EP3931999A1 - Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt - Google Patents
Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schütztInfo
- Publication number
- EP3931999A1 EP3931999A1 EP20701829.2A EP20701829A EP3931999A1 EP 3931999 A1 EP3931999 A1 EP 3931999A1 EP 20701829 A EP20701829 A EP 20701829A EP 3931999 A1 EP3931999 A1 EP 3931999A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- chunk
- mask
- encoded
- masked
- input message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/043—Masking or blinding of tables, e.g. lookup, substitution or mapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Definitions
- the present invention relates to the field of cryptographic methods and devices protected against side channel analysis, and more particularly to a new masking scheme protecting linear operations of a cryptographic algorithm against side-channel attacks.
- Cryptographic algorithms are commonly used for ensuring the privacy of communications by encryption, for authentication or for generating a verifiable signature.
- cryptographic processes are more and more deployed in applications executed on open devices.
- many user devices now have access to the Internet, such as PCs, tablets, smartphones, and can be used for playing copyrighted digital content such as audio or video files.
- Such files may be cryptographically protected, for example using digital rights management (DRM) files, in order to make it available to a user only as long as the user as subscribed to an online multimedia streaming service.
- DRM digital rights management
- Cryptographic processes are then executed in an environment where not all users or devices can be trusted.
- a context is usually called a white-box attack context.
- cryptosystems sensitive data such as private keys are vulnerable to attacks since the attacker has full access to the software implementation of the cryptographic processes.
- Binary code of such processes is completely accessible and editable by the attacker that can analyze the binary code of the cryptography application and, for example, memory pages or registers used for temporary storage during the execution. Such manipulations may, for example, be performed using debuggers and hardware emulation tools.
- Software implementations of cryptosystems able to resist white-box attacks have been sought.
- the private key may be provided on the subscriber’s device, e.g., a mobile device such as a mobile telephone, in a manner that it can be used by the device to decrypt or generate a signature without revealing the private key.
- the key might be hidden in some way inside the code implementing the decryption/signature algorithm and the algorithm may be obfuscated so that it is very difficult to determine where the key is hidden.
- the key’s value might be also protected so that it is very difficult to determine it. This is referred to as white-box cryptography.
- a commonly used countermeasure against side-channel attacks is the masking of the intermediate values of the cryptographic operations with a random mask. In that case, an attacker performing a first-order side-channel attack at a given point of the encryption process would only get random values and would not obtain any information on the secret key used for the cryptographic process. Such a countermeasure may have an important impact on performances by causing memory and/or time overhead.
- LUT Look-Up Tables
- this invention therefore relates to a method secured against side channel attacks performing an operation of a cryptographic algorithm on an input message in a whitebox implementation using a cryptographic key, said operation being linear with a Boolean exclusive OR (XOR) operation or an arithmetic operation (+),
- a client device comprising at least one hardware processor and a random generator and comprises :
- Such a method enables to perform the operation f using masked inputs and outputs without requiring any randomization of a LUT corresponding to the operation f and without requiring the generation of a dedicated output mask for masking the output of the calculation.
- said step of masks generation may be correlated with the step of determining an encoded value of the result of performing said operation on the chunk of the cryptographic key and on the chunk of the input message, masked with the first and second masks.
- Said random generator may be configured to generate first mask and second mask under an encoded state, and said encoded first and second masks may be used instead of the unencoded first and second masks in the steps of said method.
- the cryptographic algorithm may perform an operation among a linear part of a hash function, of a block cipher and of a stream cipher.
- the hash function may be among MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions
- the block cipher may be among AES, XTEA, FEAL, SPECK, Threefish functions and/or the stream cipher may be among Salsa20, ChaCha functions.
- this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods according to the first aspect when said product is run on the computer.
- this invention therefore relates also to a non-transitory computer readable medium storing executable computer code that when executed by a client device comprising at least one hardware processor performs the method according to the first aspect.
- this invention therefore relates also to a client device comprising :
- Said random generator may be configured to generate the first mask and second mask under an encoded state.
