IMPROVING SIDE-CHANNEL ATTACKS AGAINST PAIRING- …€¦ · Improving Side-channel Attacks against...

CONFERENCE FRANCE CYBER JAPAN

DAMIEN JAUVART CEA – UVSQ

JACQUES FOURNIER CEA

NADIA EL MRABET EMSE

LOUIS GOUBIN UVSQ

IMPROVING SIDE-CHANNEL ATTACKS AGAINST PAIRING-BASED CRYPTOGRAPHY

Improving Side-channel Attacks against Pairing-based cryptography

Application areas !   Cryptographic algorithms based on pairings allow new security schemes

• Identity Based Encryption (IBE) !New public key infrastructure easier to manage in presence of billion of connected objects • Anonymity scheme (protect private life of users)

Context !   Pairing algorithms can be executed in hostile environment involving secret data

Aims !   Study the weakness of pairings implementation against side-channel attacks

INTRODUCTION

| PAGE 2


!   We are interested in showing the feasibility of practical attacks

INTRODUCTION

| PAGE 3

a

PBC

AES 1997

2001

2001

Standard

2001

IBE,OneRoundTripartite

2013

FaultAttack

2014

CPA

DES 1977

Standard

1996

TimingAttack

1973

RSA 1983

Patent

1995

TimingAttack

1997

FaultAttack

1997

DFA

1977 2012

HorizontalCPA

ECC 1985 1999

DPA

1999

DPA

2000

DFA

2002

SPA

2002

TimingAttack

2004

ECCdeployment

2004

CPAHighOrderCollision

…


!   Attack strategy against pairing

!   Characterizing the side-channel leakages

!   Attack improvements

!   Countermeasures

SUMMARY

| PAGE 4


Targeted pairing

!   Twisted Ate pairing over Barreto-Naehrig curves !   BN curves: 𝐸 :𝑦↑2 = 𝑥↑3 +𝑏 and 𝑡 the Frobenius trace of 𝐸

!   Ate pairing:

ATTACK STRATEGY AGAINST PAIRING

| PAGE 5


Targeted pairing !   Concretely we target a software implementation of the following Miller algorithm

implemented on an ARM-Cortex M3 with 𝑃 secret and a known point 𝑄 !   The modular arithmetic is based on Modular Montgomery Multiplication


| PAGE 6


!   We are interested in operation between 𝑇 (data derived form 𝑃) and 𝑄 !  The tangent line equation 𝑙↓𝑇,𝑇 (𝑄) :

!  In mixed affine-Jacobian coordinates

!   CPA against the modular multiplication between long integers (256 bits) !  The 256bits integers are manipulated by words of 32 bits !  The Montgomery multiplication involves word multiplication 𝑥×𝑘

- UMULL assembly instruction ! Classical CPA over 32 bits !  The 32 bits are divided in Bytes : partial correlations


| PAGE 7


Leakage model !   1st sub-attack: targeted the 8 least significant bits

!  CPA: -  Input: 𝐶↑(𝑙) , the 𝑁 leakages associated to the operation 𝑥↑(𝑙) ×𝑘

"  Where the 𝑥↑(𝑙)  are known and 𝑘 the secret sub-key - Computation of hypothetical intermediate values for each known 𝑥 and all sub-

keys 𝑘

-  If the intermediate value is correct then the trace coincides with the leakage model of this value … detected with peak in correlation

CHARACTERIZING THE SIDE-CHANNEL LEAKAGES

| PAGE 8

For 𝑙=1 to 𝑁 // plaintext enumeration // plaintext enumeration For 𝑘=0 to 2↑𝑛 −1 // key enumeration

𝐻(𝑙,𝑘)=𝜙( 𝑥↑(𝑙) ∗𝑘) // hypothetical intermediate values


Leakage model and detection of points of interest !   Choosing leakage models

!  When the hypothetical intermediate is computed !  This manipulated data must correspond to the power measurement

