Side-channel analysis of a learning parity with physical noise processor
- PDF / 1,587,986 Bytes
- 9 Pages / 595.276 x 790.866 pts Page_size
- 49 Downloads / 175 Views
REGULAR PAPER
Side-channel analysis of a learning parity with physical noise processor Dina Kamel1
· Davide Bellizia1 · Olivier Bronchain1 · François-Xavier Standaert1
Received: 14 February 2020 / Accepted: 10 August 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020
Abstract Learning parity with physical noise (LPPN) has been proposed as an assumption on which to build authentication protocols based on the learning parity with noise (LPN) problem. Its first advantage is to reduce the randomness requirements of standard LPN-based protocols, by directly performing erroneous computations so that no (e.g. Bernoulli-distributed) errors have to be generated on chip. At ASHES 2018, an LPPN processor was presented and confirmed the possibility to efficiently generate erroneous computations with the appropriate error rate. Since LPPN computations are key-homomorphic, they are good candidates for improved side-channel security thanks to masking, since they could theoretically lead to masked implementations with overheads that are linear in the number of shares, the analysis of which was left as an open problem. In this paper, we confirm this good potential by analyzing the side-channel security of an LPPN processor. We (1) evaluate the leakage of different parts of the erroneous computations, (2) conclude that intermediate computations that can be targeted with a divide-and-conquer Gaussian template attack are a sweet spot for side-channel attacks, and (3) show that LPPN computations naturally reach a level of noise that makes masking effective, despite further noise addition could be beneficial to reach higher security at lower implementation cost. Keywords Learning parity with noise · Side-channel analysis · Authentication · Probabilistic computation
1 Introduction In light of the emergence of the Internet of Things (IoT) for an increasingly wide range of applications implicated in everyday life (e.g. smart homes and cities, building management, e-health,...etc), connected devices must feature low-power/energy, low-cost and most importantly minimum security guarantees (e.g. lightweight authentication [11]). Due to their conceptual simplicity, protocols based on the learning parity with noise (LPN) problem are considered as promising candidates for this purpose [23]. However, due to the requirement of a (pseudo) random number generator (RNG), which may be expensive and at the same time an
B
Dina Kamel [email protected] Davide Bellizia [email protected] Olivier Bronchain [email protected] François-Xavier Standaert [email protected]
1
Université Catholique de Louvain (UCLouvain), Ottignies-Louvain-la-Neuve, Belgium
easy target for side-channel analysis, the practical relevance of such protocols remains questionable. In [15], the authors introduced a working instance of the recently proposed learning parity with physical noise (LPPN) assumption [16], which mitigates the need of an RNG by directly performing erroneous computations and proved to be effi
Data Loading...