- Figure 1 illustrates schematically performing an operation f of a cryptographic algorithm
- Figure 2 illustrates schematically a method performing an operation f of a cryptographic algorithm with a usual masking scheme
- Figure 3 is a schematic illustration of a system according to an embodiment of the present invention
- Figure 4 is a schematic illustration of a client device according to an embodiment of the present invention
- Figure 5 illustrates schematically a method according the present invention
- Figure 6 illustrates schematically a method according to an embodiment of the present invention.
- the invention provides a method performing an operation f of a cryptographic algorithm which, as described on Figure 1 , applies to a chunk of an input message x and uses a chunk of a cryptographic key k.
- the operation f is implemented using a lookup-table (LUT) compatible with encoded inputs and generating an encoded output.
- the LUT performs the decoding of the encoded inputs Ek(k) and E x (x), computes y the result of the function and gives an encoded output E y (y); E k , E x and E y being random bijective mappings.
- This LUT-based implementation of the operation f is not resistant to side-channel attacks of any-order.
- the aim of the invention is to make this method secured against side channel attacks while consuming less resources than a usual masking scheme such as the one described on Figure 2.
- this method is performed by a client device 101 .
- a client device 101 may for example be a personal computer, or a smartphone.
- the client device 101 may be connected to at least one distant server 102 through a network 103.
- the client device 101 may include at least one hardware processor 201 , connected via a bus 202 to a computer readable memory circuit including a random access memory (RAM) 203, a read-only memory (ROM) 204, and/or a non-volatile memory (NVM) 205.
- the client device 101 may also include a random number generator (RNG) 206 (called also “mask generator”), which is implemented as a software RNG run by the hardware processor.
- RNG random number generator
- the client device 101 may further include an interface 207.
- Such an interface may be either a wired interface such as a USB, Ethernet or Thunderbolt interface, or a wireless interface, such as a Wifi or Bluetooth interface.
- the interface 207 may be used to connect the client device 101 to the network 103 which may be a wired network such as an Ethernet network or to a wireless network, e.g., wide-area networks, WiFi networks, or mobile telephony networks, through which communication may be performed with the server 102.
- the network 103 may be a wired network such as an Ethernet network or to a wireless network, e.g., wide-area networks, WiFi networks, or mobile telephony networks, through which communication may be performed with the server 102.
- the method according to the invention is designed to be used when the operation to be performed is linear with a Boolean exclusive OR (XOR) operation or an arithmetic operation, such as an addition or a subtraction modulo 2 A i with i an integer. It may be used for performing an operation among a linear part of a hash function (MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions... ) of a block cipher (XTEA, FEAL, SPECK, Threefish functions... ) and of a stream cipher (Salsa20, ChaCha functions... ).
- a hash function MD5, SHA1 , SHA2, SHA256, SHA512, Skein functions...
- a block cipher XTEA, FEAL, SPECK, Threefish functions...
- Salsa20, ChaCha functions... a stream cipher
- this operation may for example be part of an algorithm comprising only linear operations such as the hash functions SHA1/SHA2 or SHA1/SHA2-based HMAC algorithms. It may also be included in a linear part of an algorithm also having non linear parts such as AES or DES cryptographic schemes.
- the main idea of the invention is to change the way the input values of the operation f are masked.
- the values handheld by a cryptographic algorithm are encoded using bijective mappings in order to prevent an attacker from reading such values in the client device memory.
- Such values are masked by combining an already encoded value with a mask. As a result, such a masking must be removed before performing a subsequent operation, as described here above.
- the method according to the invention combines the decoded chunk of the input message x and the chunk of the cryptographic key k with a mask before encoding the result of the combination.
- the encoded inputs to the linear operation f may be decoded without unmasking, and then the operation f itself may be performed without unmasking such inputs either, thanks to the linearity of the operation f with the XOR or arithmetic operation used for the masking.
- the random generator of the client device generates a first mask rri k and a second mask m x .
- These masks are boolean masks if the operation f is linear with a Boolean exclusive OR (XOR) operation and are arithmetic masks if the operation f is linear with an arithmetic operation.
- XOR exclusive OR
- the symbol ® represents both XOR in the case of Boolean masks and any such arithmetic operation in the case of arithmetic masks.
