Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA)

Transcription

1 Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche, Cédric Tavernier Laboratoire LIG, Grenoble, France. Communications and Systems, Le Plessis Robinson, France. Cryptopuces Porquerolles 8 juin 2009

2 Plan 1 List decoding of the First order Reed-Muller codes and Multi-linear cryptanalysis Multi-linear cryptanalysis List Decoding of RM(1,m) codes Complexity 2 Application to Power Analysis attacks : MLPA MLPA attack MLPA vs Other approaches A template-like attack 3 Conclusion and Open perspectives

3 Multi-linear cryptanalysis Symmetric cipher (4-bits plaintexts, 4-bits key) P K E C

4 Multi-linear cryptanalysis Symmetric cipher (4-bits plaintexts, 4-bits key) p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0

5 Multi-linear cryptanalysis Linear approximations p 3 p 1 k 2 k 0 p 2 p 0 k 3 k 1 E c 3 c 2 c 1 c 0 linear approximation p 1 p 3 k 0 k 2 = c 0 c 1 c 3 hold with probability p = 1/2 + ɛ.

6 Multi-linear cryptanalysis Multi-linear cryptanalysis k 0 k 2 = p 1 p 3 c 0 c 1 c 3 p = 1/2 + ɛ 1 k 0 k 1 k 2 = p 0 p 2 c 2 c 3 p = 1/2 + ɛ 2 k 1 k 3 = p 2 p 3 c 1 c 3 p = 1/2 + ɛ 3 k 1 k 2 k 3 = p 0 p 1 p 2 p 3 c 2 c 3 p = 1/2 + ɛ 4 Complexity of the attack [Biry 04] Given n linear approximations α i, P µ i, K = β i, E(P, K) #Plaintexts = O( 1 Pi (ɛ2 i ))

7 Multi-linear cryptanalysis Multi-linear cryptanalysis k 0 k 2 = p 1 p 3 c 0 c 1 c 3 p = 1/2 + ɛ 1 k 0 k 1 k 2 = p 0 p 2 c 2 c 3 p = 1/2 + ɛ 2 k 1 k 3 = p 2 p 3 c 1 c 3 p = 1/2 + ɛ 3 k 1 k 2 k 3 = p 0 p 1 p 2 p 3 c 2 c 3 p = 1/2 + ɛ 4 Complexity of the attack [Biry 04] Given n linear approximations α i, P µ i, K = β i, E(P, K) #Plaintexts = O( 1 Pi (ɛ2 i ))

8 Multi-linear cryptanalysis Multivariate degree 1 polynomial reconstruction P K E C α, P µ, K = β, E(P, K)

9 List Decoding of RM(1,m) codes Reed-Muller code properties Definition of RM(1, m) RM(1, m) = {f GF (2) (1) [x 1, x 2,, x m ]} ; Usual representation : (f (0), f (1),, f (2 m 1)) ; Boolean representation : f = f 1 x 1 f 2 x 2 f m x m code of lenght n = 2 m and minimal distance d = n/2. Classical Problem Given a Boolean function g, we want to construct the list {f RM(1, m) d H (f, g) n(1/2 ɛ)}, which is equivalent to L g (ɛ) = {f RM(1, m) l (g) (f ) = ( 1) f (x) g(x) 2ɛn}. x GF (2) m Johnson Bound In fact L g (ɛ) 1 4ɛ 2

10 List Decoding of RM(1,m) codes List Decoding Algorithms A simple idea 2ɛn l (g) (f ) s GF (2) m i f (i) = f 1 x 1 f i x i. r GF (2) i ( 1) g(r,s) f (i) (r) where Screnning process : we suggest f i and we check if the inequality is satisfied. L (i) g (ɛ) = {f RM(1, i) ( 1) g(r,s) f (r) 2ɛn}. s r GF (2) i In fact 4nɛ 2 M a Eb E M = L (i) g (ɛ) 1 4ɛ 2. With E = L (i) g (ɛ) ( 1) g(r,s) a(i) (r) g(r,s) b(i)(r) n. s r GF (2) i

11 Complexity Complexity Worst case complexity The complexity of this algorithm is in O(n log 2 2(ɛ)) [I Du 07]. The complexity of the prob. version is in O(m 2 /ɛ 6 ) [Kaba 04]. The size of the result can be of size m/2ɛ 2, thus optimal complexity could be in O(m/ɛ 2 ). Optimal complexity In fact Goldreich and Levin algorithm : O(m/ɛ 4 ). I. Dumer, G. Kabatiansky and C. Tavernier, not yet published : O(m/ɛ 2 )

12 Plan 1 List decoding of the First order Reed-Muller codes and Multi-linear cryptanalysis Multi-linear cryptanalysis List Decoding of RM(1,m) codes Complexity 2 Application to Power Analysis attacks : MLPA MLPA attack MLPA vs Other approaches A template-like attack 3 Conclusion and Open perspectives

13 Side channel measurements p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0

14 Side channel measurements p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0

15 MLPA attack Linear approximations and Power Analysis p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0 HD and HW models Leaked information related to the Hamming weight of the manipulated data.

