Periodic Reporting for period 4 - SWORD (Security Without Obscurity for Reliable Devices)
Reporting period: 2022-03-01 to 2023-08-31
Cryptographic implementations are traditionally evaluated based on a trade-off between security and efficiency. However, when it comes to physical security against attacks exploiting side-channel leakages or fault insertions, this approach is limited by the difficulty to define the adversaries (e.g. their knowledge about the target implementation) and to specify sound physical assumptions. Quite naturally, the problem becomes even more challenging in contexts where implementations can be maliciously modified during design or fabrication via so-called hardware Trojans The goal of the SWORD project is to design cryptographic implementations by relying on physical assumptions that can be empirically verified, in order to obtain sound security guarantees based on mathematical proofs or arguments. Additionally, the empirical verification of physical assumptions is aimed to become more transparent, by considering open source hardware and software. By allowing adversaries and evaluators to know implementation details, we expect to enable a better understanding of the fundamentals of physical security, therefore leading to improved security, efficiency and trust in the longer term. That is, we hope to establish security guarantees based on a good understanding of the physics, rather than the (relative) misunderstanding caused by closed systems as currently deployed in most applications. This should in turn enable more secure, efficient and publicly analyzed implementations of important algorithms, that are required for protecting the confidentiality and the integrity of citizen’s digital communications and assets.
An overview of the project’s achievements during its first half can be found in an invited talk given by the PI at Eurocrypt 2019: https://www.youtube.com/watch?v=KdhrsuJT1sE
Overall, the projects’ achievements are in four directions: mathematical aspects: primitives & definitions; physical assumptions; open source hardware and software; evaluation & verification. Strong achievements have been obtained in all directions, as suggested by the list of papers published. In summary, the main advances during the first part of the project can be described as follows:
For the mathematical aspects, strong efforts have been paid towards understanding security definitions for leakage-resistant authenticated encryption and designs that can satisfy this definition. Our team also invested significant time in extending the formal analysis of masking schemes (in terms of composability and resistance against physical defaults).
The understanding of the noise and independence assumptions that are required for algorithmic countermeasures such as masking to deliver security were at the core of our investigation regarding physical assumptions, together with the analysis of new learning problems (in particular the Learning Parity with Physical Noise problem).
Most of our ideas were tested based on open prototype implementations. This includes software (e.g. ARM Cortex) and FPGA implementations, but also the tape out of a prototype chip of which we analysed he noise and leakage characteristics.
Finally, the sound evaluation of physical security remains an important challenge. Major steps have been obtained in order to enable strict bounds for the information leakage of an implementation (and several other results to pinpoint limitations in other approaches).
In the second part of the project, these four directions have been further extended in order to confirm the general feasibility of the “security without obscurity” vision that the project put forward, and combined into solutions that best combine protection levels at different abstraction levels.
Among the many results obtained, we would like the mention the few following ones.
More on the mathematical side, we compared and improved the efficiency of leakage-resistant modes of operation (e.g. with the Triplex mode or efforts towards avoiding idealized assumptions that are not verifiable/falsifiable). We made significant improvements towards improving the tightness of masking security proofs in the random probing and noisy leakage model, up to the point where they can directly be combined with practical evaluation tools. We also proposed a first model for the analysis of combined (side-channel and fault) attacks. We finally made significant progress towards masked gadgets that are composable and resistant against physical defaults.
On the physical aspect, a very innovative part of the project was the work on “hard physical learning problems” that mimic the well-known “hard learning problems” used in cryptography with physical functions. This can be used as a provocative way to implement primitives relying on hard learning problems, as formalized by the Learning Parity with Physical Noise (LPPN) assumption or the Learning with Physical Errors (LWPE) one. As an important contribution in this direction, we succeeded in reducing a broad class of physical problems to the standard (LPN) assumption. An even more promising direction is the introduction of the Learning with Physical Rounding (LWPR) problem, which can serve as a basis for strong re-keying schemes and was latterly found to have potential applications in post-quantum cryptography.
Finally, from the evaluation viewpoint, we developed new information theoretic bounds that can capture the profiling complexity of a side-channel attack and tools aimed to bound worst-case security level. We also tackled the evaluation of challenging targets (e.g. breaking 32-bit masked software implementations of the AES) and developed statistical tools such as the regression-based linear discriminant analysis that allows modelling the leakage of such implementations without artificially introducing algorithmic noise caused by small models.
