ABSTRACT
We study the security of a block cipher-based pseudorandom number generator (PRNG), both in the black box world and in the physical world, separately. We first show that the construction is a secure PRNG in the ideal cipher model. Then, we demonstrate its security against a Bayesian side-channel key recovery adversary. As a main result, we show that our construction guarantees that the success rate of the adversary does not increase with the number of physical observations, but in a limited and controlled way. Besides, we observe that, under common assumptions on side-channel attack strategies, increasing the security parameter (typically the block cipher key size) by a polynomial factor involves an increase of a side-channel attack complexity by an exponential factor, making the probability of a successful attack negligible. We believe this work provides a first interesting example of the way the algorithmic design of a cryptographic scheme influences its side-channel resistance.
- M. Abdalla, M. Bellare, Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-Keying Techniques, in the proceedings of Asiacrypt 2000, Lecture Notes in Computer Science, vol 1976, pp 546--559, Kyoto, Japan, December 2000. Google ScholarDigital Library
- M. Bellare, J. Kilian, P. Rogaway, The Security of the CBC Message Authentication Code, Journal of Computer Systems, vol 61, num 3, pp 362--399, 2000. Google ScholarDigital Library
- M. Bellare, T. Kohno, A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and applications, in the proceedings of Eurocrypt 2003, Lecture Notes in Computer Science, vol 5656, pp 491--506, Warsaw, Poland, May 2003. Google ScholarDigital Library
- J. Black, P. Rogaway, T. Shrimpton, Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV, in the proceedings of Crypto 2002, Lecture Notes in Computer Science, vol 2442, pp 320--335, Santa Barbare, USA, August 2002. Google ScholarDigital Library
- S. Chari, J. Rao, P. Rohatgi, Template Attacks, in the proceedings of CHES 2002, Lecture Notes in Computer Science, vol 2523, pp 13--28, Redwood City, CA, USA, August 2002. Google ScholarDigital Library
- FIPS 197, "Advanced Encryption Standard," Federal Information Processing Standard, NIST, U.S. Dept. of Commerce, November 26, 2001.Google Scholar
- O. Goldreich, Foundations of Cryptography, vol 1, Cambridge U. Press, 2001. Google ScholarDigital Library
- L. Goubin, J. Patarin, DES and Differential Power Analysis, in the proceedings of CHES 1999, Lecture Notes in Computer Science, vol 1717, pp 158--172, Worcester, MA, USA, August 1999. Google ScholarDigital Library
- B. Köpf, D. Basin, An Information-Theoretic Model for Adaptive Side-Channel Attacks, to appear in the proceedings of ACM CCS 2007. Google ScholarDigital Library
- M. Luby, C. Rackoff, How to Construct Pseudorandom Permutations from Pseudorandom Functions, SIAM Journal of Computing, vol 17, num 2, pp 373--386, 1988. Google ScholarDigital Library
- P. Kocher, Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks, in the proceedings of the NIST Physical Security Workshop, Honolulu, Hawai, September 2005.Google Scholar
- P. Kocher, Leak Resistant Cryptographic Indexed Key Update, US Patent 6539092.Google Scholar
- S. Mangard, Hardware Countermeasures against DPA - A Statistical Analysis of Their Effectiveness, in the proceedings of CT-RSA 2004, Lecture Notes in Computer Science, vol 2964, pp 222--235, San Francisco, CA, USA, February 2004.Google Scholar
- S. Micali, L. Reyzin, Physically Observable Cryptography, in the proceedings of TCC 2004, LNCS, vol 2951, pp. 278--296, Cambridge, Massachusetts, USA, February 2004.Google Scholar
- C. E. Shannon, Communication theory of secrecy systems, in Bell Systems Technical Journal, vol 28, num 4, pp 656--715, 1949.Google ScholarCross Ref
- F.-X. Standaert, T. G. Malkin, M. Yung, A Formal Practice-Oriented Model for the Analysis of Side-Channel Attacks, Version 2.0, Cryptology ePrint Archive, Report 2006/139, 2006.Google Scholar
- F.-X. Standaert, E. Peeters, C. Archambeau, J.-J. Quisquater, Towards Security Limits in Side-Channel Attacks, in the proceedings of CHES 2006, Lecture Notes in Computer Science, vol 4249, pp. 30--45, Yokohama, Japan, October 2006. Google ScholarDigital Library
- K. Tiri, M. Akmal, I. Verbauwhede, A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards, ESSCIRC 2003.Google Scholar
- A. C. Yao, Theory and Applications of Trapdoor Functions (Extended Abstract), in the proceedings of FOCS 1982, pp. 80--91.Google Scholar
Recommendations
Amplifying side-channel attacks with techniques from block cipher cryptanalysis
CARDIS'06: Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced ApplicationsWe introduce the notion of amplified side-channel attacks, i.e. the application of block cipher cryptanalysis techniques to amplify effects exploitable by side-channel attacks. Such an approach is advantageous since it fully exploits the special ...
On side-channel resistant block cipher usage
ISC'10: Proceedings of the 13th international conference on Information securityBased on re-keying techniques by Abdalla, Bellare, and Borst, we consider two black-box secure block cipher based symmetric encryption schemes, which we prove secure in the physically observable cryptography model. They are proven side-channel secure ...
Comments