security of cryptosystems against power-analysis attacks ... · cryptanalysis: power-analysis...
TRANSCRIPT
Security of Cryptosystems AgainstPower-Analysis Attacks
PhD Defense
October 22, 2015
Presented by Sonia Belaïd
1/40
2/40
Cryptology
Alice Bob
Eve
Cryptanalysis
CryptographyÜ ConfidentialityÜ AuthenticationÜ Integrity
2/40
Cryptology
Alice Bob
Eve
Cryptanalysis
CryptographyÜ ConfidentialityÜ AuthenticationÜ Integrity
2/40
Cryptology
Alice Bob
EveCryptanalysis
CryptographyÜ ConfidentialityÜ AuthenticationÜ Integrity
3/40
Cryptography is divided intoÜ Asymmetric cryptographyÜ Symmetric cryptography
Alice Bob
m ← ‘Hello Bob’c ← ENCk (m)
m ← DECk (c)m = ‘Hello Bob’
c = ‘fbjdsiqfesarizom’
Example: confidentiality with encryption
3/40
Cryptography is divided intoÜ Asymmetric cryptographyÜ Symmetric cryptography
Alice Bob
m ← ‘Hello Bob’c ← ENCk (m)
m ← DECk (c)m = ‘Hello Bob’
c = ‘fbjdsiqfesarizom’
Example: confidentiality with encryption
3/40
Cryptography is divided intoÜ Asymmetric cryptographyÜ Symmetric cryptography
Alice Bob
m ← ‘Hello Bob’c ← ENCk (m)
m ← DECk (c)m = ‘Hello Bob’
c = ‘fbjdsiqfesarizom’
Example: confidentiality with encryption
3/40
Cryptography is divided intoÜ Asymmetric cryptographyÜ Symmetric cryptography
Alice Bob
m ← ‘Hello Bob’c ← ENCk (m)
m ← DECk (c)m = ‘Hello Bob’
c = ‘fbjdsiqfesarizom’
Example: confidentiality with encryption
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-channel analysis
Alice Bob
ENCmi
k
ci DECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysis: A ← (mi ,c i)
Ü Side-Channel Analysis
Alice Bob
ENCmi
k
ci DECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)
Alice Bob
ENCENCmi
k
ci DECDECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)
Alice Bob
ENCENCmi
k
ci DECDECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)
Alice Bob
ENCENCmi
k
ci DECDECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)
Alice Bob
ENCENCmi
k
ci DECDECci
k
mi
L i
4/40
CryptanalysisÜ Black-box cryptanalysisÜ Side-Channel Analysis: A ← (mi ,c i ,L i)
Alice Bob
ENCENCmi
k
ci DECDECci
k
mi
L i
5/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
5/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Hidden Multiplier Problem:
1. Successful attack with low noise
2. Improved attack for higher noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
S. Belaïd, J-S. Coron, B.Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
5/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Hidden Multiplier Problem:
1. Successful attack with low noise
2. Improved attack for higher noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
S. Belaïd, J-S. Coron, B.Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
6/40
Classical Power-Analysis Attack against AES-128
128-bit input m
⊕k0
S-box
8-bit v
– 8 bits
Attack on 8 bitsÏ prediction of the outputs for the
256 possible 8-bit secretÏ correlation between predictions
and leakageÏ selection of the best correlation to
find the correct 8-bit secret
Attack on 128 bitsÏ repetition of the attack on 8 bits
on each S-box
7/40
Power-Analysis Attack against AES-GCMauthentication, multiplication-based fresh re-keying, ...
Ü k is only manipulated in multiplications
128-bit input m 128-bit key k
¯8
¯8
...
¯8
128-bit output v
128-bit input m 128-bit key k
¯128
128-bit output v
7/40
Power-Analysis Attack against AES-GCMauthentication, multiplication-based fresh re-keying, ...
Ü k is only manipulated in multiplications
128-bit input m 128-bit key k
¯8
¯8
...
