Combined fault and leakage resilience : composability, constructions and compiler

Journal
Lecture notes in computer science  
Volume
14083
Start Page
377
End Page
409
Citation
43rd Annual International Cryptology Conference (CRYPTO 2023)
Contribution to Conference
43rd Annual International Cryptology Conference, CRYPTO 2023
Publisher DOI
10.1007/978-3-031-38548-3_13
Scopus ID
2-s2.0-85173018792
Publisher
Springer
ISBN
9783031385476
Real-world cryptographic implementations nowadays are not only attacked via classical cryptanalysis but also via implementation attacks, including passive attacks (observing side-channel information about the inner computation) and active attacks (inserting faults into the computation). While countermeasures exist for each type of attack, countermeasures against combined attacks have only been considered recently. Masking is a standard technique for protecting against passive side-channel attacks, but protecting against active attacks with additive masking is challenging. Previous approaches include running multiple copies of a masked computation, requiring a large amount of randomness or being vulnerable to horizontal attacks. An alternative approach is polynomial masking, which is inherently fault-resistant. This work presents a compiler based on polynomial masking that achieves linear computational complexity for affine functions and cubic complexity for non-linear functions. The resulting compiler is secure against attackers using region probes and adaptive faults. In addition, the notion of fault-invariance is introduced to improve security against combined attacks without the need to consider all possible fault combinations. Our approach has the best-known asymptotic efficiency among all known approaches.
DDC Class
004: Computer Sciences
600: Technology