EP3931999A1 - Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt - Google Patents

Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt

Info

Publication number
EP3931999A1
EP3931999A1 EP20701829.2A EP20701829A EP3931999A1 EP 3931999 A1 EP3931999 A1 EP 3931999A1 EP 20701829 A EP20701829 A EP 20701829A EP 3931999 A1 EP3931999 A1 EP 3931999A1
Authority
EP
European Patent Office
Prior art keywords
chunk
mask
encoded
masked
input message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20701829.2A
Other languages
English (en)
French (fr)
Inventor
Hamza JELJELI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SAS
Original Assignee
Thales DIS France SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales DIS France SA filed Critical Thales DIS France SA
Publication of EP3931999A1 publication Critical patent/EP3931999A1/de
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/043Masking or blinding of tables, e.g. lookup, substitution or mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Definitions

  • the present invention relates to the field of cryptographic methods and devices protected against side channel analysis, and more particularly to a new masking scheme protecting linear operations of a cryptographic algorithm against side-channel attacks.
  • Cryptographic algorithms are commonly used for ensuring the privacy of communications by encryption, for authentication or for generating a verifiable signature.
  • cryptographic processes are more and more deployed in applications executed on open devices.
  • many user devices now have access to the Internet, such as PCs, tablets, smartphones, and can be used for playing copyrighted digital content such as audio or video files.
  • Such files may be cryptographically protected, for example using digital rights management (DRM) files, in order to make it available to a user only as long as the user as subscribed to an online multimedia streaming service.
  • DRM digital rights management
  • Cryptographic processes are then executed in an environment where not all users or devices can be trusted.
  • a context is usually called a white-box attack context.
  • cryptosystems sensitive data such as private keys are vulnerable to attacks since the attacker has full access to the software implementation of the cryptographic processes.
  • Binary code of such processes is completely accessible and editable by the attacker that can analyze the binary code of the cryptography application and, for example, memory pages or registers used for temporary storage during the execution. Such manipulations may, for example, be performed using debuggers and hardware emulation tools.
  • Software implementations of cryptosystems able to resist white-box attacks have been sought.
  • the private key may be provided on the subscriber’s device, e.g., a mobile device such as a mobile telephone, in a manner that it can be used by the device to decrypt or generate a signature without revealing the private key.
  • the key might be hidden in some way inside the code implementing the decryption/signature algorithm and the algorithm may be obfuscated so that it is very difficult to determine where the key is hidden.
  • the key’s value might be also protected so that it is very difficult to determine it. This is referred to as white-box cryptography.
  • a commonly used countermeasure against side-channel attacks is the masking of the intermediate values of the cryptographic operations with a random mask. In that case, an attacker performing a first-order side-channel attack at a given point of the encryption process would only get random values and would not obtain any information on the secret key used for the cryptographic process. Such a countermeasure may have an important impact on performances by causing memory and/or time overhead.
  • LUT Look-Up Tables
  • this invention therefore relates to a method secured against side channel attacks performing an operation of a cryptographic algorithm on an input message in a whitebox implementation using a cryptographic key, said operation being linear with a Boolean exclusive OR (XOR) operation or an arithmetic operation (+),
  • a client device comprising at least one hardware processor and a random generator and comprises :
  • Such a method enables to perform the operation f using masked inputs and outputs without requiring any randomization of a LUT corresponding to the operation f and without requiring the generation of a dedicated output mask for masking the output of the calculation.
  • said step of masks generation may be correlated with the step of determining an encoded value of the result of performing said operation on the chunk of the cryptographic key and on the chunk of the input message, masked with the first and second masks.
  • Said random generator may be configured to generate first mask and second mask under an encoded state, and said encoded first and second masks may be used instead of the unencoded first and second masks in the steps of said method.
  • the cryptographic algorithm may perform an operation among a linear part of a hash function, of a block cipher and of a stream cipher.
  • the hash function may be among MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions
  • the block cipher may be among AES, XTEA, FEAL, SPECK, Threefish functions and/or the stream cipher may be among Salsa20, ChaCha functions.
  • this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods according to the first aspect when said product is run on the computer.
  • this invention therefore relates also to a non-transitory computer readable medium storing executable computer code that when executed by a client device comprising at least one hardware processor performs the method according to the first aspect.
