**03-27-2014** **1**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Side-Channel Attacks Countermeasures

## Leakage-Resilient Primitives using Re-keying

### Journées Codage et Cryptographie 2014

### Sonia Belaïd ^{1,2}

### École Normale Supérieure, 45 rue d’Ulm 75005 Paris Thales Communications & Security

### Sonia.Belaid@ens.fr

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Side-Channel Attacks

### I physical leakage

### • timing

### • power consumption

### • temperature

### • . . .

### I statistical treatment

### I key recovery

**03-27-2014** **3**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Side-Channel Attacks Countermeasures

## Countermeasures against Side-Channel Attacks

**Masking** sensitive values randomized:

### x replaced by (x _{m} , m _{0} , . . . , m d−1 ) x = x m ? m 0 ? · · · ? m d−1

### Drawbacks of Masking

### 8 higher-order attacks 8 performances

**Re-keying**

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Countermeasures against Side-Channel Attacks

**Masking** sensitive values randomized:

### x replaced by (x m , m 0 , . . . , m d−1 ) x = x _{m} ? m _{0} ? · · · ? m d−1

### Drawbacks of Masking

### 8 higher-order attacks 8 performances

**Re-keying**

**03-27-2014** **4**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Side-Channel Attacks Countermeasures

## Goal

### Goal:

### I build leakage-resilient primitives I practical for use in constrained devices

### Leakage-Resilient Cryptography Model - only computation leaks

### - bounded amount of leakage per invocation

### - unlimited number of invocations

### Practical constraints:

### - limited code size - limited storage - reasonable

### execution time

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Outline

### 1 Leakage-Resilient Encryption Scheme

### 2 Leakage-Resilient PRNG with Input

### 3 Conclusion

**03-27-2014** **6**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Outline

### 1 Leakage-Resilient Encryption Scheme

### 2 Leakage-Resilient PRNG with Input

### 3 Conclusion

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

Leakage-Resilient Encryption Scheme Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Encryption Scheme

### encryption scheme plaintext

### secret key

### ciphertext

### - multiple use of the same key - no security proof

### Contribution: Leakage-Resilient Symmetric Encryption via Re-keying

### Michel Abdalla, Sonia Belaïd, Pierre-Alain Fouque

### CHES 2013: 471-488

**03-27-2014** **7**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Encryption Scheme

### encryption scheme plaintext

### secret key

### ciphertext

### Goal: efficient and leakage-resilient encryption scheme Related Work: Kocher’s patent 1999 but

### - multiple use of the same key - no security proof

### Contribution: Leakage-Resilient Symmetric Encryption via Re-keying

### Michel Abdalla, Sonia Belaïd, Pierre-Alain Fouque CHES 2013: 471-488

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Contributions

### Scheme 1 LR encryption scheme using a LR PRF

### Scheme 2 Instantiation of Scheme 1 with the [FPS12] LR PRF Scheme 3 more efficient and still LR encryption scheme with a

### tweaked (not LR and not PRF) function

**03-27-2014** **9**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

**03-27-2014** **9**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

**03-27-2014** **9**/24
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Schemes 1 and 2

### • Re-keying Primitive I leakage-resilient PRF

### • Block Cipher I as a PRF

### I not leakage-resilient

### - instantiated with the [FPS12] LR PRF

### Faust, Pietrzak, Schipper: Practical Leakage-Resilient Symmetric Cryptography. CHES 2012

**03-27-2014** **10/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Scheme 3: More Efficient LR Encryption Scheme

### LR Encryption Scheme from 4 re-keying function

### (not LR, not PRF) 4 block cipher with

### 4 short-cuts between keys 4 uniformly random values:

### - one triplet per level [FPS12], - PRG with public seed [YS13]

### but

### 8 additional constraint on the message

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Security Aspects

### I block cipher with **random inputs** → plaintext added to the output I **same primitive** for the block cipher and the weak PRFs

### I secret keys used at most **three times** :

### → avoid the recomputation of previous keys

**03-27-2014** **12/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Instantiation

### weak PRF

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Instantiation

### weak PRF

### block

### cipher

**03-27-2014** **12/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

Leakage-Resilient Constructions Practical Analysis

## Instantiation

### weak PRF

### block

### cipher PRG

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Instantiation

### weak PRF

### block

### cipher PRG

### unmasked

### AES

**03-27-2014** **13/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Outline

### 1 Leakage-Resilient Encryption Scheme

### 2 Leakage-Resilient PRNG with Input

### 3 Conclusion

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

Leakage-Resilient Encryption Scheme Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Pseudo-Random Generators

### Related Works: PRNG

### - robust with input: Dodis et al. CCS’13 - leakage-resilient: Yu et al. CCS’10

### Contribution: Leakage-Resilient PRNG with Input

### Michel Abdalla, Sonia Belaïd, David Pointcheval, Sylvain Ruhault,

### Damien Vergnaud

**03-27-2014** **14/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Pseudo-Random Generators

### Goal: efficient and leakage-resilient PRNG

### Related Works: PRNG

### - robust with input: Dodis et al. CCS’13 - leakage-resilient: Yu et al. CCS’10

### Contribution: Leakage-Resilient PRNG with Input

### Michel Abdalla, Sonia Belaïd, David Pointcheval, Sylvain Ruhault, Damien Vergnaud

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## PRNG with Input from CCS 2013

### I **setup()** outputs **seed** = (X , X ^{0} );

### I S = **refresh(S,** I; X) = S · X + I;

### I (S, R) = **next(S;** X ^{0} ) = **G([X** ^{0} S] ^{m} _{1} ).

**G** : {0, 1} ^{m} → {0, 1} ^{n+`} is a secure PRG (K ← [X ^{0} S] ^{m} _{1} ).

**03-27-2014** **16/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Security Properties

**Attacker** A **Capabilities**

### I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### Robustness

### If enough entropy is provided, A cannot distinguish (S, R) from a uniformly random string with a significant advantage.

