## CryptoDB

### Paper: Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography: A Practical Guide Through the Leakage-Resistance Jungle

Authors: Davide Bellizia , UCLouvain, Belgium Olivier Bronchain , UCLouvain, Belgium Gaëtan Cassiers , UCLouvain, Belgium Vincent Grosso , Université de Lyon, France Chun Guo , Shandong University, China Charles Momin , UCLouvain, Belgium Olivier Pereira , UCLouvain, Belgium Thomas Peters , UCLouvain, Belgium François-Xavier Standaert , UCLouvain, Belgium DOI: https://doi.org/10.1007/978-3-030-56784-2_13 (login may be required) Search ePrint Search Google CRYPTO 2020 Triggered by the increasing deployment of embedded cryptographic devices (e.g., for the IoT), the design of authentication, encryption and authenticated encryption schemes enabling improved security against side-channel attacks has become an important research direction. Over the last decade, a number of modes of operation have been proposed and analyzed under different abstractions. In this paper, we investigate the practical consequences of these findings. For this purpose, we first translate the physical assumptions of leakage-resistance proofs into minimum security requirements for implementers. Thanks to this (heuristic) translation, we observe that (i) security against physical attacks can be viewed as a tradeoff between mode-level and implementation-level protection mechanisms, and (i}) security requirements to guarantee confidentiality and integrity in front of leakage can be concretely different for the different parts of an implementation. We illustrate the first point by analyzing several modes of operation with gradually increased leakage-resistance. We illustrate the second point by exhibiting leveled implementations, where different parts of the investigated schemes have different security requirements against leakage, leading to performance improvements when high physical security is needed. We finally initiate a comparative discussion of the different solutions to instantiate the components of a leakage-resistant authenticated encryption scheme.
##### BibTeX
@inproceedings{crypto-2020-30533,
title={Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography: A Practical Guide Through the Leakage-Resistance Jungle},
publisher={Springer-Verlag},
doi={https://doi.org/10.1007/978-3-030-56784-2_13},
author={Davide Bellizia and Olivier Bronchain and Gaëtan Cassiers and Vincent Grosso and Chun Guo and Charles Momin and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
year=2020
}