- Vittorio Zaccaria
Cryptography’s current research trends show that there is an increasing concern about identifying if a side-channel countermeasure is vulnerable to higher-order attacks.
In a recent work published this year on IEEE Trans. on Computers, me and my co-authors, Elia Bisi (U. Warwick) and Filippo Melzani (Security Pattern), just introduced a new mathematical tool to assess the higher order vulnerability of a hardware cryptographic circuit.
The method empowers the circuit designer to detect if the chosen countermeasure (Boolean masking or some parts of a threshold implementation) is effective up to the desired order. Our overarching goal was (and is) to promote the implied statistical reasoning behind the countermeasure into a symbolical one, eventually extending ordinary computer aided design of integrated circuits. I'll recap in this post the major findings.
A side-channel attack corresponds to a set of queries to a physical observable whose aim is to identify the value of a master key/sub-key of the primitive. Cryptographic primitives may expose, through a side-channel, one or many intermediate sensitive variables that are deterministic functions of both the master key and the public input . To safeguard against a possible vulnerability, a customary solution is to prevent a sensitive value to become visible, by processing the following value instead , where is the bitwise XOR and are random uniformly distributed values called masks. However, this does not rule out the case where some can be derived from observations of a (data dependent) leakage: where is a mapping from the Boolean space, often defined to be the Hamming weight function.
We now focus on a specific but very common case where the components of the leakage vector are of the form . Moreover, we assume that visible variables are related to masks and sensitive variables by the following matrix expression in :
In the paper, we have shown that is vulnerable to a correlation attack on if there exists a constant row vector such that the product
cancels out any mask contribution (i.e. ). In particular, a vulnerability can be found if and only if the reduced row echelon form of (i.e., ) has a sensitive pivot column.
Consider the following visible variables :
which corresponds to the following visible matrix :
where the vertical line divides the submatrix , corresponding to the masks , from the submatrix , corresponding to the sensitive variables . The reduced row echelon form of is
We can see that the column of is a pivot column and thus is vulnerabile.