!  Taking Hamming Weight of such bits ! !  Detecting specific points of interest in the entire power traces !  An example: T-Test !  (secret key is required for the test)


| PAGE 9


Key extraction

!  Selection of sub-keys candidates - We store the best 𝛼 sub-keys

!  We repeat this method against the other bytes of the secret


| PAGE 10

Correct sub-key hypothesis


!   𝛼−parameter effect on the attack success

!   Attack success is improved with greater 𝛼 !   But the computation resources also grow

ATTACK IMPROVEMENT

| PAGE 11


!   The attack is improved in 3 axes : !  Number of required traces !  Time execution !  Memory

!   => Our attack is more dangerous !   Resources comparison with the state of the art attack

ATTACK IMPROVEMENT

| PAGE 12

State of the art [1] Our method

(𝜶=𝟔𝟒)

Mean number of required traces 1500 150

Time (sub-keys enumeration) ≈2↑19  ≈2↑16  Memory (sub-keys storage) ≈2↑18  ≈2↑14 

1. Unterluggauer and Wenger. Practical Attack on Bilinear Pairing to Disclose the Secrets of Embedded Devices. 2014


Now, attacking complete pairing

!   Complete attack against the Montgomery Modular Multiplication !  2 critical operations:

- 𝑥 ×𝑘 (already dealt) - 𝑥 ×𝑘+𝑦 (same study: leakage models, point of interest, SOST, …)

!   Complete attack against pairing

!  Same attack scheme as previous - More data to analysis (power measurements are longer)

ATTACK IMPROVEMENT

| PAGE 13


Different levels of countermeasures

!   Input randomization !  Multiplicative mask: 𝑒([𝑎]𝑃,[𝑏]𝑄)↑1⁄𝑎𝑏  =𝑒(𝑃,𝑄), with random 𝑎 and 𝑏

- Very large overhead - Scalar multiplications are threatened by horizontal attacks [2]

!  Additive mask: 𝑒(𝑃,𝑄+𝑅)𝑒(𝑃,𝑅)↑−1 =𝑒(𝑃,𝑄) with random 𝑄 - Large overhead

COUNTERMEASURES

| PAGE 14

2. Perin et al. Vertical and Horizontal Correlation Attacks on RNS-Based Exponentiations. 2015


Different levels of countermeasures

!   Randomization of the intermediate variables

!  Multiplication of tangent and line equation by a random λ∈ 𝔽↓𝑞 ↑∗  - 𝑓←𝑓↑2 ∙𝝀∙ 𝑙↓𝑇,𝑇 (𝑄) and 𝑓←𝑓∙𝝀∙ 𝑙↓𝑇,𝑃 (𝑄) - The final exponentiation removes this effect

"  λ↑𝑞↑12 −1/𝑟  =1!  Randomization of projective or Jacobian coordinates

- Temporary value 𝑇 in Miller is initially randomized "  𝑇←( 𝑥↓𝑃 λ↑2 :𝑦↓𝑃 λ↑3 :λ) "  Sensitive to fault injection attack [3]

COUNTERMEASURES

| PAGE 15

3. El Mrabet et al. A survey of Fault Attacks in Pairing Based Cryptography. 2014


Thorough study of leakage models !   Two leakages models are submitted to comparison

!  Targeting a specific operation (32bit multiplier) allows to extend attack several modular multiplication

Attacks on real environment !   We implemented a new attack with original selection of candidates

!  Results: the partial correlations are improved Choosing the sub-keys candidates

!   The 𝛼−parameter might be chosen adaptively and not fixed !  Selected by studying the repartition of the best correlations

Investigation about countermeasures

!   As in the input randomization with scalar multiplication, the other methods may also be threatened

CONCLUSION AND PERSPECTIVES

| PAGE 16

Commissariat à l’énergie atomique et aux énergies alternatives Damien Jauvart | DRT / CEA Tech / DPACA

Etablissement public à caractère industriel et commercial | RCS Paris B 775 685 019

France Cyber Japan 2016

THANK YOU FOR LISTENING

IMPROVING SIDE-CHANNEL ATTACKS AGAINST PAIRING- …€¦ · Improving Side-channel Attacks against...

Documents

Transcript of IMPROVING SIDE-CHANNEL ATTACKS AGAINST PAIRING- …€¦ · Improving Side-channel Attacks against...