Skip to main content
SpringerLink
Log in

Side-channel analysis of a learning parity with physical noise processor

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Learning parity with physical noise (LPPN) has been proposed as an assumption on which to build authentication protocols based on the learning parity with noise (LPN) problem. Its first advantage is to reduce the randomness requirements of standard LPN-based protocols, by directly performing erroneous computations so that no (e.g. Bernoulli-distributed) errors have to be generated on chip. At ASHES 2018, an LPPN processor was presented and confirmed the possibility to efficiently generate erroneous computations with the appropriate error rate. Since LPPN computations are key-homomorphic, they are good candidates for improved side-channel security thanks to masking, since they could theoretically lead to masked implementations with overheads that are linear in the number of shares, the analysis of which was left as an open problem. In this paper, we confirm this good potential by analyzing the side-channel security of an LPPN processor. We (1) evaluate the leakage of different parts of the erroneous computations, (2) conclude that intermediate computations that can be targeted with a divide-and-conquer Gaussian template attack are a sweet spot for side-channel attacks, and (3) show that LPPN computations naturally reach a level of noise that makes masking effective, despite further noise addition could be beneficial to reach higher security at lower implementation cost.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. In a real-world scenario, the secret key would be embedded (in a shared manner if masked) and the random challenge would also be generated on-chip in the case of protocols secure against man-in-the middle attacks.

  2. The dimensions considered are most informative based on the Mangard’s Signal to Noise Ratio (SNR) [18].

  3. The serializer is implemented such that 16 banks of 64 bits (representing the input and key) are shifted before being loaded to the AND stage inputs.

References

  1. Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs—myths and facts. In: Saxena, N., Sadeghi, A.R. (eds.) Radio Frequency Identification: Security and Privacy Issues, pp. 1–18. Springer, Cham (2014)

    Google Scholar 

  2. Belaïd, S., Coron, J., Fouque, P., Gérard, B., Kammerer, J., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: CHES Lecture Notes in Computer Science, vol. 9293. Springer, pp. 395–415 (2015)

  3. Belaïd, S., Fouque, P., Gérard, B.: Side-channel analysis of multiplications in GF(2128) —application to AES-GCM. In: ASIACRYPT (2), Lecture Notes in Computer Science, vol. 8874. Springer, pp. 306–325 (2014)

  4. Berti, F., Standaert, F.X.: An analysis of the learning parity with noise assumption against fault attacks. In: CARDIS, pp. 245–264 (2016)

  5. Bronchain, O., Hendrickx, J.M., Massart, C., Olshevsky, A., Standaert, F.X.: Leakage certification revisited: Bounding model errors in side-channel security evaluations. In: A. Boldyreva, D. Micciancio (eds.) Advances in Cryptology–CRYPTO 2019—39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part I, Lecture Notes in Computer Science, vol. 11692. Springer, pp. 713–737 (2019). https://doi.org/10.1007/978-3-030-26948-7_25

  6. Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? In: S. Guilley (ed.) Constructive Side-Channel Analysis and Secure Design—8th International Workshop, COSADE 2017, Paris, France, April 13–14, 2017, Revised Selected Papers, Lecture Notes in Computer Science, vol. 10348. Springer, pp. 1–18 (2017). https://doi.org/10.1007/978-3-319-64647-3_1

  7. Cnudde, T.D., Ender, M., Moradi, A.: Hardware masking, revisited. IACR Trans. Cryptogr. Hardw. Embed. Syst 2018(2), 123–148 (2018). https://doi.org/10.13154/tches.v2018.i2.123-148

    Article  Google Scholar 

  8. de Chérisey, E., Guilley, S., Rioul, O., Piantanida, P.: Best information is most successful mutual information and success rate in side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 49–79 (2019)

    Article  Google Scholar 

  9. Duc, A., Faust, S., Standaert, F.X.: Making masking security proofs concrete—or how to evaluate the security of any leaking device. In: E. Oswald, M. Fischlin (eds.) Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26—30, 2015, Proceedings, Part I, Lecture Notes in Computer Science, vol. 9056. Springer, pp. 401–429 (2015). https://doi.org/10.1007/978-3-662-46800-5_16