¯8
128-bit output v
128-bit input m 128-bit key k
¯128
128-bit output v
7/40
Power-Analysis Attack against AES-GCMauthentication, multiplication-based fresh re-keying, ...
Ü k is only manipulated in multiplications
128-bit input m 128-bit key k
¯8
¯8
...
¯8
128-bit output v
128-bit input m 128-bit key k
¯128
128-bit output v
8/40
Hidden Multiplier Problem
Let k ←GF(2n). Let ` ∈N.Given a sequence {mi ,L i }1≤i≤`where
Ï mi ←GF(2n)
Ï L i =HW(v i)+εi , εi ∼N (0,σ2)
recover k .
n-bit input m n-bit key k
¯n
n-bit output v
9/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Hidden Multiplier Problem:
1. Successful attack with low noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.
Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
9/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Hidden Multiplier Problem:
1. Successful attack with low noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.
Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
10/40
Main Observation
Current Issue: each bit of the 128-bitmultiplication’s result depends on allthe key bits
Ü no divide-and-conquer strategy
Hypotheses:Ï leakage of multiplication’s outputs
HW(v)+εÏ multiplication in GF(2128)
128-bit input m 128-bit key k
¯128
128-bit output v
Main observation:the LSB of a variable’s Hamming weight is a linear function of its bits:
lsb0 (HW(v))= ⊕0ÉiÉ127
v i =⊕
0ÉiÉ127
( ⊕0ÉjÉ127−i
mj
)k i
10/40
Main Observation
Current Issue: each bit of the 128-bitmultiplication’s result depends on allthe key bits
Ü no divide-and-conquer strategy
Hypotheses:Ï leakage of multiplication’s outputs
HW(v)+εÏ multiplication in GF(2128)
128-bit input m 128-bit key k
¯128
128-bit output v
Main observation:the LSB of a variable’s Hamming weight is a linear function of its bits:
lsb0 (HW(v))= ⊕0ÉiÉ127
v i =⊕
0ÉiÉ127
( ⊕0ÉjÉ127−i
mj
)k i
11/40
System of Equations
With ` Hamming weight values {HW(v (i))}0Éi<`, we recover k bysolving S :
S =
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(0)j
)k i = lsb0 (HW(v))(0)
⊕b(0)ε
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(1)j
)k i = lsb0 (HW(v))(1)
⊕b(1)ε
. . .⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(`−1)j
)k i = lsb0 (HW(v))(`−1)
⊕b(`−1)ε
But in practice, the leakage comes with noise: L =HW(v)+ε
lsb0 (dL c) = lsb0 (HW(v))⊕bε
11/40
System of Equations
With ` Hamming weight values {HW(v (i))}0Éi<`, we recover k bysolving S :
S =
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(0)j
)k i = lsb0 (HW(v))(0)
⊕b(0)ε
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(1)j
)k i = lsb0 (HW(v))(1)
⊕b(1)ε
. . .⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(`−1)j
)k i = lsb0 (HW(v))(`−1)
⊕b(`−1)ε
But in practice, the leakage comes with noise: L =HW(v)+ε
lsb0 (dL c) = lsb0 (HW(v))⊕bε
11/40
System of Equations
With ` Hamming weight values {HW(v (i))}0Éi<`, we recover k bysolving S :
S =
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(0)j
)k i = lsb0 (HW(v))(0) ⊕b(0)
ε
⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(1)j
)k i = lsb0 (HW(v))(1) ⊕b(1)
ε
. . .⊕0ÉiÉ127
( ⊕0ÉjÉ127−i
m(`−1)j
)k i = lsb0 (HW(v))(`−1) ⊕b(`−1)
ε
But in practice, the leakage comes with noise: L =HW(v)+ε
lsb0 (dL c) = lsb0 (HW(v))⊕bε
12/40
Complexities
Signal-to-Noise RatioMethod 3.200 800 200 128
Naive method (Cs,Ct ) (29,221) (29,221) (29,265) (29,2107)
LPN (LF Algo) (Cs,Ct ) (212,214) (221,222) (233,234) (249,250)
Linear decoding (Cs,Ct ) (27,26) (27,27) (29,225) (210,262)
Signal-to-noise ratio= signal variancenoise variance
= 32σ2
13/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Hidden Multiplier Problem:
1. Successful attack with low noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.
Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
13/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Hidden Multiplier Problem:
1. Successful attack with low noise
S. Belaïd, P-A. Fouque,and B. Gérard
Asiacrypt 2014
2. Improved attack for higher noiseS. Belaïd, J-S. Coron, B.
Gérard, P-A. Fouque, J-G.Kammerer, and E. Prouff
CHES 2015
14/40
Main Observation
New Attack:Ü filter the multiplication’s outputs
leakage to extract high and lowHamming weights
Ü solve a system with errors
Improvements:4 more generic4 less impacted by noise
n-bit input m n-bit key k
¯n
n-bit output v
15/40
System of Equations
Reminder:L (v)=HW(v)+ε=HW(m¯k)+ε
Extreme cases:
HW(v)= 0 Ü v = 0
v0 = ⊕0Éj<n
( ⊕i∈I(0,j)
mi
)k j = 0
v1 = ⊕0Éj<n
( ⊕i∈I(1,j)
mi
)k j = 0
......
...
vn−1 = ⊕0Éj<n
( ⊕i∈I(n−1,j)
mi
)k j = 0
HW(v)= n Ü v = 2n −1
v0 = ⊕0Éj<n
( ⊕i∈I(0,j)
mi
)k j = 1
v1 = ⊕0Éj<n
( ⊕i∈I(1,j)
mi
)k j = 1
......
...
vn−1 = ⊕0Éj<n
( ⊕i∈I(n−1,j)
mi
)k j = 1
with an error probability p
15/40
System of Equations
Reminder:L (v)=HW(v)+ε=HW(m¯k)+ε
Usual cases:
L (v) low Ü v ≈ 0
v0 = ⊕0Éj<n
( ⊕i∈I(0,j)
mi
)k j = 0
v1 = ⊕0Éj<n
( ⊕i∈I(1,j)
mi
)k j = 0
......
...
vn−1 = ⊕0Éj<n
( ⊕i∈I(n−1,j)
mi
)k j = 0
L (v) high Ü v ≈ 2n −1
v0 = ⊕0Éj<n
( ⊕i∈I(0,j)
mi
)k j = 1
v1 = ⊕0Éj<n
( ⊕i∈I(1,j)
mi
)k j = 1
......
...
vn−1 = ⊕0Éj<n
( ⊕i∈I(n−1,j)
mi
)k j = 1
with an error probability p
16/40
Filtering
20 40 60 80 100
0.0
2.0
4.0
6.0
·10−2 50 78
B(128,0.5)
L < n2 −λ
pn
2 L > n2 +λ
pn
2
SNR= 128n = 128λ≈ 2.5
filtering: 1 trace over 25
error probability: p ≈ 0.38
17/40
Error Probabilities
log2(1/F (λ)) 30 25 20 15 10 5SNR= 128, σ= 0.5
λ 6.00 5.46 4.85 4.15 3.29 2.16p 0.23 0.25 0.28 0.31 0.34 0.39
p [BFG14] 0.31SNR= 8, σ= 2
λ 6.37 5.79 5.14 4.39 3.48 2.28p 0.25 0.27 0.29 0.32 0.35 0.40
p [BFG14] > 0.49SNR= 2, σ= 4
λ 7.42 6.73 5.97 5.09 4.03 2.64p 0.28 0.30 0.32 0.34 0.37 0.41
p [BFG14] > 0.49SNR= 0.5, σ= 8
λ 10.57 9.58 8.48 7.21 5.71 3.73p 0.34 0.36 0.37 0.39 0.41 0.44
p [BFG14] > 0.49
Signal-to-noise ratio= signal variancenoise variance
= 32σ2
18/40
Experiments for n = 128Ï Filtering on a Virtex 5 - 128 bits (n = 128) : SNR= 8.21, σ= 7.11
1 1.5 2 2.5 3 3.5 4
0.36
0.38
0.4
0.42
0.44
filtering (λ)
erro
rpro
babi
litie
sptheoretical
pexperimental
Ï Expected complexities to recover k with 220 consumption traces
trade-offs (time , memory )
(259.31,227.00
)(251.68,236.00
)(250.00,244.00
)
19/40
Conclusion on the Multiplication Cryptanalysis
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Summary4 successful attacks on multiplications from the output’s leakage4 practical for n = 128 (use cases: AES-GCM, re-keying)
