International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography: A Practical Guide Through the Leakage-Resistance Jungle

Authors:
Davide Bellizia , UCLouvain, Belgium
Olivier Bronchain , UCLouvain, Belgium
Gaëtan Cassiers , UCLouvain, Belgium
Vincent Grosso , Université de Lyon, France
Chun Guo , Shandong University, China
Charles Momin , UCLouvain, Belgium
Olivier Pereira , UCLouvain, Belgium
Thomas Peters , UCLouvain, Belgium
François-Xavier Standaert , UCLouvain, Belgium
Download:
DOI: 10.1007/978-3-030-56784-2_13 (login may be required)
Search ePrint
Search Google
Conference: CRYPTO 2020
Abstract: Triggered by the increasing deployment of embedded cryptographic devices (e.g., for the IoT), the design of authentication, encryption and authenticated encryption schemes enabling improved security against side-channel attacks has become an important research direction. Over the last decade, a number of modes of operation have been proposed and analyzed under different abstractions. In this paper, we investigate the practical consequences of these findings. For this purpose, we first translate the physical assumptions of leakage-resistance proofs into minimum security requirements for implementers. Thanks to this (heuristic) translation, we observe that (i) security against physical attacks can be viewed as a tradeoff between mode-level and implementation-level protection mechanisms, and (i}) security requirements to guarantee confidentiality and integrity in front of leakage can be concretely different for the different parts of an implementation. We illustrate the first point by analyzing several modes of operation with gradually increased leakage-resistance. We illustrate the second point by exhibiting leveled implementations, where different parts of the investigated schemes have different security requirements against leakage, leading to performance improvements when high physical security is needed. We finally initiate a comparative discussion of the different solutions to instantiate the components of a leakage-resistant authenticated encryption scheme.
Video from CRYPTO 2020
BibTeX
@inproceedings{crypto-2020-30533,
  title={Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography: A Practical Guide Through the Leakage-Resistance Jungle},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-030-56784-2_13},
  author={Davide Bellizia and Olivier Bronchain and Gaëtan Cassiers and Vincent Grosso and Chun Guo and Charles Momin and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
  year=2020
}