Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study
Implementation-level countermeasures like masking can be applied to any cryptographic algorithm in order to mitigate Differential Power Analysis (DPA). Leveraging re-keying with a Leakage-Resilient PRF (LR-PRF) is an alternative countermeasure that requires a change of primitive. Both options rely...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-06-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/12234 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849467343028092928 |
|---|---|
| author | Charles Momin François-Xavier Standaert Corentin Verhamme |
| author_facet | Charles Momin François-Xavier Standaert Corentin Verhamme |
| author_sort | Charles Momin |
| collection | DOAJ |
| description |
Implementation-level countermeasures like masking can be applied to any cryptographic algorithm in order to mitigate Differential Power Analysis (DPA). Leveraging re-keying with a Leakage-Resilient PRF (LR-PRF) is an alternative countermeasure that requires a change of primitive. Both options rely on different security mechanisms: signal-to-noise ratio amplification for masking, signal reduction for LRPRFs. This makes their general comparison difficult and suggests the investigation of relevant case studies to identify when to use one or the other as an interesting research direction. In this paper, we provide such a case study and compare the security that can be obtained by using an unprotected hardware coprocessor, to be integrated into a leakage-resilient PRF, and a certified one, protected with implementation-level countermeasures. Both are available on “commercial off-the-shelf” devices and could be used for lightweight IoT applications. We first perform an in-depth analysis of these targets. It allows us to put forward the different evaluation challenges that they raise, and the similar to slightly better cost vs. security tradeoff that the leakage-resilient PRF offers in our experiments. We then discuss the advantages and limitations of both types of countermeasures. While there are contexts where the higher flexibility of masking is needed, we conclude that there are also applications that would strongly benefit from the simplicity of the LR-PRF’s design and evaluation. Positing that the lack of standards is the main impediment to their more widespread deployment, we therefore hope that our results can motivate such standardization efforts.
|
| format | Article |
| id | doaj-art-1084c0bbea7446d4b8c2895e14da62db |
| institution | Kabale University |
| issn | 2569-2925 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj-art-1084c0bbea7446d4b8c2895e14da62db2025-08-20T03:26:16ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252025-06-012025310.46586/tches.v2025.i3.717-744Primitive-Level vs. Implementation-Level DPA Security: a Certified Case StudyCharles Momin0François-Xavier Standaert1Corentin Verhamme2Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, BelgiumCrypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, BelgiumCrypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium Implementation-level countermeasures like masking can be applied to any cryptographic algorithm in order to mitigate Differential Power Analysis (DPA). Leveraging re-keying with a Leakage-Resilient PRF (LR-PRF) is an alternative countermeasure that requires a change of primitive. Both options rely on different security mechanisms: signal-to-noise ratio amplification for masking, signal reduction for LRPRFs. This makes their general comparison difficult and suggests the investigation of relevant case studies to identify when to use one or the other as an interesting research direction. In this paper, we provide such a case study and compare the security that can be obtained by using an unprotected hardware coprocessor, to be integrated into a leakage-resilient PRF, and a certified one, protected with implementation-level countermeasures. Both are available on “commercial off-the-shelf” devices and could be used for lightweight IoT applications. We first perform an in-depth analysis of these targets. It allows us to put forward the different evaluation challenges that they raise, and the similar to slightly better cost vs. security tradeoff that the leakage-resilient PRF offers in our experiments. We then discuss the advantages and limitations of both types of countermeasures. While there are contexts where the higher flexibility of masking is needed, we conclude that there are also applications that would strongly benefit from the simplicity of the LR-PRF’s design and evaluation. Positing that the lack of standards is the main impediment to their more widespread deployment, we therefore hope that our results can motivate such standardization efforts. https://tches.iacr.org/index.php/TCHES/article/view/12234Side-Channel AnalysisCountermeasuresMaskingRe-keying |
| spellingShingle | Charles Momin François-Xavier Standaert Corentin Verhamme Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study Transactions on Cryptographic Hardware and Embedded Systems Side-Channel Analysis Countermeasures Masking Re-keying |
| title | Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study |
| title_full | Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study |
| title_fullStr | Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study |
| title_full_unstemmed | Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study |
| title_short | Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study |
| title_sort | primitive level vs implementation level dpa security a certified case study |
| topic | Side-Channel Analysis Countermeasures Masking Re-keying |
| url | https://tches.iacr.org/index.php/TCHES/article/view/12234 |
| work_keys_str_mv | AT charlesmomin primitivelevelvsimplementationleveldpasecurityacertifiedcasestudy AT francoisxavierstandaert primitivelevelvsimplementationleveldpasecurityacertifiedcasestudy AT corentinverhamme primitivelevelvsimplementationleveldpasecurityacertifiedcasestudy |