Further WorkÜ application of similar attacks on other primitivesÜ deeper analysis of LPN techniques in the context of side-channel
analysis
20/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
20/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
20/40
Chosen Contributions
Cryptanalysis: Power-Analysis Attacks
n-bit input m n-bit key k
¯n
n-bit output v
Ü
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
21/40
Countermeasures against Power-Analysis Attacks
m
k
c
L
Problem: leakage L is key-dependent
Fresh Re-keying
Idea: regularly change k
session key k?
R
master key k
cm
r
Masking
Idea: make leakage L random
sensitive value: v = f (m,k)
v0 ← v ⊕( ⊕1ÉiÉt
v i
)v1 ← $ ... v t ← $
Ü each t-uple of v i isindependent from v
21/40
Countermeasures against Power-Analysis Attacks
m
k
c
L
Problem: leakage L is key-dependent
Fresh Re-keying
Idea: regularly change k
session key k?
R
master key k
cm
r
Masking
Idea: make leakage L random
sensitive value: v = f (m,k)
v0 ← v ⊕( ⊕1ÉiÉt
v i
)v1 ← $ ... v t ← $
Ü each t-uple of v i isindependent from v
22/40
Security of Masked Programs: Leakage Model
realism
conv
enie
nce
fors
ecur
itypr
oofs t-probing model
Ishai, Sahai, Wagner
Crypto 03
noisyleakage model
Prouff, Rivain
Eurocrypt 13
no leak-free gates
leak-free gates
reductionDuc, Dziembowski, Faust
Eurocrypt 14
22/40
Security of Masked Programs: Leakage Model
realism
conv
enie
nce
fors
ecur
itypr
oofs t-probing model
Ishai, Sahai, Wagner
Crypto 03
noisyleakage model
Prouff, Rivain
Eurocrypt 13
no leak-free gates
leak-free gates
reductionDuc, Dziembowski, Faust
Eurocrypt 14
23/40
Chosen Contributions
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
23/40
Chosen Contributions
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
48?
2. test 286 3-uples8 missing cases8 inefficient
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
4
8?
2. test 286 3-uples8 missing cases8 inefficient
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
4
8
?
2. test 286 3-uples8 missing cases8 inefficient
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
48
?
2. test 286 3-uples8 missing cases8 inefficient
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
48?
2. test 286 3-uples8 missing cases8 inefficient
24/40
Security in the t-probing model
1. show that a t-uple is independent from the secret2. test all the possible t-uples
function Ex-t3(x1,x2,x3,x4,c):(* x1,x2,x3 = $ *)(* x4 = x +x1 +x2 +x3 *)
r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
1. independentfrom the secret?
8 many mistakes
48?
