GLORIA — GEOMAR Library Ocean Research Information Access

1

Online Resource

Assessment of Addition-Chain-Based Masked S-Box Using Deep-Learning-Based Side-Channel Attacks

Li, Huizhong ; Ming, Jingdian ; Zhou, Yongbin ; [et al.]

Hindawi Limited ; 2022

In: Security and Communication Networks Vol. 2022 ( 2022-3-24), p. 1-11

add to mindlist on the mindlist

Details

In: Security and Communication Networks, Hindawi Limited, Vol. 2022 ( 2022-3-24), p. 1-11

Abstract: Masking schemes are considered to be effective countermeasures to protect Internet-of-Things devices from side-channel attacks. Deep-learning-based side-channel attacks (DL-SCAs) have been demonstrated to be very effective targeting on masked implementations. In this paper, we investigate the resistance of a popular computation-based masking scheme against DL-SCAs, that is, the addition-chain-based one. We find that addition chain introduces computations of intermediate monomials over F 2 n with smaller output sizes, which decreases its resistance against DL-SCAs. Specifically, we first use mutual information metric to evaluate the side-channel resistance of different monomials from an information theory point of view. Next, we further propose the Kullback–Leibler divergence ratio as an evaluation metric to analyze the impact of monomial output size on DL-SCAs. The measurement values show that the monomial with smaller output size is less-resistant against DL-SCAs. Then we conduct simulated and practical experiments respectively to verify it. In simulated experiments, we perform DL-SCAs on first-order masked implementations with different noise levels and training trace numbers. The results demonstrate that monomials with smaller output size are more vulnerable. Moreover, with the increase (resp. decrease) in noise level (resp. training trace number), the resistance difference of these monomials becomes more significant. In addition, we obtain similar results through simulated experiments on second-order masked scenario. In practical experiments based on an ARM Cortex-M4 architecture, we collect power and electromagnetic traces in consideration of low and high noise levels. The results show that the number of required traces for targeting the S-Box output is at least three times as much that for targeting the weakest monomial.

Type of Medium: Online Resource

ISSN: 1939-0122 , 1939-0114

URL: Article

DOI: 10.1155/2022/7771621

Language: English

Publisher: Hindawi Limited

Publication Date: 2022

detail.hit.zdb_id: 2415104-X

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

2

Online Resource

Revealing the Weakness of Addition Chain Based Masked SBox Implementations

Ming, Jingdian ; Li, Huizhong ; Zhou, Yongbin ; [et al.]

Universitatsbibliothek der Ruhr-Universitat Bochum ; 2021

In: IACR Transactions on Cryptographic Hardware and Embedded Systems ( 2021-08-11), p. 326-350

add to mindlist on the mindlist

Details

In: IACR Transactions on Cryptographic Hardware and Embedded Systems, Universitatsbibliothek der Ruhr-Universitat Bochum, ( 2021-08-11), p. 326-350

Abstract: Addition chain is a well-known approach for implementing higher-order masked SBoxes. However, this approach induces more computations of intermediate monomials over F2n, which in turn leak more information related to the sensitive variables and may decrease its side-channel resistance consequently. In this paper, we introduce a new notion named polygon degree to measure the resistance of monomial computations. With the help of this notion, we select several typical addition chain implementations with the strongest or the weakest resistance. In practical experiments based on an ARM Cortex-M4 architecture, we collect power and electromagnetic traces in consideration of different noise levels. The results show that the resistance of the weakest masked SBox implementation is close to that of an unprotected implementation, while the strongest one can also be broken with fewer than 1,500 traces due to extra leakages. Moreover, we study the resistance of addition chain implementations against profiled attacks. We find that some monomials with smaller output size leak more information than the SBox output. The work by Duc et al. at JOC 2019 showed that for a balanced function, the smaller the output size is, the less information is leaked. Thus, our attacks demonstrate that this property of balanced functions does not apply to unbalanced functions.

