CRYPTOGRAPHY: Cryptography secured against side-channel attacks and fault attacks by means of treshold implementations
The traditional application of cryptography is the protection of communication lines. Here one usually assumes that both sender and receiver have equipment that is protected by physical means against attacks. In modern applications like payment cards, set-top boxes, DRM protection, …, this assumption is no longer true. The attacker often has physical access to the device that is executing the cryptographic algorithm, and can measure side channels: execution time, power consumption, electro-magnetic radiation. With the advent of the Internet of Things, the interest in embedded cryptographic systems and side-channel attacks on these systems is steadily increasing, both in academia and industry.
In cryptography, the oldest, hence the most analyzed adversary model is based on deriving the sensitive information (the secret key) by examining several outputs (in some cases together with the inputs) of the algorithm. This purely mathematical model is typically referred to as cryptanalysis. In this project, we will consider algorithms that are secure against cryptanalysis. We investigate the security of implementations against adversaries using side-channel information, such as execution time, power consumption or electromagnetic radiation of the device, in order to reveal the key. Today, it is known that any naive implementation of a cryptanalytically secure algorithm leaks side-channel information.
In this project, we focus on adversaries exploiting information that leaks through the power traces (DPA adversaries). A DPA adversary uses several instantaneous power consumption traces gathered from executions of the same algorithm using the same secret key and different known inputs.
It is not known how to design cryptographic algorithms that are secure even if the attacker has access to the intermediate results. Therefore, the current research concentrates on implementation techniques that ensure that the intermediate results of the cryptographic algorithm are statistically independent of the secret key. We distinguish two classes of countermeasures against side-channel attacks. Circuit design approaches try to remove the root of the side-channel leakage by balancing the power consumption of different data values. However, in the current hardware technologies, it is very difficult to achieve perfect balancing. Even small remaining asymmetries can be exploited in an attack.
Another method is to randomize the intermediate values of an algorithm by masking them. This can be done at the algorithm level, at the gate level or even in combination with circuit design approaches. Instead of working on the secret variables, the circuits work on masked variables and the corresponding masks. For this approach it is important to take into account glitches and other transient effects, as well as crosstalk between lines and other effects which may create dependencies between the values of the masks and the masked variables, and lead to leakage of information on the secret value.