Date of the talk: 21 March 2014, 11h30-12h30, salle Petri/Turing
Leakage-Resilient Pseudorandom Functions and Generators using Re-keyingMost cryptosystems are now secure in the black-box model, that is when the adversary has only access to their inputs and outputs. However as revealed in the nineties, this model does not capture the reality of embedded devices since the physical leakage (time, temperature, power consumption) can provide useful information on the secret values. The resulting attacks are gathered around the term side-channel attacks.
In order to thwart these attacks, the community has made significant efforts to propose countermeasures. Among them, masking and re-keying are probably the most investigated. However, choosing one, the other or both to achieve a certain level of security for a cryptosystem remained unclear. Therefore, in the first part of this talk, we treat this problem and explain that contrary to the intuition, better security is not always obtained by combining protections.
Then for the second part, we focus on one of these countermeasures: the re-keying which consists in refreshing regularly the key to prevent the attacker from accumulating enough information on the secret. In this context, we first describe a pseudo-random function exclusively which aims to be efficient in a context of re-synchronisation between two parts. The proposal is based on a binary tree structure only filled by blocks of unmasked AES. We show that in addition to be practical, the construction benefits to be leakage-resilient. After that, we describe another primitive which is the adaptation of the pseudo-random number generator with input proposed by Dodis et al. at CCS 2013 to make it leakage-resilient. We show that by tweaking the construction to integrate a leakage-resilient part, with a instantiation based on the re-keying, we can extend its security properties to include the resistance against side-channel attacks with a limited impact on its performances.