leakage resilience from lattices - hyperelliptic11th october 2017 leakage resilience from lattices...
TRANSCRIPT
11th October 2017
Leakage Resilience from Lattices
Marco Martinoli (ESR10)Supervised by Prof. Elisabeth Oswald and Dr. Martijn Stam
University of Bristol
Leaky Lattices
11th October 2017
HIGHLIGHTS 09/16 – 09/17I went to NXP for my secondment;
I started to write a draft of my long-lasting project;
I presented my first paper.
Marco 3 - 0∗ PhD
∗Events that might have increased this score are out of scope.
Leaky Lattices
11th October 2017
Frodo meets ELMO
Joint work with Joppe Bos, Simon Friedberger (ESR12), Martijn Stam andElisabeth Oswald.
(a) Frodo (b) ELMO
Leaky Lattices
11th October 2017
Introducing: ELMO
Emulator for power Leakages for the M0
is a tool for simulating power consumption for side-channel measurements;
allows evaluating attacks on software running on an ARM Cortex-M0without requiring a hardware measurement setup;
simulates leakage with instruction accuracy;
was checked against real leakage measured on an STM32F0 DiscoveryBoard.
Available at https://github.com/bristol-sca/ELMO.
Leaky Lattices
11th October 2017
Introducing: Frodo
Available at https://github.com/lwe-frodo/lwe-frodo.
Leaky Lattices
11th October 2017
ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]
·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]
Leaky Lattices
11th October 2017
ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]
·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]
Leaky Lattices
11th October 2017
ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]
·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]
Leaky Lattices
11th October 2017
ProfilingA[0, 0] A[0, 1] A[0, 2]A[1, 0] A[1, 1] A[1, 2]A[2, 0] A[2, 1] A[2, 2]
·S[0, 0] S[0, 1] S[0, 2]S[1, 0] S[1, 1] S[1, 2]S[2, 0] S[2, 1] S[2, 2]
Leaky Lattices
11th October 2017
Attack techniques
LWE-based key agreement protocol implies:
weakly non-linear operations;
internal secrets must be freshly regenerated at every invocation.
DPA-style attacks need a lot of traces which are not provided. But secrets aresmall, hence there is a very small number of possible guesses to build templatefor.
Leaky Lattices
11th October 2017
Template profiles
q = 211, n = 352, S[0, 0] ∈ {0,±1,±2,±3} ← χ
Leaky Lattices
11th October 2017
Template profiles: loading
−1 11111111111−2 11111111110−3 11111111101+3 00000000011+2 00000000010+1 000000000010 00000000000
Depends on S[0, 0] only,constant with varying A[0, 0].
Leaky Lattices
11th October 2017
Template profiles: multiplication
−1 11111111111−3 11111111101−2 11111111110+3 00000000011+1 00000000001+2 000000000100 00000000000
A[0, 0] contributes to powerconsumption too.
Leaky Lattices
11th October 2017
Signal variance
Leaky Lattices
11th October 2017
SNR comparison
Leaky Lattices
11th October 2017
SCA of Frodo
Where we are:
set up simulations and profiling;
template matching in noiseless case;
analysis of noise in PoI;
template attack for first order recovery;
alternative implementations;
shuffling;
including leakage in BKZ to boost lattice attacks.
Leaky Lattices
11th October 2017
SCA of Frodo
Where we are:
set up simulations and profiling;
template matching in noiseless case;
analysis of noise in PoI;
template attack for first order recovery;
alternative implementations;
shuffling;
including leakage in BKZ to boost lattice attacks.
Leaky Lattices
11th October 2017
SCA of Frodo
Where we are:
set up simulations and profiling;
template matching in noiseless case;
analysis of noise in PoI;
template attack for first order recovery;
alternative implementations;
shuffling;
including leakage in BKZ to boost lattice attacks.
Leaky Lattices
11th October 2017
Totally non singular key update mechanismJoint work with Martijn Stam and Elisabeth Oswald. Setting is continuousd-probing model.
s ← KeyGen(n)
(s0, s0) ← Share(s)
(si, Oi) ← ˙Update(si−1)si ← ¨Update(si−1, Oi)
s ← Recombine(si, si)
Leaky Lattices
11th October 2017
Totally non singular KU mechanism
Target is LWE public key encryption scheme over Zq for a prime q, secret iss ∈ Zn
q . Share(s) = (s, s) such that�
︸ ︷︷ ︸s
=
︸ ︷︷ ︸
B
���
︸ ︷︷ ︸
s
+
�
︸ ︷︷ ︸s
B needs to be TNS to avoid linear dependencies among positions of the secret.
Leaky Lattices
11th October 2017
TNS KU mechanism
Where we are:
Share is secure;
leak-free Update is secure;
Update is secure;
composition of KU + Dec is secure;
Leaky Lattices
11th October 2017
TNS KU mechanism
Where we are:
Share is secure;
leak-free Update is secure;
Update is secure;
composition of KU + Dec is secure;
Leaky Lattices
11th October 2017
TNS KU mechanism
Where we are:
Share is secure;
leak-free Update is secure;
Update is secure;
composition of KU + Dec is secure;
Leaky Lattices
11th October 2017
Future work and more ideas
Finalise side-channel analysis of Frodo and TNS KU mechanism.
Glitchtool, joint work with Erik Boss (ESR6), Dusan Bozilov (ESR13),Miroslav Knezevic, Ventzi Nikov.
Involutory SBoxes, joint work with Erik Boss (ESR6), Ralph Ankele (ESR7).
BKZ on leaky lattices, joint work with Matthias Minihold (ESR5).
Leaky Lattices
11th October 2017
Related activities
Secondment: NXP Semiconductors, Leuven (BE) ;
Outreach: Digimaker on 11th November, Bristol;
Teaching: Security 101, Cryptography A;
Travels: SPACE16, RWC17, School on lattices in Oxford, Eurocrypt17,second London Crypto day.
Subreviewer: Crypto17, Asiacrypt17, SPACE17, Transaction onComputers 2017, CT-RSA17.