14 research outputs found
Orthogonal Direct Sum Masking: A Smartcard Friendly Computation Paradigm in a Code, with Builtin Protection against Side-Channel and Fault Attacks
Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks.
Those include side-channel and fault injection attacks.
We introduce ODSM, Orthogonal Direct Sum Masking, a new computation paradigm that achieves protection against those two kinds of attacks.
A large vector space is structured as two supplementary orthogonal subspaces.
One subspace (called a code ) is used for the functional computation,
while the second subspace carries random numbers.
As the random numbers are entangled with the sensitive data, ODSM ensures a protection against (monovariate) side-channel attacks.
The random numbers can be checked either occasionally, or globally, thereby ensuring a fine or coarse detection capability.
The security level can be formally detailed:
it is proved that monovariate side-channel attacks of order up to , where is the minimal distance of , are impossible,
and that any fault of Hamming weight strictly less than is detected.
A complete instantiation of ODSM is given for AES.
In this case, all monovariate side-channel attacks of order strictly less than are impossible,
and all fault injections perturbing strictly less than bits are detected
Linear Complementary Pair Of Group Codes over Finite Chain Rings
Linear complementary dual (LCD) codes and linear complementary pair (LCP) of
codes over finite fields have been intensively studied recently due to their
applications in cryptography, in the context of side-channel and fault
injection attacks. The security parameter for an LCP of codes is
defined as the minimum of the minimum distances and . It has
been recently shown that if and are both 2-sided group codes over a
finite field, then and are permutation equivalent. Hence the
security parameter for an LCP of 2-sided group codes is simply .
We extend this result to 2-sided group codes over finite chain rings
New binary and ternary LCD codes
LCD codes are linear codes with important cryptographic applications.
Recently, a method has been presented to transform any linear code into an LCD
code with the same parameters when it is supported on a finite field with
cardinality larger than 3. Hence, the study of LCD codes is mainly open for
binary and ternary fields. Subfield-subcodes of -affine variety codes are a
generalization of BCH codes which have been successfully used for constructing
good quantum codes. We describe binary and ternary LCD codes constructed as
subfield-subcodes of -affine variety codes and provide some new and good LCD
codes coming from this construction
Quasi-linear Masking to Protect Kyber against both SCA and FIA
The recent technological advances in Post-Quantum Cryptography (PQC) rise the questions of robust implementations of new asymmetric cryptographic primitives in today’s technology. This is the case for the lattice-based CRYSTALS-Kyber algorithm which has been selected as the first NIST standard for Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM). We have notably to make sure the Kyber implementation is resilient against physical attacks like Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA). To reach this goal, we propose to use the masking countermeasure, more precisely the generic Direct Sum Masking method (DSM). By taking inspiration of a previous paper on AES, we extend the method to finite fields of characteristic prime other than 2 and even-length codes. In particular, we investigated its
application to Keccak, which is the hash-based function used in Kyber. We also provided the first masked implementation of Kyber providing both SCA and FIA resilience while not requiring any conversion between different masking methods
Complementary Dual Codes for Counter-measures to Side-Channel Attacks
We recall why linear codes with complementary duals (LCD codes) play a role in counter-measures to passive and active side-channel analyses on embedded cryptosystems. The rate and the minimum distance of such LCD codes must be as large as possible. We investigate primary constructions of such codes, in particular with cyclic codes, specifically with generalized residue codes, and we study their idempotents. We study those secondary constructions which preserve the LCD property, and we characterize conditions under which codes obtained by puncturing, shortening or extending codes, or obtained by the Plotkin sum, can be LCD