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

Leakage-Resilient Encryption Scheme Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Security Properties

**Attacker** A **Capabilities** I ask for outputs (S, R)

### Robustness

### If enough entropy is provided, A cannot

### distinguish (S, R) from a uniformly random

### string with a significant advantage.

**03-27-2014** **16/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Security Properties

**Attacker** A **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### Robustness

### If enough entropy is provided, A cannot distinguish (S, R) from a uniformly random string with a significant advantage.

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

Leakage-Resilient Encryption Scheme Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Security Properties

**Attacker** A **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### distinguish (S, R) from a uniformly random

### string with a significant advantage.

**03-27-2014** **16/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Security Properties

**Attacker** A **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### Robustness

### If enough entropy is provided, A cannot distinguish (S, R) from a uniformly random string with a significant advantage.

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

Leakage-Resilient Encryption Scheme Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## New Security Properties

**Attacker** A ^{L} **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### Robustness with Leakage

### If enough entropy is provided, A ^{L} cannot

### distinguish (S, R) from a uniformly random

### string with a significant advantage.

**03-27-2014** **17/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## New Security Properties

**Attacker** A ^{L} **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### I collect the leakage: λ bits of information on the manipulated data at each invocation

### Robustness with Leakage

### If enough entropy is provided, A ^{L} cannot distinguish (S, R) from a uniformly random string with a significant advantage.

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## New Security Properties

**Attacker** A ^{L} **Capabilities** I ask for outputs (S, R) I compromise the inputs I

### I compromise the internal state S

### I collect the leakage: λ bits of information on the manipulated data at each invocation

### Robustness with Leakage

### If enough entropy is provided, A ^{L} cannot

### distinguish (S, R) from a uniformly random

### string with a significant advantage.

**03-27-2014** **18/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Limitations in Presence of Leakage: Generator **G**

### I **setup()** outputs **seed** = (X , X ^{0} );

### I S = **refresh(S,** I; X) = S · X + I;

### I (S, R) = **next(S;** X ^{0} ) = **G([X** ^{0} S] ^{m} _{1} ).

### → Diffential Power Analysis of **G**

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## New Generic Construction

### I **setup()** outputs **seed** = (X , X ^{0} , X ^{00} );

### I S = **refresh(S,** I; X) = S · X + I;

### I (S, R) = **next(S;** X ^{0} , X ^{00} ) = **G([X** ^{0} S] ^{m} _{1} , X ^{00} ).

### New security property for PRG **G**

**G** is a leakage-resilient and secure PRG.

**03-27-2014** **20/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

Context

PRNG with Input from CCS 2013 Leakage-Resilient Generic Construction Instantiation

## Leakage-Resilient Instantiation

**F** p

0
**F**

^{0}

### C

**F** p

1
### pub lic v ar iab les

**F**

^{0}

### C + 1

### K

0### T

0### K

0### T

_{1}

### X

^{00}

### X

^{00}

### . . . . . .

**F** p

n+`−2
**F**

^{0}

### C + n + ` − 2

**F** p

n+`−1
**F**

^{0}

### C + n + ` − 1

### K

κ−1### T

n+`−2### K

κ−1### T

n+`−1### X

^{00}

### X

^{00}

### (K 0 || . . . ||K _{κ−1} ||C) ← [X ^{0} S] ^{m} _{1} m is (κ + 1) times larger than in CCS’13

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Practical Analysis

### CCS’13 (2 ^{−40} security):

### I internal state S: 489 bits I threshold: γ ^{∗} = 449 I AES: 5 calls with 1 secret

### key

### Our Construction (2 ^{−40} security):

### I internal state S: 1408 bits I threshold: γ ^{∗} = 1370 I AES: 12 calls with 6 secret

### keys (2 calls per secret key)

### I Efficiency: about **five times** slower than CCS 13

### I Security: higher security levels can be achieved with a tweaked

### instantiation

**03-27-2014** **22/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

## Outline

### 1 Leakage-Resilient Encryption Scheme

### 2 Leakage-Resilient PRNG with Input

### 3 Conclusion

Sonia Belaïd Leakage-Resilient Primitives using Re-keying

## Conclusion

### Summary

### ? **leakage-resilient** and **efficient** symmetric encryption

### ? **leakage-resilient** and **efficient** PRNG with input

### Further Work

### ? **more efficient** leakage-resilient primitives

### ? leakage-resilience evaluation of different **modes of operation**

**03-27-2014** **24/24**
Leakage-Resilient Encryption Scheme

Leakage-Resilient PRNG with Input Conclusion

## Thank you

Sonia Belaïd Leakage-Resilient Primitives using Re-keying