Embedded Cryptography 2

Emmanuel Prouff is a researcher in Applied Cryptography and Embedded Security. He has worked as an expert for ANSSI, France, as well as for major security companies such as IDEMIA and SAFRAN, both to develop secure implementations against physical attacks.Guénaël Renault is Deputy Head of the Hardware Security Lab at ANSSI, France. His research interests include cryptography, algebraic (symbolic) computation and computational number theory.Mattieu Rivain is a researcher and entrepreneur in Cryptography, currently working as CEO at CryptoExperts, France. His research interests include provable security against side-channel attacks, white-box cryptography, zero-knowledge proofs and post-quantum signatures.Colin O'Flynn is Assistant Professor in Embedded Hardware Security at Dalhousie University, Canada. His interests include embedded hardware security, PCB design and prototype construction.

• Preface xiiiEmmanuel PROUFF, Guénaël RENAULT, Matthieu RIVAIN and Colin O’FLYNNPart 1 Masking 1Chapter 1 Introduction to Masking 3Ange MARTINELLI and Mélissa ROSSI1.1. An overview of masking 31.2. The effect of masking on side-channel leakage 41.3. Different types of masking 51.4. Code-based masking: toward a generic framework 81.5. Hybrid masking 101.6. Examples of specific maskings 111.7. Outline of the part 121.8. Notes and further references 131.9. References 13Chapter 2 Masking Schemes 15Jean-Sébastien CORON and Rina ZEITOUN2.1. Introduction to masking operations 152.2. Classical linear operations 152.3. Classical nonlinear operations 162.3.1 Application of ISW algorithm for n =2and n =3 172.4. Mask refreshing 182.4.1 Refresh masks with complexity O(n) 182.4.2 Refresh masks with complexity O(n 2) 182.4.3 Refresh masks with complexity O(n · log n) 192.5. Masking S-boxes 212.5.1. The Rivain–Prouff countermeasure for AES 212.5.2. Extension to any S-box 222.5.3. The randomized table countermeasure 232.5.4. Attacks 242.6. Masks conversions 272.6.1. First-order Boolean to arithmetic masking 272.6.2. Generalization to high order for Boolean to arithmetic masking 282.6.3. High order Boolean to arithmetic and arithmetic to Boolean masking 302.7. Notes and further references 352.8. References 37Chapter 3 Hardware Masking 39Begül BILGIN and Lauren DE MEYER3.1. Introduction 393.1.1. Glitches 403.1.2. Glitch-extended probes 413.1.3. Non-completeness 413.2. Category I: td +1masking 423.2.1. First-order security 433.2.2. Higher-order security 463.3. Category II: d +1masking 463.3.1. General construction 473.3.2. Security argument 483.3.3. Comparing to td +1masking 493.3.4. Higher-degree functions 503.4. Trade-offs 513.4.1. Minimizing area 523.4.2. Minimizing latency 523.4.3. Minimizing randomness 533.5. Notes and further references 533.6. References 55Chapter 4 Masking Security Proofs 59Sonia BELAÏD4.1. Introduction 594.2. Preliminaries 604.2.1. Circuits 604.2.2. Additive sharings and gadgets 614.2.3. Compilers 614.3. Probing model 624.3.1. Formal definition 624.3.2. Proofs for small gadgets 634.3.3. Simulation-based proofs 644.3.4. Limitations 664.4. Robust probing model 674.4.1. Formal definition 674.4.2. Proofs for small gadgets 684.4.3. Limitations 694.5. Random probing model and noisy leakage model 704.5.1. Formal definition of the noisy leakage model 704.5.2. Limitations 704.5.3. Reduction to the probing model 714.5.4. Formal definition of the random probing model 714.5.5. Proofs in the random probing model 724.5.6. Extension to handle physical defaults 734.6. Composition 744.6.1. Composition in the probing model 