CONFERENCE FRANCE CYBER JAPAN
DAMIEN JAUVART CEA – UVSQ
JACQUES FOURNIER CEA
NADIA EL MRABET EMSE
LOUIS GOUBIN UVSQ
IMPROVING SIDE-CHANNEL ATTACKS AGAINST PAIRING-BASED CRYPTOGRAPHY
Improving Side-channel Attacks against Pairing-based cryptography
Application areas ! Cryptographic algorithms based on pairings allow new security schemes
• Identity Based Encryption (IBE) !New public key infrastructure easier to manage in presence of billion of connected objects • Anonymity scheme (protect private life of users)
Context ! Pairing algorithms can be executed in hostile environment involving secret data
Aims ! Study the weakness of pairings implementation against side-channel attacks
INTRODUCTION
| PAGE 2
Improving Side-channel Attacks against Pairing-based cryptography
! We are interested in showing the feasibility of practical attacks
INTRODUCTION
| PAGE 3
a
PBC
AES 1997
2001
2001
Standard
2001
IBE,OneRoundTripartite
2013
FaultAttack
2014
CPA
DES 1977
Standard
1996
TimingAttack
1973
RSA 1983
Patent
1995
TimingAttack
1997
FaultAttack
1997
DFA
1977 2012
HorizontalCPA
ECC 1985 1999
DPA
1999
DPA
2000
DFA
2002
SPA
2002
TimingAttack
2004
ECCdeployment
2004
CPAHighOrderCollision
…
Improving Side-channel Attacks against Pairing-based cryptography
! Attack strategy against pairing
! Characterizing the side-channel leakages
! Attack improvements
! Countermeasures
SUMMARY
| PAGE 4
Improving Side-channel Attacks against Pairing-based cryptography
Targeted pairing
! Twisted Ate pairing over Barreto-Naehrig curves ! BN curves: 𝐸 :𝑦↑2 = 𝑥↑3 +𝑏 and 𝑡 the Frobenius trace of 𝐸
! Ate pairing:
ATTACK STRATEGY AGAINST PAIRING
| PAGE 5
Improving Side-channel Attacks against Pairing-based cryptography
Targeted pairing ! Concretely we target a software implementation of the following Miller algorithm
implemented on an ARM-Cortex M3 with 𝑃 secret and a known point 𝑄 ! The modular arithmetic is based on Modular Montgomery Multiplication
ATTACK STRATEGY AGAINST PAIRING
| PAGE 6
Improving Side-channel Attacks against Pairing-based cryptography
! We are interested in operation between 𝑇 (data derived form 𝑃) and 𝑄 ! The tangent line equation 𝑙↓𝑇,𝑇 (𝑄) :
! In mixed affine-Jacobian coordinates
! CPA against the modular multiplication between long integers (256 bits) ! The 256bits integers are manipulated by words of 32 bits ! The Montgomery multiplication involves word multiplication 𝑥×𝑘
- UMULL assembly instruction ! Classical CPA over 32 bits ! The 32 bits are divided in Bytes : partial correlations
ATTACK STRATEGY AGAINST PAIRING
| PAGE 7
Improving Side-channel Attacks against Pairing-based cryptography
Leakage model ! 1st sub-attack: targeted the 8 least significant bits
! CPA: - Input: 𝐶↑(𝑙) , the 𝑁 leakages associated to the operation 𝑥↑(𝑙) ×𝑘
" Where the 𝑥↑(𝑙) are known and 𝑘 the secret sub-key - Computation of hypothetical intermediate values for each known 𝑥 and all sub-
keys 𝑘
- If the intermediate value is correct then the trace coincides with the leakage model of this value … detected with peak in correlation
CHARACTERIZING THE SIDE-CHANNEL LEAKAGES
| PAGE 8
For 𝑙=1 to 𝑁 // plaintext enumeration // plaintext enumeration For 𝑘=0 to 2↑𝑛 −1 // key enumeration
𝐻(𝑙,𝑘)=𝜙( 𝑥↑(𝑙) ∗𝑘) // hypothetical intermediate values
Improving Side-channel Attacks against Pairing-based cryptography
Leakage model and detection of points of interest ! Choosing leakage models
! When the hypothetical intermediate is computed ! This manipulated data must correspond to the power measurement
! Taking Hamming Weight of such bits ! ! Detecting specific points of interest in the entire power traces ! An example: T-Test ! (secret key is required for the test)