16 MLPA attack Linear approximations and Power Analysis p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 HW () h 2 h 1 h 0 E c 3 c 2 c 1 c 0 HD and HW models Leaked information related to the Hamming weight of the manipulated data.

17 MLPA attack Attack algorithm and results on DPA-contest traces 1 Offline static computation : Find many and good approximations of the intermediate data Hamming weight (for every output mask). 2 Online attack : multi-linear cryptanalysis assuming Leaked information = Hamming distance. From traces "secmatv " Cipher rounds # linear equ. # key bits # traces DES DES DES DES Tab.: Attack on DPA-contest traces Results

18 MLPA attack Approximation examples Output Mask (in binary) : Bias Equations (plain part) Equations (key part) P[5, 26, 27, 31, 45, 53, 61]+ K[6, 7, 29, 38, 52] P[28, 29, 31, 37, 45, 53]+ K[6, 7, 29, 61] P[5, 28, 29, 31, 37, 45]+ K[6, 29, 38, 61] P[5, 28, 29, 31, 37, 53]+ K[7, 29, 38, 61] P[5, 8, 9, 37, 45, 53, 61]+ K[6, 7, 38, 52, 61] P[5, 14, 15, 31, 37, 45, 61]+ K[6, 29, 38, 52, 61] P[5, 28, 29, 31, 37, 53, 61]+ K[7, 29, 38, 52, 61] P[5, 26, 27, 31, 37, 53, 61]+ K[7, 29, 38, 52, 61] P[5, 26, 27, 31, 37, 45, 53, 61]+ K[6, 7, 29, 38, 52, 61]

19 MLPA vs Other approaches Classical Power Analysis attacks p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0 Limitations Intermediate data should be dependent to less than 32 key-bits.

20 MLPA vs Other approaches Classical Power Analysis attacks p 3 p 2 p 1 p 0 k 3 k 2 k 1 k 0 E c 3 c 2 c 1 c 0 Limitations Intermediate data should be dependent to less than 32 key-bits.

21 MLPA vs Other approaches Countermeasures The implementation is safe if one can shut down all information leakages : Suppress synchronization elements. (buses and registers) and/or Randomize the data processed. (masking techniques [Akka 01, Akka 03, Akka 04, Lv 05]) and/or Add random useless computations. and/or balanced dynamic dual-rail gates designs. and/or... Secure... But not for free! e.g. Three 32-Bit Random Masks and Six Additional S-Boxes are the Minimal Cost for a Secure DES Implementation [Lv 05]

22 MLPA vs Other approaches Countermeasures The implementation is safe if one can shut down all information leakages : Suppress synchronization elements. (buses and registers) and/or Randomize the data processed. (masking techniques [Akka 01, Akka 03, Akka 04, Lv 05]) and/or Add random useless computations. and/or balanced dynamic dual-rail gates designs. and/or... Secure... But not for free! e.g. Three 32-Bit Random Masks and Six Additional S-Boxes are the Minimal Cost for a Secure DES Implementation [Lv 05]

23 MLPA vs Other approaches Glued Blocks Possible solution Concentrate on the firsts and lasts rounds. i.e. no information leak during these critical rounds No observable intermediate value is dependent to less than 32 key bits. Sufficient countermeasure against DPA-like, CPA, MIA, etc... Not against MLPA!

24 A template-like attack Training device attack Remark The List-decoding algorithm operates on the target boolean function as a black-box. Getting the linear approximations from a twin board i.e. Chosen plaintexts and keys Approximations directly linked to the leaked information. much more accurate. No need to choose a power consumption model. No need to know the target block cipher. still need to know where/when to attack.

25 Next Steps on MLPA : MLPA on a consumption measurement refinement. Simultaneous MLPA on several rounds. HO-MLPA. MLPA on static masked implementation. Other block ciphers. Better linear approximations. MLPA template attack. Unknown block cipher attack.

26 The end.

27 references I M.-L. Akkar and C. Giraud. An Implementation of DES and AES, Secure against Some Attacks. In : Çetin Kaya Koç, D. Naccache, and C. Paar, Eds., CHES, pp , Springer, M.-L. Akkar and L. Goubin. A Generic Protection against High-Order Differential Power Analysis. In : T. Johansson, Ed., FSE, pp , Springer, M.-L. Akkar, R. Bevan, and L. Goubin. Two Power Analysis Attacks against One-Mask Methods. In : B. K. Roy and W. Meier, Eds., FSE, pp , Springer, 2004.

28 references II A. Biryukov, C. D. Cannière, and M. Quisquater. On Multiple Linear Approximations. In : M. K. Franklin, Ed., CRYPTO, pp. 1 22, Springer, G. K. I. Dumer and C. Tavernier. List Decoding of the First Order Binary Reed Muller Codes. Problems of Information Transmission, Vol. 43, No. 3, pp , G. Kabatiansky and C. Tavernier. List decoding with Reed Muller codes of order one. In : nine International Workshop On Algebraic and Combinatorial Coding Theory, pp , 2004.

29 references III J. Lv and Y. Han. Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards. In : C. Boyd and J. M. G. Nieto, Eds., ACISP, pp , Springer, 2005.