  • this invention therefore relates also to a client device comprising :
  • Said random generator may be configured to generate the first mask and second mask under an encoded state.
  • Figure 1 illustrates schematically performing an operation f of a cryptographic algorithm
  • Figure 2 illustrates schematically a method performing an operation f of a cryptographic algorithm with a usual masking scheme
  • Figure 3 is a schematic illustration of a system according to an embodiment of the present invention
  • Figure 4 is a schematic illustration of a client device according to an embodiment of the present invention
  • Figure 5 illustrates schematically a method according the present invention
  • Figure 6 illustrates schematically a method according to an embodiment of the present invention.
  • the invention provides a method performing an operation f of a cryptographic algorithm which, as described on Figure 1 , applies to a chunk of an input message x and uses a chunk of a cryptographic key k.
  • the operation f is implemented using a lookup-table (LUT) compatible with encoded inputs and generating an encoded output.
  • the LUT performs the decoding of the encoded inputs Ek(k) and E x (x), computes y the result of the function and gives an encoded output E y (y); E k , E x and E y being random bijective mappings.
  • This LUT-based implementation of the operation f is not resistant to side-channel attacks of any-order.
  • the aim of the invention is to make this method secured against side channel attacks while consuming less resources than a usual masking scheme such as the one described on Figure 2.
  • this method is performed by a client device 101 .
  • a client device 101 may for example be a personal computer, or a smartphone.
  • the client device 101 may be connected to at least one distant server 102 through a network 103.
  • the client device 101 may include at least one hardware processor 201 , connected via a bus 202 to a computer readable memory circuit including a random access memory (RAM) 203, a read-only memory (ROM) 204, and/or a non-volatile memory (NVM) 205.
  • the client device 101 may also include a random number generator (RNG) 206 (called also “mask generator”), which is implemented as a software RNG run by the hardware processor.
  • RNG random number generator
  • the client device 101 may further include an interface 207.
  • Such an interface may be either a wired interface such as a USB, Ethernet or Thunderbolt interface, or a wireless interface, such as a Wifi or Bluetooth interface.
  • the interface 207 may be used to connect the client device 101 to the network 103 which may be a wired network such as an Ethernet network or to a wireless network, e.g., wide-area networks, WiFi networks, or mobile telephony networks, through which communication may be performed with the server 102.
  • the network 103 may be a wired network such as an Ethernet network or to a wireless network, e.g., wide-area networks, WiFi networks, or mobile telephony networks, through which communication may be performed with the server 102.
  • the method according to the invention is designed to be used when the operation to be performed is linear with a Boolean exclusive OR (XOR) operation or an arithmetic operation, such as an addition or a subtraction modulo 2 A i with i an integer. It may be used for performing an operation among a linear part of a hash function (MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions... ) of a block cipher (XTEA, FEAL, SPECK, Threefish functions... ) and of a stream cipher (Salsa20, ChaCha functions... ).
  • a hash function MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions...
  • a block cipher XTEA, FEAL, SPECK, Threefish functions...
  • Salsa20, ChaCha functions... a stream cipher
  • this operation may for example be part of an algorithm comprising only linear operations such as the hash functions SHA1/SHA2 or SHA1/SHA2-based HMAC algorithms. It may also be included in a linear part of an algorithm also having non linear parts such as AES or DES cryptographic schemes.
  • the main idea of the invention is to change the way the input values of the operation f are masked.
  • the values handheld by a cryptographic algorithm are encoded using bijective mappings in order to prevent an attacker from reading such values in the client device memory.
  • Such values are masked by combining an already encoded value with a mask. As a result, such a masking must be removed before performing a subsequent operation, as described here above.
  • the method according to the invention combines the decoded chunk of the input message x and the chunk of the cryptographic key k with a mask before encoding the result of the combination.
  • the encoded inputs to the linear operation f may be decoded without unmasking, and then the operation f itself may be performed without unmasking such inputs either, thanks to the linearity of the operation f with the XOR or arithmetic operation used for the masking.
  • the random generator of the client device generates a first mask rri k and a second mask m x .
  • These masks are boolean masks if the operation f is linear with a Boolean exclusive OR (XOR) operation and are arithmetic masks if the operation f is linear with an arithmetic operation.
  • XOR exclusive OR
  • the symbol ® represents both XOR in the case of Boolean masks and any such arithmetic operation in the case of arithmetic masks.
  • the client device obtains an encoded chunk of the cryptographic key E’ k (k) and an encoded chunk of the input message E’ x (x).
  • a chunk may be any part of the whole key or input message, including the whole key or input message itself.