- the client device obtains an encoded chunk of the cryptographic key E’ k (k) and an encoded chunk of the input message E’ x (x).
- a chunk may be any part of the whole key or input message, including the whole key or input message itself.
- the server 102 may have generated randomly the bijective mappings which are to be used for encodings, and the cryptographic key, and it may have provided it to the client device.
- the client device may derive the encoded chunks of the key and the message by itself from the whole key and the whole input message, or it may read such encoded chunks in one of its memories or receive it through its interface 207.
- the client device applies the generated mask to the obtained chunks by using lookup tables.
- the key masking look up tables map the obtained encoded chunk of the cryptographic key E’ k (k) and the first mask rri k to said encoded value of the masked chunk of the cryptographic key E k (k®/ ). In order to do so, the key masking look-up tables are equivalent to, as illustrated on figure 5, decoding the encoded key E’ k (k), then masking using the first mask rri k and finally encoding E k.
- the second step S2 and the first masking step S31 may be merged in one step and be implemented with a single instruction reading access to the look up tables with as read indexes the generated mask and the obtained chunk to obtain the encoded value of the masked chunk of the cryptographic key.
- the client device determines an encoded value Ex(x® nix) of the chunk of the input message x masked with the second mask m x , by using at least one input message masking look up table.
- the input message masking look up tables map the obtained encoded chunk of the input message E’ x (x) and the second mask m x to said encoded value of the masked chunk of the input message Ex(x® m x ). In order to do so, the input message masking look-up tables are equivalent to, as illustrated on figure 5, decoding the encoded message E’ x (x), then masking using the second mask m x and finally encoding E x.
- two or more operations among decoding, masking and encoding may be performed altogether by a single LUT.
- Preferentially decoding, masking and encoding are performed altogether by a single LUT to ensure the confidentiality of the encodings.
- the operation look up tables map the determined encoded value of the chunk of the cryptographic key masked with the first mask E k (k®/ ) and the determined encoded value of the chunk of the input message masked with the second mask E x (x® m x ) to said encoded value of the masked result of the operation E y (y0 m x @mk).
- the operation look up tables are equivalent to decoding both the encoded value E k (k®/ ) of the chunk of the cryptographic key masked with the first mask rri k and the encoded value E x (x® m x ) of the chunk of the input message x masked with the second mask m x , and then performing the operation f, and finally encoding the result E y .
- the operation f and encoding are performed altogether by a single LUT to ensure the confidentiality of the encodings. Since the operation f is linear with the XOR or arithmetic operation used for the masking, it is possible to perform the operation f on the chunk of the cryptographic key and the chunk of the input message without unmasking it first. Consequently, the LUT, or combination of LUTs, used at the fourth step for the operation f can be the standard LUT representing the operation f. There is no need to randomize it for making it compatible with a specific masking of its inputs or for outputting a masked output, which makes the implementation faster compared to the commonly used masking scheme presented in figure 2. Such a standard LUT may be provided by the server 102 to the client device 101 . It also requires generating less masks as the output mask of the operation f is the XOR of the 2 inputs masks rather than a specific third mask as shown on Figure 2.
- the random generator may be configured to generate the first mask and second mask under an encoded state E m (/ ), E m ⁇ m x ).
- the client device may use these encoded first and second masks instead of the unencoded first and second masks in the steps of the method described here above. This embodiment is illustrated on figure 6.
- the masking look up tables also decode the encoded first and second mask, before masking the chunk of the cryptographic key k and the chunk of the input message x.
- Such an embodiment prevents, during the whole computation, the masks from being handheld as unencoded values, which masks makes the implementation resistant to second-order side channel attacks.
- said step of masks generation S1 is correlated with the fourth step S4 determining an encoded value E y (y® m x @mk ) of the result y of performing the operation f on the chunk of the cryptographic key k and on the chunk of the input message x, masked with the first and second masks.
- E y y® m x @mk
- this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods according to the first aspect when said product is run on the computer.
- this invention therefore relates also to a non-transitory computer readable medium storing executable computer code that when executed by a client device comprising at least one hardware processor performs the methods according to the first aspect.
