TY - GEN
T1 - Formal Security Proofs via Doeblin Coefficients:: Optimal Side-Channel Factorization from Noisy Leakage to Random Probing
AU - Béguinot, Julien
AU - Cheng, Wei
AU - Guilley, Sylvain
AU - Rioul, Olivier
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2024.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Masking is one of the most popular countermeasures to side-channel attacks, because it can offer provable security. However, depending on the adversary’s model, useful security guarantees can be hard to provide. At first, masking has been shown secure against t-threshold probing adversaries by Ishai et al. at Crypto’03. It has then been shown secure in the more generic random probing model by Duc et al. at Eurocrypt’14. Prouff and Rivain have introduced the noisy leakage model to capture more realistic leakage at Eurocrypt’13. Reduction from noisy leakage to random probing has been introduced by Duc et al. at Eurocrypt’14, and security guarantees were improved for both models by Prest et al. at Crypto’19, Duc et al. in Eurocrypt’15/J. Cryptol’19, and Masure and Standaert at Crypto’23. Unfortunately, as it turns out, we found that previous proofs in either random probing or noisy leakage models are flawed, and such flaws do not appear easy to fix. In this work, we show that the Doeblin coefficient allows one to overcome these flaws. In fact, it yields optimal reductions from noisy leakage to random probing, thereby providing a correct and usable metric to properly ground security proofs. This shows the inherent inevitable cost of a reduction from the noisy leakages to the random probing model. We show that it can also be used to derive direct formal security proofs using the subsequence decomposition of Prouff and Rivain.
AB - Masking is one of the most popular countermeasures to side-channel attacks, because it can offer provable security. However, depending on the adversary’s model, useful security guarantees can be hard to provide. At first, masking has been shown secure against t-threshold probing adversaries by Ishai et al. at Crypto’03. It has then been shown secure in the more generic random probing model by Duc et al. at Eurocrypt’14. Prouff and Rivain have introduced the noisy leakage model to capture more realistic leakage at Eurocrypt’13. Reduction from noisy leakage to random probing has been introduced by Duc et al. at Eurocrypt’14, and security guarantees were improved for both models by Prest et al. at Crypto’19, Duc et al. in Eurocrypt’15/J. Cryptol’19, and Masure and Standaert at Crypto’23. Unfortunately, as it turns out, we found that previous proofs in either random probing or noisy leakage models are flawed, and such flaws do not appear easy to fix. In this work, we show that the Doeblin coefficient allows one to overcome these flaws. In fact, it yields optimal reductions from noisy leakage to random probing, thereby providing a correct and usable metric to properly ground security proofs. This shows the inherent inevitable cost of a reduction from the noisy leakages to the random probing model. We show that it can also be used to derive direct formal security proofs using the subsequence decomposition of Prouff and Rivain.
U2 - 10.1007/978-3-031-68391-6_12
DO - 10.1007/978-3-031-68391-6_12
M3 - Conference contribution
AN - SCOPUS:85202295597
SN - 9783031683909
T3 - Lecture Notes in Computer Science
SP - 389
EP - 426
BT - Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings
A2 - Reyzin, Leonid
A2 - Stebila, Douglas
PB - Springer Science and Business Media Deutschland GmbH
T2 - 44th Annual International Cryptology Conference, CRYPTO 2024
Y2 - 18 August 2024 through 22 August 2024
ER -