Abstract
Learning parity with physical noise (LPPN) has been proposed as an assumption on which to build authentication protocols based on the learning parity with noise (LPN) problem. Its first advantage is to reduce the randomness requirements of standard LPN-based protocols, by directly performing erroneous computations so that no (e.g. Bernoulli-distributed) errors have to be generated on chip. At ASHES 2018, an LPPN processor was presented and confirmed the possibility to efficiently generate erroneous computations with the appropriate error rate. Since LPPN computations are key-homomorphic, they are good candidates for improved side-channel security thanks to masking, since they could theoretically lead to masked implementations with overheads that are linear in the number of shares, the analysis of which was left as an open problem. In this paper, we confirm this good potential by analyzing the side-channel security of an LPPN processor. We (1) evaluate the leakage of different parts of the erroneous computations, (2) conclude that intermediate computations that can be targeted with a divide-and-conquer Gaussian template attack are a sweet spot for side-channel attacks, and (3) show that LPPN computations naturally reach a level of noise that makes masking effective, despite further noise addition could be beneficial to reach higher security at lower implementation cost.
Similar content being viewed by others
Notes
In a real-world scenario, the secret key would be embedded (in a shared manner if masked) and the random challenge would also be generated on-chip in the case of protocols secure against man-in-the middle attacks.
The dimensions considered are most informative based on the Mangard’s Signal to Noise Ratio (SNR) [18].
The serializer is implemented such that 16 banks of 64 bits (representing the input and key) are shifted before being loaded to the AND stage inputs.
References
Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs—myths and facts. In: Saxena, N., Sadeghi, A.R. (eds.) Radio Frequency Identification: Security and Privacy Issues, pp. 1–18. Springer, Cham (2014)
Belaïd, S., Coron, J., Fouque, P., Gérard, B., Kammerer, J., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: CHES Lecture Notes in Computer Science, vol. 9293. Springer, pp. 395–415 (2015)
Belaïd, S., Fouque, P., Gérard, B.: Side-channel analysis of multiplications in GF(2128) —application to AES-GCM. In: ASIACRYPT (2), Lecture Notes in Computer Science, vol. 8874. Springer, pp. 306–325 (2014)
Berti, F., Standaert, F.X.: An analysis of the learning parity with noise assumption against fault attacks. In: CARDIS, pp. 245–264 (2016)
Bronchain, O., Hendrickx, J.M., Massart, C., Olshevsky, A., Standaert, F.X.: Leakage certification revisited: Bounding model errors in side-channel security evaluations. In: A. Boldyreva, D. Micciancio (eds.) Advances in Cryptology–CRYPTO 2019—39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part I, Lecture Notes in Computer Science, vol. 11692. Springer, pp. 713–737 (2019). https://doi.org/10.1007/978-3-030-26948-7_25
Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? In: S. Guilley (ed.) Constructive Side-Channel Analysis and Secure Design—8th International Workshop, COSADE 2017, Paris, France, April 13–14, 2017, Revised Selected Papers, Lecture Notes in Computer Science, vol. 10348. Springer, pp. 1–18 (2017). https://doi.org/10.1007/978-3-319-64647-3_1
Cnudde, T.D., Ender, M., Moradi, A.: Hardware masking, revisited. IACR Trans. Cryptogr. Hardw. Embed. Syst 2018(2), 123–148 (2018). https://doi.org/10.13154/tches.v2018.i2.123-148
de Chérisey, E., Guilley, S., Rioul, O., Piantanida, P.: Best information is most successful mutual information and success rate in side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 49–79 (2019)
Duc, A., Faust, S., Standaert, F.X.: Making masking security proofs concrete—or how to evaluate the security of any leaking device. In: E. Oswald, M. Fischlin (eds.) Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26—30, 2015, Proceedings, Part I, Lecture Notes in Computer Science, vol. 9056. Springer, pp. 401–429 (2015). https://doi.org/10.1007/978-3-662-46800-5_16
Dziembowski, S., Faust, S., Herold, G., Journault, A., Masny, D., Standaert, F.X.: Towards sound fresh re-keying with hard (physical) learning problems. In: M. Robshaw, J. Katz (eds.) Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part II, Lecture Notes in Computer Science, vol. 9815. Springer pp. 272–301 (2016). https://doi.org/10.1007/978-3-662-53008-5_10
Eisenbarth, T., Kumar, S.S., Paar, C., Poschmann, A., Uhsadel, L.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007). https://doi.org/10.1109/MDT.2007.178
Gaspar, L., Leurent, G., Standaert, F.X.: Hardware implementation and side-channel analysis of lapin. In: CT-RSA, pp. 206–226 (2014)
Grosso, V., Standaert, F.X., Faust, S.: Masking versus multiparty computation: How large is the gap for AES? J. Cryptogr. Eng. 4(1), 47–57 (2014). https://doi.org/10.1007/s13389-014-0073-y
Joye, M., Tunstall, M. (eds.): Fault analysis in cryptography. Information Security and Cryptography. Springer (2012). https://doi.org/10.1007/978-3-642-29656-7
Kamel, D., Bellizia, D., Standaert, F.X., Flandre, D., Bol, D.: Demonstrating an LPPN processor. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, ASHES ’18, pp. 18–23. ACM, New York, NY, USA (2018). https://doi.org/10.1145/3266444.3266445
Kamel, D., Standaert, F.X., Duc, A., Flandre, D., Berti, F.: Learning with physical noise or errors. IEEE Trans. Dependable Secure Comput. (2018). https://doi.org/10.1109/TDSC.2018.2830763
Levi, I., Bellizia, D., Standaert, F.X.: Reducing a masked implementation’s effective security order with setup manipulations and an explanation based on externally-amplified couplings. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 293–317 (2019). https://doi.org/10.13154/tches.v2019.i2.293-317
Mangard, S.: Hardware countermeasures against DPA ? A statistical analysis of their effectiveness. In: CT-RSA (2004)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)
Mangard, S., Oswald, E., Standaert, F.X.: One for all—all for one: unifying standard differential power analysis attacks. IET Info. Secur. 5(2), 100–110 (2011)
Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: A. Menezes (ed.) Topics in Cryptology—CT-RSA 2005, The Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings, Lecture Notes in Computer Science, vol. 3376, pp. 351–365. Springer (2005). https://doi.org/10.1007/978-3-540-30574-3_24
Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011). https://doi.org/10.1007/s00145-010-9085-7
Pietrzak, K.: Cryptography from learning parity with noise. In: SOFSEM, pp. 99–114 (2012)
Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye and Tunstall, vol. 14, pp. 257–272. https://doi.org/10.1007/978-3-642-29656-7_15
Schneider, T., Moradi, A., Güneysu, T.: Part I—towards combined hardware countermeasures against side-channel and fault-injection attacks. In: CRYPTO, pp. 302–332 (2016)
Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: A. Joux (ed.) Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009. Proceedings, Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009). https://doi.org/10.1007/978-3-642-01001-9_26
Acknowledgements
François-Xavier Standaert is a senior associate researcher of the Belgian Fund for scientific research. This work has been funded in parts by the ERC Project SWORD (Grant Number 725725) and by the UCLouvain ARC Project NANOSEC.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kamel, D., Bellizia, D., Bronchain, O. et al. Side-channel analysis of a learning parity with physical noise processor. J Cryptogr Eng 11, 171–179 (2021). https://doi.org/10.1007/s13389-020-00238-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-020-00238-3