744.6.2. Composition in the random probing model 774.7. Conclusion 814.8. Notes and further references 814.9. References 81Chapter 5 Masking Verification 83Abdul Rahman TALEB5.1. Introduction 835.2. General procedure 845.3. Verify: verification mechanisms for a set of variables 875.3.1 Distribution-based Verify 875.3.2 Simulation-based Verify 905.4. Explore: exploration mechanisms for all sets of variables 975.4.1. Probing model 985.4.2. Random probing model 1025.4.3. Handling physical defaults 1075.5. Conclusion 1085.6. Notes and further references 1095.7. Solution to Exercise 5.1 1095.8. References 111Part 2 Cryptographic Implementations 113Chapter 6. Hardware Acceleration of Cryptographic Algorithms 115Lejla BATINA, Pedro Maat COSTA MASSOLINO and Nele MENTENS6.1. Introduction 1156.2. Hardware optimization of symmetric-key cryptography 1166.2.1. Hardware implementation of the AES S-box 1176.2.2. Composite field based implementation of the AES S-box 1176.3. Modular arithmetic for hardware implementations 1186.3.1. Montgomery’s arithmetic 1196.3.2. Barret reduction 1206.3.3. Implementations using residue number system 1226.4. RSA implementations 1236.4.1. Previous works on RSA implementations 1236.4.2. ECC implementations over prime fields 1246.5. Post-quantum cryptography 1256.6. Conclusion 1266.7. Notes and further references 1276.8. References 128Chapter 7 Constant-Time Implementations 133Thomas PORNIN7.1. What does constant-time mean? 1337.1.1. Timing attacks 1337.1.2. Applicability and importance 1347.1.3. Example: rejection sampling 1357.2. Low-level issues 1387.2.1. CPU execution pipeline 1387.2.2. Variable time instructions 1407.2.3. Memory and caches 1437.2.4. Jumps and jump prediction 1457.3. Primitive implementation techniques 1467.3.1. Compiler issues and Booleans 1467.3.2. Bitwise Boolean logic 1507.4. Constant-time algorithms 1637.4.1. Modular integers 1637.4.2. Modular exponentiation 1667.4.3. Modular inversion 1687.4.4. Elliptic curves 1717.5. References 175Chapter 8 Protected AES Implementations 177Franck RONDEPIERRE8.1. Generic countermeasures 1788.1.1. 1 among N 1788.1.2. Integrity 1798.2. Secure evaluation of the SubByte function 1808.2.1. S-box and inverse S-box 1818.2.2. Security 1828.2.3. Secure table lookup 1838.2.4 Evaluation in F 2 8 1848.2.5. Tower field 1878.2.6. Bitslice S-box 1888.2.7. How to select the S-box implementation 1898.3. Other functions of AES 1928.3.1. State 1928.3.2. ShiftRow 1928.3.3. MixColumn 1928.3.4. KeyScheduling 1938.3.5. AES inverse function 1948.3.6. Key generation 1948.3.7. Interface 1958.3.8. Bitsliced state example 1958.4. Notes and further references 1978.5. References 198Chapter 9 Protected RSA Implementations 201Mylène ROUSSELLET, Yannick TEGLIA and David VIGILANT9.1. Introduction 2019.1.1. The RSA cryptosystem 2019.1.2. RSA and security recommendations 2019.1.3. RSA-CRT and straightforward mode 2029.1.4. Toward a device product embedding RSA-CRT 2039.2. Building a protected RSA implementation step by step 2039.2.1. Loading RSA-CRT key parameter – Step 1 2049.2.2. Message reductions – Step 2 2059.2.3. Exponentiations – Step 3 2069.2.4. Recombination – Step 4 2119.2.5. Return S 2129.2.6. Protected RSA-CRT pseudo-code 2129.3. Remarks and open discussion 2139.3.1. Security resistance consideration 2139.4. Notes and further references 2149.5. References 220Chapter 10 Protected ECC Implementations 225Łukasz CHMIELEWSKI and Louiza PAPACHRISTODOULOU10.1. Introduction 22510.2. Protecting ECC implementations and countermeasures 22610.2.1. Unified arithmetic and complete formulae 22710.2.2. Constant-time