Consolidating Security Notions in Hardware Masking

Authors

  • Lauren De Meyer KU Leuven, imec - COSIC, Leuven, Belgium
  • Begül Bilgin KU Leuven, imec - COSIC, Leuven, Belgium; Rambus, Cryptography Research, Rotterdam
  • Oscar Reparaz KU Leuven, imec - COSIC, Leuven, Belgium; Square Inc., San Francisco

DOI:

https://doi.org/10.13154/tches.v2019.i3.119-147

Keywords:

Glitches, DPA, SCA, Verification, TI, SNI, Non-Completeness, Mutual Information, Information-theory, d-probing, Glitch Immunity

Abstract

In this paper, we revisit the security conditions of masked hardware implementations. We describe a new, succinct, information-theoretic condition called d-glitch immunity which is both necessary and sufficient for security in the presence of glitches. We show that this single condition includes, but is not limited to, previous security notions such as those used in higher-order threshold implementations and in abstractions using ideal gates. As opposed to these previously known necessary conditions, our new condition is also sufficient. On the other hand, it excludes avoidable notions such as uniformity. We also treat the notion of (strong) noninterference from an information-theoretic point-of-view in order to unify the different security concepts and pave the way to the verification of composability in the presence of glitches. We conclude the paper by demonstrating how the condition can be used as an efficient and highly generic flaw detection mechanism for a variety of functions and schemes based on different operations.

Downloads

Published

2019-05-09

Issue

Volume 2019, Issue 3

Section

Articles

License

Copyright (c) 2019 Lauren De Meyer, Begül Bilgin, Oscar Reparaz

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Consolidating Security Notions in Hardware Masking. (2019). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 119-147. https://doi.org/10.13154/tches.v2019.i3.119-147