6,183 research outputs found
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
A new class of codes for Boolean masking of cryptographic computations
We introduce a new class of rate one-half binary codes: {\bf complementary
information set codes.} A binary linear code of length and dimension
is called a complementary information set code (CIS code for short) if it has
two disjoint information sets. This class of codes contains self-dual codes as
a subclass. It is connected to graph correlation immune Boolean functions of
use in the security of hardware implementations of cryptographic primitives.
Such codes permit to improve the cost of masking cryptographic algorithms
against side channel attacks. In this paper we investigate this new class of
codes: we give optimal or best known CIS codes of length We derive
general constructions based on cyclic codes and on double circulant codes. We
derive a Varshamov-Gilbert bound for long CIS codes, and show that they can all
be classified in small lengths by the building up construction. Some
nonlinear permutations are constructed by using -codes, based on the
notion of dual distance of an unrestricted code.Comment: 19 pages. IEEE Trans. on Information Theory, to appea
Higher-order CIS codes
We introduce {\bf complementary information set codes} of higher-order. A
binary linear code of length and dimension is called a complementary
information set code of order (-CIS code for short) if it has
pairwise disjoint information sets. The duals of such codes permit to reduce
the cost of masking cryptographic algorithms against side-channel attacks. As
in the case of codes for error correction, given the length and the dimension
of a -CIS code, we look for the highest possible minimum distance. In this
paper, this new class of codes is investigated. The existence of good long CIS
codes of order is derived by a counting argument. General constructions
based on cyclic and quasi-cyclic codes and on the building up construction are
given. A formula similar to a mass formula is given. A classification of 3-CIS
codes of length is given. Nonlinear codes better than linear codes are
derived by taking binary images of -codes. A general algorithm based on
Edmonds' basis packing algorithm from matroid theory is developed with the
following property: given a binary linear code of rate it either provides
disjoint information sets or proves that the code is not -CIS. Using
this algorithm, all optimal or best known codes where and are shown to be -CIS for all
such and , except for with and with .Comment: 13 pages; 1 figur
- …