  • the server 102 may have generated randomly the bijective mappings which are to be used for encodings, and the cryptographic key, and it may have provided it to the client device.
  • the client device may derive the encoded chunks of the key and the message by itself from the whole key and the whole input message, or it may read such encoded chunks in one of its memories or receive it through its interface 207.
  • the client device applies the generated mask to the obtained chunks by using lookup tables.
  • the key masking look up tables map the obtained encoded chunk of the cryptographic key E’ k (k) and the first mask rri k to said encoded value of the masked chunk of the cryptographic key E k (k®/ ). In order to do so, the key masking look-up tables are equivalent to, as illustrated on figure 5, decoding the encoded key E’ k (k), then masking using the first mask rri k and finally encoding E k.
  • the second step S2 and the first masking step S31 may be merged in one step and be implemented with a single instruction reading access to the look up tables with as read indexes the generated mask and the obtained chunk to obtain the encoded value of the masked chunk of the cryptographic key.
  • the client device determines an encoded value Ex(x® nix) of the chunk of the input message x masked with the second mask m x , by using at least one input message masking look up table.
  • the input message masking look up tables map the obtained encoded chunk of the input message E’ x (x) and the second mask m x to said encoded value of the masked chunk of the input message Ex(x® m x ). In order to do so, the input message masking look-up tables are equivalent to, as illustrated on figure 5, decoding the encoded message E’ x (x), then masking using the second mask m x and finally encoding E x.
  • two or more operations among decoding, masking and encoding may be performed altogether by a single LUT.
  • Preferentially decoding, masking and encoding are performed altogether by a single LUT to ensure the confidentiality of the encodings.
  • the operation look up tables map the determined encoded value of the chunk of the cryptographic key masked with the first mask E k (k®/ ) and the determined encoded value of the chunk of the input message masked with the second mask E x (x® m x ) to said encoded value of the masked result of the operation E y (y0 m x @mk).
  • the operation look up tables are equivalent to decoding both the encoded value E k (k®/ ) of the chunk of the cryptographic key masked with the first mask rri k and the encoded value E x (x® m x ) of the chunk of the input message x masked with the second mask m x , and then performing the operation f, and finally encoding the result E y .
  • the operation f and encoding are performed altogether by a single LUT to ensure the confidentiality of the encodings. Since the operation f is linear with the XOR or arithmetic operation used for the masking, it is possible to perform the operation f on the chunk of the cryptographic key and the chunk of the input message without unmasking it first. Consequently, the LUT, or combination of LUTs, used at the fourth step for the operation f can be the standard LUT representing the operation f. There is no need to randomize it for making it compatible with a specific masking of its inputs or for outputting a masked output, which makes the implementation faster compared to the commonly used masking scheme presented in figure 2. Such a standard LUT may be provided by the server 102 to the client device 101 . It also requires generating less masks as the output mask of the operation f is the XOR of the 2 inputs masks rather than a specific third mask as shown on Figure 2.
  • the random generator may be configured to generate the first mask and second mask under an encoded state E m (/ ), E m ⁇ m x ).
  • the client device may use these encoded first and second masks instead of the unencoded first and second masks in the steps of the method described here above. This embodiment is illustrated on figure 6.
  • the masking look up tables also decode the encoded first and second mask, before masking the chunk of the cryptographic key k and the chunk of the input message x.
  • Such an embodiment prevents, during the whole computation, the masks from being handheld as unencoded values, which masks makes the implementation resistant to second-order side channel attacks.
  • said step of masks generation S1 is correlated with the fourth step S4 determining an encoded value E y (y® m x @mk ) of the result y of performing the operation f on the chunk of the cryptographic key k and on the chunk of the input message x, masked with the first and second masks.
  • E y y® m x @mk
  • this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods according to the first aspect when said product is run on the computer.
  • this invention therefore relates also to a non-transitory computer readable medium storing executable computer code that when executed by a client device comprising at least one hardware processor performs the methods according to the first aspect.
  • this invention therefore relates also to a client device 101 comprising :
  • At least one memory for storing the encoded values and the results of the calculations performed during the different computing steps.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
EP20701829.2A 2019-02-27 2020-01-31 Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt Pending EP3931999A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP19305233.9A EP3703305A1 (de) 2019-02-27 2019-02-27 Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt
PCT/EP2020/052495 WO2020173662A1 (en) 2019-02-27 2020-01-31 Method secured against side-channel attacks with a new masking scheme protecting linear operations of a cryptographic algorithm