2. test 286 3-uples8 missing cases8 inefficient
25/40
1. Show that a t-uple is independent from the secret
Inputs: t intermediate variables, b ← true
(Rule 1) secret variables?yes Ü (Rule 2)
no Ü 4
(Rule 2) an expression v is invertible in theonly occurrence of a random r?
yes Ü v ← r ; (Rule 1)
no Ü (Rule 3)
(Rule 3) is flag b = true?
yes Ü simplify; b ← false; (Rule 1)
no Ü 8
function Ex-t3(x1,x2,x3,x4,c):
r1 ← $
r2 ← $
y1 ← x1 + r1
y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1
t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
4 Ü distribution independent from the secret8 Ü might be used for an attack
25/40
1. Show that a t-uple is independent from the secret
Inputs: t intermediate variables, b ← true
(Rule 1) secret variables?yes Ü (Rule 2)
no Ü 4
(Rule 2) an expression v is invertible in theonly occurrence of a random r?
yes Ü v ← r ; (Rule 1)
no Ü (Rule 3)
(Rule 3) is flag b = true?
yes Ü simplify; b ← false; (Rule 1)
no Ü 8
function Ex-t3(x1,x2,x3,x4,c):
r1 ← $
r2 ← $
y1 ← x1 + r1
y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1
t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
4 Ü distribution independent from the secret8 Ü might be used for an attack
25/40
1. Show that a t-uple is independent from the secret
Inputs: t intermediate variables, b ← true
(Rule 1) secret variables?yes Ü (Rule 2)
no Ü 4
(Rule 2) an expression v is invertible in theonly occurrence of a random r?
yes Ü v ← r ; (Rule 1)
no Ü (Rule 3)
(Rule 3) is flag b = true?
yes Ü simplify; b ← false; (Rule 1)
no Ü 8
function Ex-t3(x1,x2,x3,x4,c):
r1 ← $
r2 ← $
y1 ← x1 + r1
y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1
t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
4 Ü distribution independent from the secret8 Ü might be used for an attack
25/40
1. Show that a t-uple is independent from the secret
Inputs: t intermediate variables, b ← true
(Rule 1) secret variables?yes Ü (Rule 2)
no Ü 4
(Rule 2) an expression v is invertible in theonly occurrence of a random r?
yes Ü v ← r ; (Rule 1)
no Ü (Rule 3)
(Rule 3) is flag b = true?
yes Ü simplify; b ← false; (Rule 1)
no Ü 8
function Ex-t3(x1,x2,x3,x4,c):
r1 ← $
r2 ← $
y1 ← x1 + r1
y2 ← (x +x1 +x2 +x3)+ r2
y2 ← x3
t1 ← x2 + r1
t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
4 Ü distribution independent from the secret8 Ü might be used for an attack
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X C(X
)
Algorithm 1:
1. select X = (t variables) and prove itsindependence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X C(X
)
Algorithm 1:
1. select X = (t variables) and prove itsindependence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X C(X
)
Algorithm 1:
1. select X = (t variables) and prove itsindependence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X
X C(X
)
Algorithm 1:1. select X = (t variables) and prove its
independence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X
C(X
)
Algorithm 1:1. select X = (t variables) and prove its
independence2. extend X to X with more
observations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X C(X
)Algorithm 1:
1. select X = (t variables) and prove itsindependence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)
4. merge X and C(X
)once they are
processed separately.
26/40
2. Extension to All Possible Sets
Problem: n intermediate variables Ü(n
t)
proofs
New Idea: proofs for sets of more than t variablesÏ find larger sets which cover all the intermediate variables is a hard
problemÏ two algorithms efficient in practice
X X C(X
)Algorithm 1:
1. select X = (t variables) and prove itsindependence
2. extend X to X with moreobservations but still independence
3. recursively descend in set C(X
)4. merge X and C
(X
)once they are
processed separately.