Type of Medium: Online Resource

ISSN: 2569-2925

URL: Article

DOI: 10.46586/tches.v2021.i4.326-350

Language: Unknown

Publisher: Universitatsbibliothek der Ruhr-Universitat Bochum

Publication Date: 2021

detail.hit.zdb_id: 2921482-8

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

3

Online Resource

Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes

Li, Huizhong ; Yang, Guang ; Ming, Jingdian ; [et al.]

Springer Science and Business Media LLC ; 2021

In: Cybersecurity Vol. 4, No. 1 ( 2021-12)

add to mindlist on the mindlist

Details

In: Cybersecurity, Springer Science and Business Media LLC, Vol. 4, No. 1 ( 2021-12)

Abstract: Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations. In most cases, non-linear components (e.g. S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs). In order to measure side-channel resistance of S-Boxes, three theoretical metrics are proposed and they are reVisited transparency order (VTO), confusion coefficients variance (CCV), and minimum confusion coefficient (MCC), respectively. However, the practical effectiveness of these metrics remains still unclear. Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples, this paper takes a comprehensive study of the applicability of these metrics. First of all, we empirically investigate the relations among three metrics for targeted S-boxes, and find that CCV is almost linearly correlated with VTO, while MCC is inconsistent with the other two. Furthermore, in order to verify which metric is more effective in which scenarios, we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks, respectively. The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks, VTO and CCV are more reliable while MCC fails. We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs. Finally, we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes. Unfortunately, all of them are invalid in this scenario.

Type of Medium: Online Resource

ISSN: 2523-3246

URL: Article

DOI: 10.1186/s42400-021-00099-1

Language: English

Publisher: Springer Science and Business Media LLC

Publication Date: 2021

detail.hit.zdb_id: 2939100-3

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

4

Online Resource

A secure and highly efficient first-order masking scheme for AES linear operations

Ming, Jingdian ; Zhou, Yongbin ; Li, Huizhong ; [et al.]

Springer Science and Business Media LLC ; 2021

In: Cybersecurity Vol. 4, No. 1 ( 2021-12)

add to mindlist on the mindlist

Details

In: Cybersecurity, Springer Science and Business Media LLC, Vol. 4, No. 1 ( 2021-12)

Abstract: Due to its provable security and remarkable device-independence, masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks. However, relatively high cost of masking severely limits its applicability. Considering the high tackling complexity of non-linear operations, most masked AES implementations focus on the security and cost reduction of masked S-boxes. In this paper, we focus on linear operations, which seems to be underestimated, on the contrary. Specifically, we discover some security flaws and redundant processes in popular first-order masked AES linear operations, and pinpoint the underlying root causes. Then we propose a provably secure and highly efficient masking scheme for AES linear operations. In order to show its practical implications, we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal, while keeping their original non-linear operations unchanged. We implement four newly combined masking schemes on an Intel Core i7-4790 CPU, and the results show they are roughly 20% faster than those original ones. Then we select one masked implementation named RSMv2 due to its popularity, and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices. The results show that no exploitable first-order side-channel leakages are detected. Moreover, compared with original masked AES implementations, our combined approach is nearly 25% faster on the AVR processor, and at least 70% more efficient on four FPGA devices.

Type of Medium: Online Resource

ISSN: 2523-3246

URL: Article

DOI: 10.1186/s42400-021-00082-w

Language: English

Publisher: Springer Science and Business Media LLC

Publication Date: 2021

detail.hit.zdb_id: 2939100-3

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

5

Online Resource

Practical Public Template Attacks on CRYSTALS-Dilithium With Randomness Leakages

Qiao, Zehua ; Liu, Yuejun ; Zhou, Yongbin ; [et al.]

Institute of Electrical and Electronics Engineers (IEEE) ; 2023

In: IEEE Transactions on Information Forensics and Security Vol. 18 ( 2023), p. 1-14

add to mindlist on the mindlist

Details

In: IEEE Transactions on Information Forensics and Security, Institute of Electrical and Electronics Engineers (IEEE), Vol. 18 ( 2023), p. 1-14

Type of Medium: Online Resource

ISSN: 1556-6013 , 1556-6021

URL: Article

DOI: 10.1109/TIFS.2022.3215913

Language: Unknown

Publisher: Institute of Electrical and Electronics Engineers (IEEE)

Publication Date: 2023

detail.hit.zdb_id: 2209730-2

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

6

Online Resource

Mind the Balance: Revealing the Vulnerabilities in Low Entropy Masking Schemes

Ming, Jingdian ; Zhou, Yongbin ; Cheng, Wei ; [et al.]

