Cooperação e diplomacia hídrica: A contribuição das águas compartilhadas para a cooperação regional

A água tem papel vital para a vida humana e múltiplos usos. Sua ocorrência não se limita às fronteiras políticas dos países, o que leva ao fato de que quase metade da superfície terrestre é abarcada por águas transfronteiriças na forma de rios, lagos e águas subterrâneas. Dado seu caráter transfronteiriço, a gestão, o planejamento e o compartilhamento são desafios complexos para as nações ribeirinhas. Tensões sociais, econômicas e políticas emergem facilmente neste cenário, que abrange questões de qualidade, quantidade e alocação dos recursos hídricos, e mostram que as discussões relacionadas à água são intrinsecamente políticas por natureza. Também mostram que a cooperação e o conflito hídrico coexistem em um continuum nessas relações. Levando em consideração o aumento da demanda por água, argumenta-se que é preciso que haja arranjos cooperativos entre os países ribeirinhos para garantir a sustentabilidade, resiliência e uso equânime das águas compartilhadas. Visando prevenir conflitos, administrar tensões e promover o desenvolvimento sustentável das águas transfronteiriças, defende-se a difusão da cooperação hídrica transfronteiriça e a diplomacia da água para as regiões abarcadas por bacias, rios, lagos ou águas subterrâneas transfronteiriças. Por meio de uma abordagem multidisciplinar e utilizando-se de conceitos das relações internacionais, ciência política, direito e geografia, esse artigo fornecerá uma compreensão teórica acerca da cooperação hídrica transfronteiriça e da diplomacia da água. Objetiva-se contribuir para o estabelecimento, desenvolvimento e avanço de arranjos cooperativos mais justos, fortes, inclusivos, eficazes e eficientes para as águas transfronteiriças

Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison

In this paper, we optimize the performances and compare several recent masking schemes in bitslice on 32-bit arm devices, with a focus on multiplication. Our main conclusion is that efficiency (or randomness) gains always come at a cost, either in terms of composability or in terms of resistance against horizontal attacks. Our evaluations should therefore allow a designer to select a masking scheme based on implementation constraints and security requirements. They also highlight the increasing feasibility of (very) high-order masking that are offered by increasingly powerful embedded devices, with new opportunities of high-security devices in various contexts

Tornado: Automatic Generation of Probing-Secure Masked Bitsliced Implementations

International audienceCryptographic implementations deployed in real world devices often aim at (provable) security against the powerful class of side-channel attacks while keeping reasonable performances. Last year at Asiacrypt, a new formal verification tool named tightPROVE was put forward to exactly determine whether a masked implementation is secure in the well-deployed probing security model for any given security order t. Also recently, a compiler named Usuba was proposed to automatically generate bitsliced implementations of cryptographic primitives.This paper goes one step further in the security and performances achievements with a new automatic tool named Tornado. In a nutshell, from the high-level description of a cryptographic primitive, Tornado produces a functionally equivalent bitsliced masked implementation at any desired order proven secure in the probing model, but additionally in the so-called register probing model which much better fits the reality of software implementations. This framework is obtained by the integration of Usuba with tightPROVE+, which extends tightPROVE with the ability to verify the security of implementations in the register probing model and to fix them with inserting refresh gadgets at carefully chosen locations accordingly.We demonstrate Tornado on the lightweight cryptographic primitives selected to the second round of the NIST competition and which somehow claimed to be masking friendly. It advantageously displays performances of the resulting masked implementations for several masking orders and prove their security in the register probing model

Random Probing Security: Verification, Composition, Expansion and New Constructions

International audienceThe masking countermeasure is among the most powerful countermeasures to counteract side-channel attacks. Leakage models have been exhibited to theoretically reason on the security of such masked implementations. So far, the most widely used leakage model is the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003). While it is advantageously convenient for security proofs, it does not capture an adversary exploiting full leakage traces as, e.g., in horizontal attacks. Those attacks target the multiple manipulations of the same share to reduce noise and recover the corresponding value. To capture a wider class of attacks another model was introduced and is referred to as the random probing model. From a leakage parameter p, each wire of the circuit leaks its value with probability p. While this model much better reflects the physical reality of side channels, it requires more complex security proofs and does not yet come with practical constructions. In this paper, we define the first framework dedicated to the random probing model. We provide an automatic tool, called VRAPS, to quantify the random probing security of a circuit from its leakage probability. We also formalize a composition property for secure random probing gadgets and exhibit its relation to the strong non-interference (SNI) notion used in the context of probing security. We then revisit the expansion idea proposed by Ananth, Ishai, and Sahai (CRYPTO 2018) and introduce a compiler that builds a random probing secure circuit from small base gadgets achieving a random probing expandability property. We instantiate this compiler with small gadgets for which we verify the expected properties directly from our automatic tool. Our construction can tolerate a leakage probability up to 2 −8 , against 2 −25 for the previous construction, with a better asymptotic complexity