leakage resilience from lattices - hyperelliptic11th october 2017 leakage resilience from lattices...

11th October 2017

Leakage Resilience from Lattices

Marco Martinoli (ESR10)Supervised by Prof. Elisabeth Oswald and Dr. Martijn Stam

University of Bristol

Leaky Lattices

11th October 2017

HIGHLIGHTS 09/16 – 09/17I went to NXP for my secondment;

I started to write a draft of my long-lasting project;

I presented my first paper.

Marco 3 - 0∗ PhD

∗Events that might have increased this score are out of scope.

Leaky Lattices

11th October 2017

Frodo meets ELMO

Joint work with Joppe Bos, Simon Friedberger (ESR12), Martijn Stam andElisabeth Oswald.

(a) Frodo (b) ELMO

Leaky Lattices

11th October 2017

Introducing: ELMO

Emulator for power Leakages for the M0

is a tool for simulating power consumption for side-channel measurements;

allows evaluating attacks on software running on an ARM Cortex-M0without requiring a hardware measurement setup;

simulates leakage with instruction accuracy;

was checked against real leakage measured on an STM32F0 DiscoveryBoard.

Available at https://github.com/bristol-sca/ELMO.

Leaky Lattices

11th October 2017

Introducing: Frodo

Available at https://github.com/lwe-frodo/lwe-frodo.

Leaky Lattices

11th October 2017

ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]

·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]

Leaky Lattices

11th October 2017

ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]

·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]

Leaky Lattices

11th October 2017

ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]

·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]

Leaky Lattices

11th October 2017

ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]

·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]

Leaky Lattices

11th October 2017

Attack techniques

LWE-based key agreement protocol implies:

weakly non-linear operations;

internal secrets must be freshly regenerated at every invocation.

DPA-style attacks need a lot of traces which are not provided. But secrets aresmall, hence there is a very small number of possible guesses to build templatefor.

Leaky Lattices

11th October 2017

Template profiles

q = 211, n = 352, S[0, 0] ∈ {0,±1,±2,±3} ← χ

Leaky Lattices

11th October 2017

Template profiles: loading

−1 11111111111−2 11111111110−3 11111111101+3 00000000011+2 00000000010+1 000000000010 00000000000

Depends on S[0, 0] only,constant with varying A[0, 0].

Leaky Lattices

11th October 2017

Template profiles: multiplication

−1 11111111111−3 11111111101−2 11111111110+3 00000000011+1 00000000001+2 000000000100 00000000000

A[0, 0] contributes to powerconsumption too.

Leaky Lattices

11th October 2017

Signal variance

Leaky Lattices

11th October 2017

SNR comparison

Leaky Lattices

11th October 2017

SCA of Frodo

Where we are:

set up simulations and profiling;

template matching in noiseless case;

analysis of noise in PoI;

template attack for first order recovery;

alternative implementations;

shuffling;

including leakage in BKZ to boost lattice attacks.

Leaky Lattices

11th October 2017

SCA of Frodo

Where we are:

set up simulations and profiling;

template matching in noiseless case;

analysis of noise in PoI;

template attack for first order recovery;

alternative implementations;

shuffling;

including leakage in BKZ to boost lattice attacks.

Leaky Lattices

11th October 2017

SCA of Frodo

Where we are:

set up simulations and profiling;

template matching in noiseless case;

analysis of noise in PoI;

template attack for first order recovery;

alternative implementations;

shuffling;

including leakage in BKZ to boost lattice attacks.

Leaky Lattices

11th October 2017

Totally non singular key update mechanismJoint work with Martijn Stam and Elisabeth Oswald. Setting is continuousd-probing model.

s ← KeyGen(n)

(s0, s0) ← Share(s)

(si, Oi) ← ˙Update(si−1)si ← ¨Update(si−1, Oi)

s ← Recombine(si, si)

Leaky Lattices

11th October 2017

Totally non singular KU mechanism

Target is LWE public key encryption scheme over Zq for a prime q, secret iss ∈ Zn

q . Share(s) = (s, s) such that�

︸ ︷︷ ︸s

=

︸ ︷︷ ︸

B

���

︸ ︷︷ ︸

s

+

�

︸ ︷︷ ︸s

B needs to be TNS to avoid linear dependencies among positions of the secret.

Leaky Lattices

11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Update is secure;

composition of KU + Dec is secure;

Leaky Lattices

11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Update is secure;

composition of KU + Dec is secure;

Leaky Lattices

11th October 2017

TNS KU mechanism

Where we are:

Share is secure;

leak-free Update is secure;

Update is secure;

composition of KU + Dec is secure;

Leaky Lattices

11th October 2017

Future work and more ideas

Finalise side-channel analysis of Frodo and TNS KU mechanism.

Glitchtool, joint work with Erik Boss (ESR6), Dusan Bozilov (ESR13),Miroslav Knezevic, Ventzi Nikov.

Involutory SBoxes, joint work with Erik Boss (ESR6), Ralph Ankele (ESR7).

BKZ on leaky lattices, joint work with Matthias Minihold (ESR5).

Leaky Lattices

11th October 2017

Related activities

Secondment: NXP Semiconductors, Leuven (BE) ;

Outreach: Digimaker on 11th November, Bristol;

Teaching: Security 101, Cryptography A;

Travels: SPACE16, RWC17, School on lattices in Oxford, Eurocrypt17,second London Crypto day.

Subreviewer: Crypto17, Asiacrypt17, SPACE17, Transaction onComputers 2017, CT-RSA17.