CHARACTERIZING THE SIDE-CHANNEL LEAKAGES
| PAGE 9
Improving Side-channel Attacks against Pairing-based cryptography
Key extraction
! Selection of sub-keys candidates - We store the best 𝛼 sub-keys
! We repeat this method against the other bytes of the secret
CHARACTERIZING THE SIDE-CHANNEL LEAKAGES
| PAGE 10
Correct sub-key hypothesis
Improving Side-channel Attacks against Pairing-based cryptography
! 𝛼−parameter effect on the attack success
! Attack success is improved with greater 𝛼 ! But the computation resources also grow
ATTACK IMPROVEMENT
| PAGE 11
Improving Side-channel Attacks against Pairing-based cryptography
! The attack is improved in 3 axes : ! Number of required traces ! Time execution ! Memory
! => Our attack is more dangerous ! Resources comparison with the state of the art attack
ATTACK IMPROVEMENT
| PAGE 12
State of the art [1] Our method
(𝜶=𝟔𝟒)
Mean number of required traces 1500 150
Time (sub-keys enumeration) ≈2↑19 ≈2↑16 Memory (sub-keys storage) ≈2↑18 ≈2↑14
1. Unterluggauer and Wenger. Practical Attack on Bilinear Pairing to Disclose the Secrets of Embedded Devices. 2014
Improving Side-channel Attacks against Pairing-based cryptography
Now, attacking complete pairing
! Complete attack against the Montgomery Modular Multiplication ! 2 critical operations:
- 𝑥 ×𝑘 (already dealt) - 𝑥 ×𝑘+𝑦 (same study: leakage models, point of interest, SOST, …)
! Complete attack against pairing
! Same attack scheme as previous - More data to analysis (power measurements are longer)
ATTACK IMPROVEMENT
| PAGE 13
Improving Side-channel Attacks against Pairing-based cryptography
Different levels of countermeasures
! Input randomization ! Multiplicative mask: 𝑒([𝑎]𝑃,[𝑏]𝑄)↑1⁄𝑎𝑏 =𝑒(𝑃,𝑄), with random 𝑎 and 𝑏
- Very large overhead - Scalar multiplications are threatened by horizontal attacks [2]
! Additive mask: 𝑒(𝑃,𝑄+𝑅)𝑒(𝑃,𝑅)↑−1 =𝑒(𝑃,𝑄) with random 𝑄 - Large overhead
COUNTERMEASURES
| PAGE 14
2. Perin et al. Vertical and Horizontal Correlation Attacks on RNS-Based Exponentiations. 2015
Improving Side-channel Attacks against Pairing-based cryptography
Different levels of countermeasures
! Randomization of the intermediate variables
! Multiplication of tangent and line equation by a random λ∈ 𝔽↓𝑞 ↑∗ - 𝑓←𝑓↑2 ∙𝝀∙ 𝑙↓𝑇,𝑇 (𝑄) and 𝑓←𝑓∙𝝀∙ 𝑙↓𝑇,𝑃 (𝑄) - The final exponentiation removes this effect
" λ↑𝑞↑12 −1/𝑟 =1! Randomization of projective or Jacobian coordinates
- Temporary value 𝑇 in Miller is initially randomized " 𝑇←( 𝑥↓𝑃 λ↑2 :𝑦↓𝑃 λ↑3 :λ) " Sensitive to fault injection attack [3]
COUNTERMEASURES
| PAGE 15
3. El Mrabet et al. A survey of Fault Attacks in Pairing Based Cryptography. 2014
Improving Side-channel Attacks against Pairing-based cryptography
Thorough study of leakage models ! Two leakages models are submitted to comparison
! Targeting a specific operation (32bit multiplier) allows to extend attack several modular multiplication
Attacks on real environment ! We implemented a new attack with original selection of candidates
! Results: the partial correlations are improved Choosing the sub-keys candidates
! The 𝛼−parameter might be chosen adaptively and not fixed ! Selected by studying the repartition of the best correlations
Investigation about countermeasures
! As in the input randomization with scalar multiplication, the other methods may also be threatened
CONCLUSION AND PERSPECTIVES
| PAGE 16
Commissariat à l’énergie atomique et aux énergies alternatives Damien Jauvart | DRT / CEA Tech / DPACA
Etablissement public à caractère industriel et commercial | RCS Paris B 775 685 019
France Cyber Japan 2016
THANK YOU FOR LISTENING