Publications (1)

Publication Number Publication Date
EP3931999A1 true EP3931999A1 (de) 2022-01-05

Family

ID=66554303

Family Applications (2)

Application Number Title Priority Date Filing Date
EP19305233.9A Withdrawn EP3703305A1 (de) 2019-02-27 2019-02-27 Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt
EP20701829.2A Pending EP3931999A1 (de) 2019-02-27 2020-01-31 Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP19305233.9A Withdrawn EP3703305A1 (de) 2019-02-27 2019-02-27 Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt

Country Status (2)

Country Link
EP (2) EP3703305A1 (de)
WO (1) WO2020173662A1 (de)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564885B (zh) * 2020-11-26 2022-07-12 南京农业大学 基于掩码变量最大概率密度函数分布的侧信道测试分析方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG10201405852QA (en) * 2014-09-18 2016-04-28 Huawei Internat Pte Ltd Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
KR102397579B1 (ko) * 2017-03-29 2022-05-13 한국전자통신연구원 부채널 분석 방지를 위한 화이트박스 암호 방법 및 장치

Also Published As

Publication number Publication date
WO2020173662A1 (en) 2020-09-03
EP3703305A1 (de) 2020-09-02

Similar Documents

Publication Publication Date Title
US11233659B2 (en) Method of RSA signature or decryption protected using a homomorphic encryption
US9838198B2 (en) Splitting S-boxes in a white-box implementation to resist attacks
US20170126397A1 (en) Protecting a white-box implementation against attacks
US10097342B2 (en) Encoding values by pseudo-random mask
CN106888080B (zh) 保护白盒feistel网络实施方案以防错误攻击
US9515818B2 (en) Multi-block cryptographic operation
EP3035585B1 (de) S-box in kryptografischer implementierung im white-box zusammenhang
US11063743B2 (en) Method of RSA signature of decryption protected using assymetric multiplicative splitting
US8699702B2 (en) Securing cryptographic process keys using internal structures
EP3125462A1 (de) Ausgeglichene codierung von zwischenwerten in einer white-box-implementierung
US9485226B2 (en) Method for including an implicit integrity or authenticity check into a white-box implementation
CN107273724B (zh) 为白盒实施方案的输入和输出加水印
US20160078250A1 (en) Remapping constant points in a white-box implementation
US9363244B2 (en) Realizing authorization via incorrect functional behavior of a white-box implementation
EP3363142A1 (de) Kryptografische vorrichtung und codierungsvorrichtung
WO2021129470A1 (zh) 基于多项式完全同态的二进制数据加密系统及方法
US11870913B2 (en) Method for generating a digital signature of an input message
EP2960891B1 (de) Verfahren zur einführung der abhängigkeit einer white-box-implementation auf einen satz von strings
US10412054B2 (en) Method for introducing dependence of white-box implementation on a set of strings
EP3931999A1 (de) Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt
CN111602367B (zh) 用于保护在使白盒密码算法安全的对策中使用的熵源的方法

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210927

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: THALES DIS FRANCE SAS

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)