مقدمه‌ای بر مقاوم‌سازی الگوریتم‌های رمزنگاری در برابر حملات کانال جانبی با استفاده از روش پیاده‌سازی آستانه‌ای

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشکده فناوری اطلاعات و ارتباطات، مرکز علم و فناوری فتح

2 دانشگاه جامع امام حسین ع - دانشکده فناوری اطلاعات و ارتباطات - مرکز علم و فناوری فتح

چکیده

برای تأمین امنیت اطلاعات و ارتباطات لازم است تا یک الگوریتم رمزنگاری به‌صورت نرم‌افزاری یا سخت‌افزاری پیاده‌سازی و به‌کار گرفته شود. در سال 1996 کوچر، حملاتی روی سامانه‌های رمزنگاری مطرح کرد که در آن‌ها از نشت اطلاعات مربوط به پیاده‌سازی الگوریتم­های رمز استفاده می­شد. از این نوع حملات که با نام حملات کانال جانبی شناخته شده­اند، می­توان به حمله تحلیل توان اشاره کرد. برای مقابله با حملات کانال جانبی، روش­های مقاوم­سازی مانند نقاب‌گذاری یا نهان کردن ارائه شد ولی بعدها نشان داده شد که این نوع روش­ها در حضور گلیچ اثربخشی لازم را ندارند. جهت برطرف کردن این مشکل و مقاوم‌سازی سامانه‌های رمزنگاری در برابر حملات کانال جانبی، حتی در حضور گلیچ، روش پیاده‌سازی آستانه­ای در سال 2006 توسط نیکووا و همکاران ارائه شد. این‌روش کاربردی از سه مبحث رمزنگاری آستانه‌ای، سهم نهان و محاسبه چندجانبه تشکیل شده ‌است. در واقع خود این‌روش هم نوعی مقاوم‌سازی به روش نقاب‌گذاری است که شرط‌هایی اضافه برای تأمین امنیت در حضور گلیچ دارد. در سال­های اخیر موسسه استانداردسازی NIST  فعالیت­هایی در حوزه پیاده‌سازی آستانه­ای شروع کرده است که یکی از اهداف آن‌ها، تدوین یک استاندارد در این زمینه است. این موضوع باعث شده است تا در حال حاضر رمزنگاران موضوع پیاده‌سازی آستانه­ای را به‌عنوان یک موضوع مهم در نظر بگیرند. در این مقاله روش رمزنگاری آستانه­ای به‌عنوان یک روش جهت مقاوم­سازی سامانه‌های رمزنگاری در برابر حملات کانال جانبی توصیف و به نکات برتری و چالش­های آن در مقایسه با روش­های مقاوم­سازی قبلی مانند نقاب­گذاری اشاره می­شود.

کلیدواژه‌ها


عنوان مقاله [English]

An Introduction to Enhance the Security of Cryptographic Algorithms against Side Channel Attacks Using the Threshold Implementation Approach

نویسندگان [English]

  • Javad Alizadeh 1
  • Hamaid Ghanbari 2
2 Fath Center, Faculty and Research Center of Communication and Information Technology, Imam Hossein University, Tehran, Iran
چکیده [English]

In order to establish the information security, we need to implement a cryptography algorithm in the software or hardware. In 1996, Kocher presented the Side Channel Attacks (SCA) on the cryptography systems in which the leakage of some important information was used. Power analysis is one of these attacks. In order to prevent this kind of attacks, the designers and implementers presented some countermeasures such as hiding and masking. Afterwards, attackers showed that these countermeasures, especially masking, could not reach the security goals in the presence of Glitch. To resolve this challenge Nikova et al. presented the threshold implementation method in 2006. They used three subjects, threshold cryptography, hidden share, and multi-party computation in their new countermeasure. In fact, the threshold implementation is a kind of masking with some extra features to establish the information security in the presence of Glitch. In the recent years, National Institute of Standards and Technology (NIST) has started some activities in the field threshold implementation. Standardization in this field is the main goal of NIST. In this paper we introduce the threshold implantation method as a countermeasure against side channel attacks and review its challenges and advantages comparing the previous countermeasures.

کلیدواژه‌ها [English]