  10. Dziembowski, S., Faust, S., Herold, G., Journault, A., Masny, D., Standaert, F.X.: Towards sound fresh re-keying with hard (physical) learning problems. In: M. Robshaw, J. Katz (eds.) Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part II, Lecture Notes in Computer Science, vol. 9815. Springer pp. 272–301 (2016). https://doi.org/10.1007/978-3-662-53008-5_10

  11. Eisenbarth, T., Kumar, S.S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007). https://doi.org/10.1109/MDT.2007.178

    Article  Google Scholar 

  12. Gaspar, L., Leurent, G., Standaert, F.X.: Hardware implementation and side-channel analysis of lapin. In: CT-RSA, pp. 206–226 (2014)

  13. Grosso, V., Standaert, F.X., Faust, S.: Masking versus multiparty computation: How large is the gap for AES? J. Cryptogr. Eng. 4(1), 47–57 (2014). https://doi.org/10.1007/s13389-014-0073-y

    Article  Google Scholar 

  14. Joye, M., Tunstall, M. (eds.): Fault analysis in cryptography. Information Security and Cryptography. Springer (2012). https://doi.org/10.1007/978-3-642-29656-7

  15. Kamel, D., Bellizia, D., Standaert, F.X., Flandre, D., Bol, D.: Demonstrating an LPPN processor. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, ASHES ’18, pp. 18–23. ACM, New York, NY, USA (2018). https://doi.org/10.1145/3266444.3266445

  16. Kamel, D., Standaert, F.X., Duc, A., Flandre, D., Berti, F.: Learning with physical noise or errors. IEEE Trans. Dependable Secure Comput. (2018). https://doi.org/10.1109/TDSC.2018.2830763

    Article  Google Scholar 

  17. Levi, I., Bellizia, D., Standaert, F.X.: Reducing a masked implementation’s effective security order with setup manipulations and an explanation based on externally-amplified couplings. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 293–317 (2019). https://doi.org/10.13154/tches.v2019.i2.293-317

    Article  Google Scholar 

  18. Mangard, S.: Hardware countermeasures against DPA ? A statistical analysis of their effectiveness. In: CT-RSA (2004)

  19. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

    MATH  Google Scholar 

  20. Mangard, S., Oswald, E., Standaert, F.X.: One for all—all for one: unifying standard differential power analysis attacks. IET Info. Secur. 5(2), 100–110 (2011)

    Article  Google Scholar 

  21. Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: A. Menezes (ed.) Topics in Cryptology—CT-RSA 2005, The Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings, Lecture Notes in Computer Science, vol. 3376, pp. 351–365. Springer (2005). https://doi.org/10.1007/978-3-540-30574-3_24

  22. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011). https://doi.org/10.1007/s00145-010-9085-7

    Article  MathSciNet  MATH  Google Scholar 

  23. Pietrzak, K.: Cryptography from learning parity with noise. In: SOFSEM, pp. 99–114 (2012)

  24. Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye and Tunstall, vol. 14, pp. 257–272. https://doi.org/10.1007/978-3-642-29656-7_15

  25. Schneider, T., Moradi, A., Güneysu, T.: Part I—towards combined hardware countermeasures against side-channel and fault-injection attacks. In: CRYPTO, pp. 302–332 (2016)

  26. Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: A. Joux (ed.) Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009. Proceedings, Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009). https://doi.org/10.1007/978-3-642-01001-9_26

Download references

Acknowledgements

François-Xavier Standaert is a senior associate researcher of the Belgian Fund for scientific research. This work has been funded in parts by the ERC Project SWORD (Grant Number 725725) and by the UCLouvain ARC Project NANOSEC.

Author information

Authors and Affiliations

  1. Université Catholique de Louvain (UCLouvain), Ottignies-Louvain-la-Neuve, Belgium

    Dina Kamel, Davide Bellizia, Olivier Bronchain & François-Xavier Standaert

Authors
  1. Dina Kamel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Davide Bellizia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Bronchain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dina Kamel.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kamel, D., Bellizia, D., Bronchain, O. et al. Side-channel analysis of a learning parity with physical noise processor. J Cryptogr Eng 11, 171–179 (2021). https://doi.org/10.1007/s13389-020-00238-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00238-3

Keywords

Search

Navigation