- this invention therefore relates also to a client device 101 comprising :
- At least one memory for storing the encoded values and the results of the calculations performed during the different computing steps.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19305233.9A EP3703305A1 (de) | 2019-02-27 | 2019-02-27 | Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt |
PCT/EP2020/052495 WO2020173662A1 (en) | 2019-02-27 | 2020-01-31 | Method secured against side-channel attacks with a new masking scheme protecting linear operations of a cryptographic algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3931999A1 true EP3931999A1 (de) | 2022-01-05 |
Family
ID=66554303
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19305233.9A Withdrawn EP3703305A1 (de) | 2019-02-27 | 2019-02-27 | Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt |
EP20701829.2A Pending EP3931999A1 (de) | 2019-02-27 | 2020-01-31 | Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19305233.9A Withdrawn EP3703305A1 (de) | 2019-02-27 | 2019-02-27 | Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt |
Country Status (2)
Country | Link |
---|---|
EP (2) | EP3703305A1 (de) |
WO (1) | WO2020173662A1 (de) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112564885B (zh) * | 2020-11-26 | 2022-07-12 | 南京农业大学 | 基于掩码变量最大概率密度函数分布的侧信道测试分析方法 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SG10201405852QA (en) * | 2014-09-18 | 2016-04-28 | Huawei Internat Pte Ltd | Encryption function and decryption function generating method, encryption and decryption method and related apparatuses |
KR102397579B1 (ko) * | 2017-03-29 | 2022-05-13 | 한국전자통신연구원 | 부채널 분석 방지를 위한 화이트박스 암호 방법 및 장치 |
-
2019
- 2019-02-27 EP EP19305233.9A patent/EP3703305A1/de not_active Withdrawn
-
2020
- 2020-01-31 WO PCT/EP2020/052495 patent/WO2020173662A1/en unknown
- 2020-01-31 EP EP20701829.2A patent/EP3931999A1/de active Pending
Also Published As
Publication number | Publication date |
---|---|
WO2020173662A1 (en) | 2020-09-03 |
EP3703305A1 (de) | 2020-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11233659B2 (en) | Method of RSA signature or decryption protected using a homomorphic encryption | |
US9838198B2 (en) | Splitting S-boxes in a white-box implementation to resist attacks | |
US20170126397A1 (en) | Protecting a white-box implementation against attacks | |
US10097342B2 (en) | Encoding values by pseudo-random mask | |
CN106888080B (zh) | 保护白盒feistel网络实施方案以防错误攻击 | |
US9515818B2 (en) | Multi-block cryptographic operation | |
EP3035585B1 (de) | S-box in kryptografischer implementierung im white-box zusammenhang | |
US11063743B2 (en) | Method of RSA signature of decryption protected using assymetric multiplicative splitting | |
US8699702B2 (en) | Securing cryptographic process keys using internal structures | |
EP3125462A1 (de) | Ausgeglichene codierung von zwischenwerten in einer white-box-implementierung | |
US9485226B2 (en) | Method for including an implicit integrity or authenticity check into a white-box implementation | |
CN107273724B (zh) | 为白盒实施方案的输入和输出加水印 | |
US20160078250A1 (en) | Remapping constant points in a white-box implementation | |
US9363244B2 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
EP3363142A1 (de) | Kryptografische vorrichtung und codierungsvorrichtung | |
WO2021129470A1 (zh) | 基于多项式完全同态的二进制数据加密系统及方法 | |
US11870913B2 (en) | Method for generating a digital signature of an input message | |
EP2960891B1 (de) | Verfahren zur einführung der abhängigkeit einer white-box-implementation auf einen satz von strings | |
US10412054B2 (en) | Method for introducing dependence of white-box implementation on a set of strings | |
EP3931999A1 (de) | Verfahren, das gegen seitenkanalangriffe mit einem neuen maskierungsschema gesichert ist, das lineare operationen eines kryptografischen algorithmus schützt | |
CN111602367B (zh) | 用于保护在使白盒密码算法安全的对策中使用的熵源的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210927 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: THALES DIS FRANCE SAS |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) |