scalar multiplication 22810.2.3. Elimination of if-statements even dummy ones 23010.2.4. Scalar randomization 23410.2.5. Coordinate and point randomizations 23610.2.6. Protection against address-bit side-channel attacks 23810.2.7. Additional fault injection protections 24110.3. Conclusion 24210.4. Notes and further references 24210.5. References 245Chapter 11 Post-Quantum Implementations 249Matthias J. KANNWISCHER, Ruben NIEDERHAGEN, Francisco RODRÍGUEZ-HENRÍQUEZ and Peter SCHWABE11.1. Introduction 24911.2. Post-quantum encryption and key encapsulation 25111.2.1. Lattice-based KEMs – Kyber 25111.2.2. Code-based KEMs – Classic McEliece 25611.2.3. Isogeny-based KEMs 25911.2.4. IND-CCA2 security 26311.3. Post-quantum signatures 26511.3.1. Lattice-based signatures – Dilithium 26611.3.2. Multivariate-quadratic-based signatures – UOV 26911.3.3 Hash-based signatures – XMSS and SPHINCS + 27211.4. Notes and further references 27511.5. References 278Part 3 Hardware Security 289Chapter 12 Hardware Reverse Engineering and Invasive Attacks 291Sergei SKOROBOGATOV12.1. Introduction 29112.2. Preparation for hardware attacks 29112.2.1. Preparation at PCB level 29212.2.2. Preparation at component level 29512.2.3. Preparation at silicon level 29912.3. Probing attacks 30012.4. Delayering and reverse engineering 30312.4.1. Chemical deprocessing 30312.4.2. Mechanical deprocessing 30412.4.3. Chemical–mechanical polishing (CMP) deprocessing 30512.4.4. Plasma, RIE and FIB deprocessing 30512.4.5. Staining techniques 30612.4.6. From images to netlist 30712.5. Memory dump and hardware cloning 30912.6. Conclusion 31112.7. Notes and further references 31112.8. References 312Chapter 13 Gate-Level Protection 315Sylvain GUILLEY and Jean-Luc DANGER13.1. Introduction 31513.2. DPL principle, built-in DFA resistance, and latent side-channel vulnerabilities 31613.2.1. Information hiding rationale 31613.2.2. DPL built-in DFA resistance 31713.2.3. Vulnerabilities with respect to side-channel attacks 31713.3. DPL families based on standard cells 31813.3.1. WDDL 31813.3.2. MDPL 31913.3.3. DRSL 31913.3.4. STTL 32313.3.5. BCDL 32313.3.6. WDDL variants 32313.4. Technological specific DPL styles 32813.4.1. Full custom optimizations 32813.4.2. Asynchronous logic 33013.4.3. Reversible differential logic 33013.5. DPL styles comparison 33113.6. Conclusion 33113.7. Notes and further references 33213.8. References 334Chapter 14 Physically Unclonable Functions 339Jean-Luc DANGER, Sylvain GUILLEY, Debdeep MUKHOPADHYAY and Ulrich RUHRMAIR14.1. Introduction 33914.1.1. Principle 33914.1.2. The twin nature of PUFs 34114.1.3. Properties 34214.1.4. Two broad classification of PUFs 34414.1.5. Necessity of enrollment 34514.1.6. Use-cases 34614.2. PUF architectures 34714.2.1. Weak PUFs 34714.2.2. Strong PUFs 35014.2.3. Big picture of PUF architectures 35314.3. Reliability enhancement 35314.3.1. Use of error correcting codes 35414.3.2. Discarding unreliable bits 35614.3.3. Stochastic model of reliability 35714.4. Entropy assessment 35814.4.1. Stochastic model of the entropy 35814.4.2. Entropy loss due to helper data 35914.5. Resistance to attacks 36114.5.1. Non-invasive attacks 36114.5.2. Semi-invasive attacks 36314.5.3. Invasive attacks 36414.6. Characterizations 36414.6.1. Reliability–aging 36414.6.2. Machine learning attacks on challenge–response protocol 36514.7. Standardization 36514.7.1. International standards 36514.7.2. Standards requiring PUF 36614.8. Notes and further references 36614.9. References 368List of Authors 375Index 379Summary of Volume 1 385Summary of Volume 3 393