  • Side Channel Attacks
  • Power Analysis
  • Threshold Implementation
 [1]  W. Cheng, Y. Zhou, and L. Sauvage, “Differential fault analysis on Midori,” in International Conference on Information and Communications Security, Springer, pp. 307-317, 2016.##
[2]   P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Annual international cryptology conference, Springer, pp. 388-397, 1999.##
[3]   E. Prouff and M. Rivain, “Masking against          side-channel attacks: A formal security proof,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 142-159, 2013.##
[4]   S. Mangard, E. Oswald, and T. Popp, “Power analysis attacks: Revealing the secrets of smart cards,” Springer Science & Business Media, 2008.##
[5]   S. Nikova, C. Rechberger, and V. Rijmen, “Threshold implementations against side-channel attacks and glitches,” in International conference on information and communications security, Springer, pp. 529-545, 2006.##
[6]   D. Boneh, R. A. DeMillo, and R. J. Lipton, “On the importance of checking cryptographic protocols for faults,” in International conference on the theory and applications of cryptographic techniques, Springer, pp. 37-51, 1997.##
[7]   G.-F. Piret, “Block ciphers: security proofs, cryptanalysis, design, and fault attacks,” Catholic University of Louvain, Louvain-la-Neuve, Belgium, 2005.##
[8]   J. Arlat, “Validation de la sûreté de fonctionnement par injection de fautes: méthode, mise en oeuvre, application,” Toulouse, INPT, 1990.##
[9]   S. A. T. Nezhad, “Keeloq block cipher power analysis,” Master, Shahid Sattari, 1393.##
[10] P. C. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Annual International Cryptology Conference, Springer, pp. 104-113, 1996.##
[11] A. Z. Torbati, “Practical implementation of combined power-error analysis attack against AES cryptography system  on PIC microcontroller,” Master, Shahid Sattari, 1392.##
[12] P. Chodowiec and K. Gaj, “Very compact FPGA implementation of the AES algorithm,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 319-333, 2003.##
[13] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” in International workshop on cryptographic hardware and embedded systems, Springer, pp. 251-261, 2001.##
[14] S. Mangard, T. Popp, and B. M. Gammel,  “Side-channel leakage of masked CMOS gates,” in Cryptographers’ Track at the RSA Conference, Springer, pp. 351-365, 2005.##
[15] G. R. Blakley, “Safeguarding cryptographic keys,” in 1979 International Workshop on Managing Requirements Knowledge (MARK), IEEE, pp.       313-318, 1979.##
[16] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.##
[17] Y. Desmedt, “Some recent research aspects of threshold cryptography,” in International Workshop on Information Security, Springer, pp. 158-173, 1997.##
[18] A. C. Yao, “Protocols for secure computations,” in 23rd annual symposium on foundations of computer science (sfcs 1982), IEEE, pp. 160-164, 1982.##
[19] R. S. Ali Noori Khamnaeh and H. Soleymani “Provide an optimal masking for the implementation without delay of AES S-box,” Presented at the ISCISC 2020, Tehran, Iran University of Science and Technology, 1399. [Online]. Available: https://civilica.com/doc/1120276/.##
[20] A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang, “Pushing the limits: A very compact and a threshold implementation of AES,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 69-88, 2011.##
[21] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “A more efficient AES threshold implementation,” in International Conference on Cryptology in Africa, Springer, pp. 267-284, 2014.##
[22] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Trade-offs for threshold implementations illustrated on AES,” IEEE Transactions on  Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 7, pp. 1188-1200, 2015.##
[23] O. Reparaz, B. Bilgin, S. Nikova, B. Gierlichs, and I. Verbauwhede, “Consolidating masking schemes,” in Annual Cryptology Conference, Springer, pp.       764-783, 2015.##
[24] T. De Cnudde, O. Reparaz, B. Bilgin, S. Nikova, V. Nikov, and V. Rijmen, “Masking AES with $$ d+ 1$$ shares in hardware,” in International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 194-212, 2016.##
[25] T. Moos, A. Moradi, T. Schneider, and F.-X. Standaert, “Glitch-resistant masking revisited,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 256-292, 2019.##
[26] R. Ueno, N. Homma, and T. Aoki, “Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation,” in International Workshop on Constructive Side-Channel Analysis and Secure Design, Springer, pp. 50-64, 2017.##
[27] A. Ghoshal and T. De Cnudde, “Several masked implementations of the boyar-peralta AES s-box,” in International Conference on Cryptology in India, Springer, pp. 384-402, 2017.##
[28] F. Wegener and A. Moradi, “Yet Another Size Record for AES: A First-Order SCA Secure AES     S-Box Based on $$mathrm {GF}(2^ 8) $$ Multiplication,” in International Conference on Smart Card Research and Advanced Applications, Springer, pp. 111-124, 2018.##
[29] J. Daemen, “Changing of the guards: A simple and efficient method for achieving uniformity in threshold sharing,” in International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 137-153, 2017.##
[30] F. Wegener and A. Moradi, “A first-order SCA resistant AES without fresh randomness,” in International Workshop on Constructive Side-Channel Analysis and Secure Design, Springer, pp. 245-262, 2018.##
[31] H. Groß, R. Iusupov, and R. Bloem, “Generic       low-latency masking in hardware,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 1-21, 2018.##
[32] P. Sasdrich, B. Bilgin, M. Hutter, and M. E. Marson, “Low-latency hardware masking with application to aes,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 300-326, 2020.##
[33] A. J. Leiserson, M. E. Marson, and M. A. Wachs, “Gate-level masking under a path-based leakage metric,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp.   580-597, 2014.##
[34] T. De Cnudde, B. Bilgin, O. Reparaz, and S. Nikova, “Higher-order glitch resistant implementation of the PRESENT S-box,” in International Conference on Cryptography and Information Security in the Balkans, Springer, pp. 75-93, 2014.##
[35] L. T. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography,” National Institute of Standards and Technology, 2018.##
[36] A. Moradi and T. Schneider, “Side-channel analysis protection and low-latency in action,” in International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp. 517-547, 2016.##
[37] J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 231-237, 2000.##
[38] L. Goubin, “A sound method for switching between boolean and arithmetic masking,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 3-15, 2001.##
[39] M.-L. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 309-318, 2001.##
[40] T. De Cnudde, B. Bilgin, O. Reparaz, V. Nikov, and S. Nikova, “Higher-order threshold implementation of the AES S-box,” in International conference on smart card research and advanced applications, Springer, pp. 259-272, 2015.##
[41] A. Aghaie, A. Moradi, S. Rasoolzadeh, A. R. Shahmirzadi, F. Schellenberg, and T. Schneider, “Impeccable circuits,” IEEE Transactions on Computers, vol. 69, no. 3, pp. 361-376, 2019.##
[42] B. Bilgin, “Threshold implementations: as countermeasure against higher-order differential power analysis,” 2015.##
[43] C. De Canniere, O. Dunkelman, and M. Knežević, “KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 272-288, 2009.##
 [44]  E. Prouff and T. Roche, “Higher-order glitches free implementation of the AES using secure multi-party computation protocols,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 63-78, 2011.##