the design, in terms of area, latency, and randomness requirements.
In this work, we present a novel approach to reduce the demands for randomness in such gadget-composed circuits by reusing randomness across gadgets while maintaining security in the probing adversary model. To this end, we embedded the corresponding optimization passes into an Electronic Design Automation toolchain, able to construct, optimize, and implement masked circuits, starting from an unprotected design. As such, our security-aware optimization offers an additional building block for existing or new Electronic Design Automation frameworks, where security is considered a first-class design constraint.
|
first_indexed | 2024-03-08T06:18:30Z |
format | Article |
id | doaj.art-78ca6130495b43648652760ddd1e2fa2 |
institution | Directory Open Access Journal |
issn | 2569-2925 |
language | English |
last_indexed | 2024-03-08T06:18:30Z |
publishDate | 2022-08-01 |
publisher | Ruhr-Universität Bochum |
record_format | Article |
series | Transactions on Cryptographic Hardware and Embedded Systems |
spelling | doaj.art-78ca6130495b43648652760ddd1e2fa22024-02-04T16:21:04ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252022-08-0120224Randomness Optimization for Gadget Compositions in Higher-Order MaskingJakob Feldtkeller0David Knichel1Pascal Sasdrich2Amir Moradi3Tim Güneysu4Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, GermanyRuhr University Bochum, Horst Görtz Institute for IT Security, Bochum, GermanyRuhr University Bochum, Horst Görtz Institute for IT Security, Bochum, GermanyUniversity of Cologne, Institute for Computer Science, GermanyRuhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany; DFKI, Bremen, Germany Physical characteristics of electronic devices, leaking secret and sensitive information to an adversary with physical access, pose a long-known threat to cryptographic hardware implementations. Among a variety of proposed countermeasures against such Side-Channel Analysis attacks, masking has emerged as a promising, but often costly, candidate. Furthermore, the manual realization of masked implementations has proven error-prone and often introduces flaws, possibly resulting in insecure circuits. In the context of automatic masking, a new line of research emerged, aiming to replace each physical gate with a secure gadget that fulfills well-defined properties, guaranteeing security when interconnected to a large circuit. Unfortunately, those gadgets introduce a significant amount of additional overhead into the design, in terms of area, latency, and randomness requirements. In this work, we present a novel approach to reduce the demands for randomness in such gadget-composed circuits by reusing randomness across gadgets while maintaining security in the probing adversary model. To this end, we embedded the corresponding optimization passes into an Electronic Design Automation toolchain, able to construct, optimize, and implement masked circuits, starting from an unprotected design. As such, our security-aware optimization offers an additional building block for existing or new Electronic Design Automation frameworks, where security is considered a first-class design constraint. https://tches.iacr.org/index.php/TCHES/article/view/9818MaskingProbing SecurityStrong Non-InterferenceProbe Isolating Non-InterferenceSecurity-Aware OptimizationSecurity-Aware EDA |
spellingShingle | Jakob Feldtkeller David Knichel Pascal Sasdrich Amir Moradi Tim Güneysu Randomness Optimization for Gadget Compositions in Higher-Order Masking Transactions on Cryptographic Hardware and Embedded Systems Masking Probing Security Strong Non-Interference Probe Isolating Non-Interference Security-Aware Optimization Security-Aware EDA |
title | Randomness Optimization for Gadget Compositions in Higher-Order Masking |
title_full | Randomness Optimization for Gadget Compositions in Higher-Order Masking |
title_fullStr | Randomness Optimization for Gadget Compositions in Higher-Order Masking |
title_full_unstemmed | Randomness Optimization for Gadget Compositions in Higher-Order Masking |
title_short | Randomness Optimization for Gadget Compositions in Higher-Order Masking |
title_sort | randomness optimization for gadget compositions in higher order masking |
topic | Masking Probing Security Strong Non-Interference Probe Isolating Non-Interference Security-Aware Optimization Security-Aware EDA |
url | https://tches.iacr.org/index.php/TCHES/article/view/9818 |
work_keys_str_mv | AT jakobfeldtkeller randomnessoptimizationforgadgetcompositionsinhigherordermasking AT davidknichel randomnessoptimizationforgadgetcompositionsinhigherordermasking AT pascalsasdrich randomnessoptimizationforgadgetcompositionsinhigherordermasking AT amirmoradi randomnessoptimizationforgadgetcompositionsinhigherordermasking AT timguneysu randomnessoptimizationforgadgetcompositionsinhigherordermasking |