International Association for Cryptologic Research

International Association
for Cryptologic Research


Unifying Freedom and Separation for Tight Probing-Secure Composition

Sonia Belaïd , CryptoExperts
Gaëtan Cassiers , TU Graz and Lamarr Security Research
Matthieu Rivain , CryptoExperts
Abdul Rahman Taleb , CryptoExperts and LIP6, Sorbonne Université
DOI: 10.1007/978-3-031-38548-3_15 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2023
Abstract: The masking countermeasure is often analyzed in the probing model. Proving the probing security of large circuits at high masking orders is achieved by composing gadgets that satisfy security definitions such as non-interference (NI), strong non-interference (SNI) or free SNI. The region probing model is a variant of the probing model, where the probing capabilities of the adversary scale with the number of regions in a masked circuit. This model is of interest as it allows better reductions to the more realistic noisy leakage model. The efficiency of composable region probing secure masking has been recently improved with the introduction of the input-output separation (IOS) definition. In this paper, we first establish equivalences between the non-interference framework and the IOS formalism. We also generalize the security definitions to multiple-input gadgets and systematically show implications and separations between these notions. Then, we study which gadgets from the literature satisfy these. We give new security proofs for some well-known arbitrary-order gadgets, and also some automated proofs for fixed-order, special-case gadgets. To this end, we introduce a new automated formal verification algorithm that solves the open problem of verifying free SNI, which is not a purely simulation-based definition. Using the relationships between the security notions, we adapt this algorithm to further verify IOS. Finally, we look at composition theorems. In the probing model, we use the link between free SNI and the IOS formalism to generalize and improve the efficiency of the tight private circuit (Asiacrypt 2018) construction, also fixing a flaw in the original proof. In the region probing model, we relax the assumptions for IOS composition (TCHES 2021), which allows to save many refresh gadgets, hence improving the efficiency.
  title={Unifying Freedom and Separation for Tight Probing-Secure Composition},
  author={Sonia Belaïd and Gaëtan Cassiers and Matthieu Rivain and Abdul Rahman Taleb},