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4
X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4
X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4
X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4
X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
27/40
2. Extension to All Possible Sets: Example
function Ex-t3(x1,x2,x3,x4,c):r1 ← $
r2 ← $
y1 ← x1 + r1y2 ← (x +x1 +x2 +x3)+ r2t1 ← x2 + r1t2 ← (x2 + r1)+x3
y3 ← (x2 + r1 +x3)+ r2y4 ← c+ r2
return(y1,y2,y3,y4)
X : 4
X : 4
C (X ): 4
merge X and C (X ): 8
Ü 207 proofs instead of 286
28/40
Application to the Sbox [CPRR13, Algorithm 4]
Method # tuples Security Complexity# sets time*
First-Order Maskingnaive
63 4
63 0.001sAlg. 1 17 0.001sAlg. 2 17 0.001s
Second-Order Maskingnaive
12,561 4
12,561 0.180sAlg. 1 851 0.046sAlg. 2 619 0.029s
Third-Order Maskingnaive
4,499,950 4
4,499,950 140.642sAlg. 1 68,492 9.923sAlg. 2 33,075 3.894s
Fourth-Order Maskingnaive
2,277,036,685 4
- unpracticalAlg. 1 8,852,144 2959.770sAlg. 2 3,343,587 879.235s
*run on a headless VM with a dual core (only one core is used in the computation) 64-bit processor clocked at 2GHz
29/40
Benchmarks
Reference Target # tuples Security Complexity# sets time (s)
First-Order MaskingFSE13 full AES 17,206 4 3,342 128
MAC-SHA3 full Keccak-f 13,466 4 5,421 405Second-Order Masking
RSA06 Sbox 1,188,111 4 4,104 1.6491st -orderCHES10 Sbox 7,140 flaws (2) 866 0.045
CHES10 AES KS 23,041,866 4 771,263 340,745FSE13 2 rnds AES 25,429,146 4 511,865 1,295FSE13 4 rnds AES 109,571,806 4 2,317,593 40,169
Third-Order Masking3rd -orderRSA06 Sbox 2,057,067,320 flaws (98,176) 2,013,070 695
FSE13 Sbox(4) 4,499,950 4 33,075 3.894FSE13 Sbox(5) 4,499,950 4 39,613 5.036
Fourth-Order MaskingFSE13 Sbox (4) 2,277,036,685 4 3,343,587 879
Fifth-Order MaskingCHES10 ¯ 216,071,394 4 856,147 45
30/40
Chosen Contributions
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
30/40
Chosen Contributions
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
Masking and t-probing model:
1. Verified Proofs of Higher-Order Masking
G. Barthe, S. Belaïd,F. Dupressoir, P-A. Fouque,B. Grégoire, and P-Y. Strub
Eurocrypt 2015
2. Composition of Higher-Order MaskingG. Barthe, S. Belaïd,
F. Dupressoir, P-A. Fouque,and B. Grégoire
ePrint 2015
31/40
Current Issues in Composition
8
A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′
i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually
independent.
31/40
Current Issues in Composition
8
A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′
i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually
independent.
31/40
Current Issues in Composition
8
A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′
i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually
independent.
31/40
Current Issues in Composition
8
A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′
i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually
independent.
31/40
Current Issues in Composition
8
A refresh algorithm takes as input a sharing (xi )i≥0 of x and returns anew sharing (x ′
i )i≥0 of x such that (xi )i≥1 and (x ′i )i≥1 are mutually
independent.