Institute of Electrical and Electronics Engineers (IEEE) ; 2020

In: IEEE Transactions on Information Forensics and Security Vol. 15 ( 2020), p. 3694-3708

add to mindlist on the mindlist

Details

In: IEEE Transactions on Information Forensics and Security, Institute of Electrical and Electronics Engineers (IEEE), Vol. 15 ( 2020), p. 3694-3708

Type of Medium: Online Resource

ISSN: 1556-6013 , 1556-6021

URL: Journal

URL: Article

DOI: 10.1109/TIFS.10206

DOI: 10.1109/TIFS.2020.2994775

Language: Unknown

Publisher: Institute of Electrical and Electronics Engineers (IEEE)

Publication Date: 2020

detail.hit.zdb_id: 2209730-2

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

7

Online Resource

Optimizing Higher-Order Correlation Analysis Against Inner Product Masking Scheme

Ming, Jingdian ; Zhou, Yongbin ; Cheng, Wei ; [et al.]

Institute of Electrical and Electronics Engineers (IEEE) ; 2022

In: IEEE Transactions on Information Forensics and Security Vol. 17 ( 2022), p. 3555-3568

add to mindlist on the mindlist

Details

In: IEEE Transactions on Information Forensics and Security, Institute of Electrical and Electronics Engineers (IEEE), Vol. 17 ( 2022), p. 3555-3568

Type of Medium: Online Resource

ISSN: 1556-6013 , 1556-6021

URL: Article

DOI: 10.1109/TIFS.2022.3209890

Language: Unknown

Publisher: Institute of Electrical and Electronics Engineers (IEEE)

Publication Date: 2022

detail.hit.zdb_id: 2209730-2

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher

8

Online Resource

The Notion of Transparency Order, Revisited

Li, Huizhong ; Zhou, Yongbin ; Ming, Jingdian ; [et al.]

Oxford University Press (OUP) ; 2020

In: The Computer Journal Vol. 63, No. 12 ( 2020-12-17), p. 1915-1938

add to mindlist on the mindlist

Details

In: The Computer Journal, Oxford University Press (OUP), Vol. 63, No. 12 ( 2020-12-17), p. 1915-1938

Abstract: We revisit the definition of transparency order (TO) and that of modified transparency order (MTO) as well, which were proposed to measure the resistance of substitution boxes (S-boxes) against differential power analysis (DPA). We spot a definitional flaw in original TO, which is proved to significantly affect the soundness of TO. Regretfully, MTO overlooks this flaw, yet it happens to incur no bad effects on the correctness of MTO, even though the start point of this formulation is highly questionable. It is also this neglect that made MTO consider a variant of multi-bit DPA attack, which was mistakenly thought to appropriately serve as an alternative powerful attack. This implies the soundness of MTO is also more or less arguable. Therefore, we fix this definitional flaw and provide a revised definition named reVisited TO (VTO). For demonstrating validity and soundness of VTO, we present simulated and practical DPA attacks on implementations of $4\times 4$ and $8\times 8$ S-boxes. In addition, we also illustrate the soundness of VTO in masked S-boxes. Furthermore, as a concrete application of VTO, we present the distribution of VTO values of optimal affine equivalence classes of $4\times 4$ S-boxes and give some recommended guidelines on how to select $4\times 4$ S-boxes with higher DPA resistance at the identical level of implementation cost.

Type of Medium: Online Resource

ISSN: 0010-4620 , 1460-2067

URL: Article

DOI: 10.1093/comjnl/bxaa069

RVK:

SQ 1100

RVK:

SA 3740

Language: English

Publisher: Oxford University Press (OUP)

Publication Date: 2020

detail.hit.zdb_id: 1477172-X

Permalink

	Location	Call Number	Limitation	Availability

Others were also interested in ...

Online Resource

Link to publisher