We believe the combination of these results demonstrates the feasibility of developing cryptographic implementations of which the physical security depends on sound and reproducible principles rather than on closed-source heuristics. It turns out they also opened new research avenues since some of these results were found to have great potential for application in post-quantum cryptography. This has led to the submission of an ERC Advanced Grant which was awarded to the PI.
Overall, the projects’ achievements are in four directions: mathematical aspects: primitives & definitions; physical assumptions; open source hardware and software; evaluation & verification. Strong achievements have been obtained in all directions, as suggested by the list of papers published. In summary, the main advances during the first part of the project can be described as follows:
For the mathematical aspects, strong efforts have been paid towards understanding security definitions for leakage-resistant authenticated encryption and designs that can satisfy this definition. Our team also invested significant time in extending the formal analysis of masking schemes (in terms of composability and resistance against physical defaults).
The understanding of the noise and independence assumptions that are required for algorithmic countermeasures such as masking to deliver security were at the core of our investigation regarding physical assumptions, together with the analysis of new learning problems (in particular the Learning Parity with Physical Noise problem).
Most of our ideas were tested based on open prototype implementations. This includes software (e.g. ARM Cortex) and FPGA implementations, but also the tape out of a prototype chip of which we analysed he noise and leakage characteristics.
Finally, the sound evaluation of physical security remains an important challenge. Major steps have been obtained in order to enable strict bounds for the information leakage of an implementation (and several other results to pinpoint limitations in other approaches).
In the second part of the project, these four directions have been further extended in order to confirm the general feasibility of the “security without obscurity” vision that the project put forward, and combined into solutions that best combine protection levels at different abstraction levels.
Among the many results obtained, we would like the mention the few following ones.
More on the mathematical side, we compared and improved the efficiency of leakage-resistant modes of operation (e.g. with the Triplex mode or efforts towards avoiding idealized assumptions that are not verifiable/falsifiable). We made significant improvements towards improving the tightness of masking security proofs in the random probing and noisy leakage model, up to the point where they can directly be combined with practical evaluation tools. We also proposed a first model for the analysis of combined (side-channel and fault) attacks. We finally made significant progress towards masked gadgets that are composable and resistant against physical defaults.
On the physical aspect, a very innovative part of the project was the work on “hard physical learning problems” that mimic the well-known “hard learning problems” used in cryptography with physical functions. This can be used as a provocative way to implement primitives relying on hard learning problems, as formalized by the Learning Parity with Physical Noise (LPPN) assumption or the Learning with Physical Errors (LWPE) one. As an important contribution in this direction, we succeeded in reducing a broad class of physical problems to the standard (LPN) assumption. An even more promising direction is the introduction of the Learning with Physical Rounding (LWPR) problem, which can serve as a basis for strong re-keying schemes and was latterly found to have potential applications in post-quantum cryptography.
Finally, from the evaluation viewpoint, we developed new information theoretic bounds that can capture the profiling complexity of a side-channel attack and tools aimed to bound worst-case security level. We also tackled the evaluation of challenging targets (e.g. breaking 32-bit masked software implementations of the AES) and developed statistical tools such as the regression-based linear discriminant analysis that allows modelling the leakage of such implementations without artificially introducing algorithmic noise caused by small models.
We believe the combination of these results demonstrates the feasibility of developing cryptographic implementations of which the physical security depends on sound and reproducible principles rather than on closed-source heuristics. It turns out they also opened new research avenues since some of these results were found to have great potential for application in post-quantum cryptography. This has led to the submission of an ERC Advanced Grant which was awarded to the PI.
The project stimulated progress both on the theory and practice of side-channel resistant implementations. It went up to demonstrating that open source implementations that only leverage well understood security mechanisms can actually resist all known side-channel attacks at affordable cost. From the academic viewpoint, the quality and impact of these results is easily confirmed by their publications in the most prestigious venues of our field. The project researchers had in particular a strong presence in the main IACR venues (Eurocrypt, Crypto, Asiacrypt) and at the Cryptography Hardware and Embedded Systems (CHES) conference. Among the most impactful results, we can mention the works on modes of operation, that contributed to the identification of Ascon as a nice lightweight cryptography standard, or the work on masking in the presence of physical defaults (with trivial composition) that has been the basis of many follow up works, by the PI but also other teams. Overall, we believe a vast majority of the project goals have been reached and triggered important new research directions.