Back to Search Start Over

Hardware Private Circuits: From Trivial Composition to Full Verification

Authors :
Itamar Levi
Gaëtan Cassiers
Benjamin Grégoire
François-Xavier Standaert
UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique
Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven)
Sûreté du logiciel et Preuves Mathématiques Formalisées (STAMP)
Inria Sophia Antipolis - Méditerranée (CRISAM)
Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)
Gaetan Cassiers and Franc¸ois-Xavier Standaert are resp. Research Fellow and Senior Associate Researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in part by the ERC project 724725.
European Project: 724725,SWORD(2017)
Source :
IEEE TRANSACTIONS ON COMPUTERS, IEEE Transactions on Sustainable Computing, Vol. 70, no. 10, p. 1677-1690 (2020), IEEE Transactions on Computers, IEEE Transactions on Computers, Institute of Electrical and Electronics Engineers, 2020, ⟨10.1109/tc.2020.3022979⟩, IEEE Transactions on Computers, 2020, ⟨10.1109/tc.2020.3022979⟩
Publication Year :
2021
Publisher :
Institute of Electrical and Electronics Engineers (IEEE), 2021.

Abstract

International audience; The design of glitch-resistant higher-order masking schemes is an important challenge in cryptographic engineering. A recent work by Moos et al. (CHES 2019) showed that most published schemes (and all efficient ones) exhibit local or composability flaws at high security orders, leaving a critical gap in the literature on hardware masking. In this paper, we first extend the simulatability framework of Belaïd et al. (EUROCRYPT 2016) and prove that a compositional strategy that is correct without glitches remains valid with glitches. We then use this extended framework to prove the first masked gadgets that enable trivial composition with glitches at arbitrary orders. We show that the resulting "Hardware Private Circuits" approach the implementation efficiency of previous (flawed) schemes. We finally investigate how trivial composition can serve as a basis for a tool that allows verifying full masked hardware implementations (e.g., of complete block ciphers) at any security order from their HDL code. As side products, we improve the randomness complexity of the best published refreshing gadgets, show that some S-box representations allow latency reductions and confirm practical claims based on implementation results.

Details

ISSN :
23263814 and 00189340
Volume :
70
Database :
OpenAIRE
Journal :
IEEE Transactions on Computers
Accession number :
edsair.doi.dedup.....0d67a0fddfa3253a64a8ec9d1d931892
Full Text :
https://doi.org/10.1109/tc.2020.3022979