32/40
Security properties in the t-probing model
if t is fixed: show that any set of t intermediate variables isindependent from the secret
if t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input
3observations
a0 a1 a2 a3 (= a+a0 +a1 +a2)
c0 c1 c2 c3
function Linear-function-t(a0, ...,ai , ...at ):
for i = 0 to t
ci ← f (ai )
return (c0, ...,ci , ...,ct )
Ü straightforward for linear functionsÜ formal proofs with EasyCrypt and pen-and paper proofs for small
non-linear functions
32/40
Security properties in the t-probing model
if t is fixed: show that any set of t intermediate variables isindependent from the secretif t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input
3observations
a0 a1 a2 a3 (= a+a0 +a1 +a2)
c0 c1 c2 c3
function Linear-function-t(a0, ...,ai , ...at ):
for i = 0 to t
ci ← f (ai )
return (c0, ...,ci , ...,ct )
Ü straightforward for linear functionsÜ formal proofs with EasyCrypt and pen-and paper proofs for small
non-linear functions
32/40
Security properties in the t-probing model
if t is fixed: show that any set of t intermediate variables isindependent from the secretif t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input
3observations
a0 a1 a2 a3 (= a+a0 +a1 +a2)
c0 c1 c2 c3
function Linear-function-t(a0, ...,ai , ...at ):
for i = 0 to t
ci ← f (ai )
return (c0, ...,ci , ...,ct )
Ü straightforward for linear functions
Ü formal proofs with EasyCrypt and pen-and paper proofs for smallnon-linear functions
32/40
Security properties in the t-probing model
if t is fixed: show that any set of t intermediate variables isindependent from the secretif t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input
3observations
a0 a1 a2 a3 (= a+a0 +a1 +a2)
c0 c1 c2 c3
function Linear-function-t(a0, ...,ai , ...at ):
for i = 0 to t
ci ← f (ai )
return (c0, ...,ci , ...,ct )
Ü straightforward for linear functions
Ü formal proofs with EasyCrypt and pen-and paper proofs for smallnon-linear functions
32/40
Security properties in the t-probing model
if t is fixed: show that any set of t intermediate variables isindependent from the secretif t is not fixed: show that any set of t intermediate variables canbe simulated with at most t shares of each input
3observations
a0 a1 a2 a3 (= a+a0 +a1 +a2)
c0 c1 c2 c3
function Linear-function-t(a0, ...,ai , ...at ):
for i = 0 to t
ci ← f (ai )
return (c0, ...,ci , ...,ct )
Ü straightforward for linear functionsÜ formal proofs with EasyCrypt and pen-and paper proofs for small
non-linear functions
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1
t1observations
t1 + t3observations
A2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1
t1observations
t1 + t3observations
A2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1
t1observations
t1 + t3 + t2 + t3observations
A2
t2observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1
t1observations
t1 + t2 +2t3É t?observations
A2
t2observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É tA0
t0observations
A1
t1observations
t1 + t2 +2t3É t?observations
A2
t2observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É t
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É t
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É t
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É t
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr + t3observations
33/40
Current Issues
Constraint:t0 + t1 + t2 + t3 É t
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1
t1observations
t1 + t2 +2t3 + trÉ t?observations
A2
t2observations
A3
t3observations
trobservations
tr + t3observations
34/40
Stronger security property for Refresh
Strong Non-Interference in the t-probing model:
if t is not fixed: show that any set of t intermediate variables with- t1 on internal variables- t2 = t − t1 on the outputs
can be simulated with at most t1 shares of each input
2 internalobservations
+ 1 outputobservation
a0 a1 a2 a3
c0 c1 c2 c3
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
A3t3
observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1t1
observationsA2
t2observations
t2 + t3observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1
t1observations
t1 + t2 + t3 + trobservations
A2
t2observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
A1
t1observations
t1 + t2 + t3 + trobservations
A2
t2observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
t0 + t1 + t2 + t3 + trobservations
A1
t1observations
A2
t2observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
35/40
Secure Composition
Constraint:t0 + t1 + t2 + t3 + tr É tA0
t0observations
t0 + t1 + t2 + t3 + trobservations
É t 4
A1
t1observations
A2
t2observations
A3
t3observations
trobservations
tr internalobservations+t3 output
observations
t3 outputobservations
36/40
Secure Composition
Automatic tool for C-based algorithms
Ï unprotected algorithm Ü higher-order masked algorithmÏ example for AES S-box
x
·2
⊗
x
·2
⊗
8
x
·2
⊗
4
36/40
Secure Composition
Automatic tool for C-based algorithms
Ï unprotected algorithm Ü higher-order masked algorithmÏ example for AES S-box
x
·2
⊗
x
·2
⊗
8
x
·2
⊗
4
36/40
Secure Composition
Automatic tool for C-based algorithms
Ï unprotected algorithm Ü higher-order masked algorithmÏ example for AES S-box
x
·2
⊗
x
·2
⊗
8
x
·2
⊗
4
36/40
Secure Composition
Automatic tool for C-based algorithms
Ï unprotected algorithm Ü higher-order masked algorithmÏ example for AES S-box
x
·2
⊗
x
·2
⊗
8
x
·2
⊗
4
37/40
Some Results
Resource usage statistics for generating masked algorithms (at anyorder) from some unmasked implementations1
Scheme # Refresh Time MemoryAES (¯) 2 0.09s 4MoAES (x ¯g(x)) 0 0.05s 4MoKeccak with Refresh 0 121.20 456MoKeccak 600 2728.00s 22870MoSimon 67 0.38s 15MoSpeck 61 6.22s 38Mo
1On a Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz with 64Go of memory runningLinux (Fedora)
37/40
Some Results
Resource usage statistics for generating masked algorithms (at anyorder) from some unmasked implementations1
Scheme # Refresh Time MemoryAES (¯) 2 0.09s 4MoAES (x ¯g(x)) 0 0.05s 4MoKeccak with Refresh 0 121.20s 456MoKeccak 600 2728.00s 22870MoSimon 67 0.38s 15MoSpeck 61 6.22s 38Mo
1On a Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz with 64Go of memory runningLinux (Fedora)
38/40
Conclusion on Higher-Order Masking
Summary4 verification of higher-order masking schemes4 efficient and proven composition4 two automatic tools
Further WorkÜ extend the verification to higher orders using compositionÜ integrate transition/glitch-based modelÜ build practical experiments for both attacks and new
countermeasures
Cryptography: countermeasures against Power-Analysis Attacks
Ü4B
8
39/40
Conclusion
Cryptanalysis: Power-Analysis Attacks
Ü investigate the LPN algorithms in the context of power-analysisattacks
Ü analyze the operation modes
Cryptography: countermeasures against Power-Analysis Attacks
Ü implement and evaluate our countermeasures on real devices(software and hardware)
Ü make verifications and compositions as practical as possibleÜ use the characterization of a device as a leakage model
40/40
Publications
Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, and Franck Rondepierre.
Differential Power Analysis of HMAC SHA-2 in the Hamming weight model. SECRYPT 2013.
Michel Abdalla, Sonia Belaïd, and Pierre-Alain Fouque.
Leakage-resilient symmetric encryption via re-keying. CHES 2013.
Sonia Belaïd, Pierre-Alain Fouque, and Benoît Gérard.
Side-channel analysis of multiplications in GF(2128) - application to AES-GCM. ASIACRYPT 2014.
Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub.
Verified proofs of higher-order masking. EUROCRYPT 2015.
Sonia Belaïd, Jean-Sébastien Coron, Benoît Gérard, Pierre-Alain Fouque, Jean-Gabriel Kammerer, and Emmanuel Prouff.
Improved Side-Channel Analysis of Finite-Field Multiplication. CHES 2015.
Michel Abdalla, Sonia Belaïd, David Pointcheval, Sylvain Ruhault, and Damien Vergnaud.
Robust pseudo-random number generators with input secure against side-channel attacks. ACNS 2015.
Sonia Belaïd, Fabrizio De Santis, Johann Heyszl, Stefan Mangard, Marcel Medwed, Jörn-Marc Schmidt, François-XavierStandaert, and Stefan Tillich.Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. Journal of Cryptographic Engineering2014.
Sonia Belaïd, Vincent Grosso, and François-Xavier Standaert.Masking and leakage-resilient primitives: One, the other(s) or both? Cryptography and Communications 2015.
Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, and Franck Rondepierre.Differential Power Analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming weight model. E-Business andTelecommunications - International Joint Conference, ICETE 2014, Revised Selected Papers, Springer, 2015.