Side-Channel Countermeasure for SHA-3 at Almost-Zero Area Overhead

Home , Authenticated encryption

Side-Channel Countermeasure for SHA-3 At Almost-Zero Area Overhead

Mostafa Taha and Patrick Schaumont Virginia Tech

This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no. 1115839. Outline

• Side-Channel Analysis • SHA-3, the story and its applications • SHA-3 Countermeasure • New Design Concept

2 Outline

• Side-Channel Analysis • SHA-3, the story and its applications • SHA-3 Countermeasure • New Design Concept

3 Side-Channel Analysis

• Information Leakage

Key

4 Side-Channel Analysis

• Example – Password Checker (8 bytes)

for (i = 0 ; i < 8 ; i++){ is False  one loop (I[0]=K[0]) if(I[i] = K[i]){ Time Password = true; (I[0]=K[0]) is True } (I[1]=K[1]) is False  two loops else{ Password = false; 255 values of I[0] need one loop, break; while one correct value needs two loops } }

Brute Force security reduced from 2568 to 256*8 If 1 try = 1 휇sec  from 585K years to 2 msec!

5 Side-Channel Analysis

• Information Leakage

Key - Computation Time - Power Consumption Register - Electromagnetic - Acoustic Waves - Photonic Emission - Faulty Ciphertext

6 Side-Channel Analysis

• One Trace  Simple ...... Analysis • Many Traces  Differential ...... Analysis

Hypothesis Table

K0 K1 K2 Actual Eq. Eq. Eq. Variable Variable Variable Leakage Leakage Leakage Leakage 2 0x0F 4 0x82 2 0xF1 5 3 0xAA 4 0x51 3 0x4E 4

5 0xD3 5 0xA3 4 0x0B 3

4 0x31 3 0xC7 5 0x92 3

: : : : : : :

Correlation 7 Side - Channel Analysis

I – Var. Affect Traces Hiding Differential Analysis

II - Predict Variables Masking

III - Combine Traces Resiliency Leakage 8 Outline

• Side-Channel Analysis • SHA-3, the story and its applications • SHA-3 Countermeasure • Why the countermeasure works!

9 SHA-3 (The Story)

• SHA-3 is a hashing standard

1011000101101010

• SHA-0, SHA-1, SHA-2 SHA-3 • Competition started in Nov. 2007 and ended in Oct. 2012 with Keccak as the winner. • Chosen for – Superior performance in hardware – The Sponge construction

10 SHA-3 (The Sponge construction)

Ordinary New

M0 M1 M2 M3 MAC0 MAC1 Rate

Capacity r 0 푓 푓 푓 푓 푓 c 0

Permutation Function Input 푓 Output

11 SHA-3 (Applications)

• Regular Hashing

M0 M1 M2 M3 MAC0 MAC1

r 0 푓 푓 푓 푓 푓 c 0

12 SHA-3 (Applications)

• Salted Hashing

SALT M0 M1 M2 MAC0 MAC1

r 0 푓 푓 푓 푓 푓 c 0

13 SHA-3 (Applications)

• Message Authentication Codes Optional

KEY [IV] M0 M1 MAC0 MAC1

r 0 푓 푓 푓 푓 푓 c 0

- Hashing, salted hashing and MACs are ordinary applications. But!

14 SHA-3 (Applications)

• Random Number Generation New!

SEED0 SEED1

r 0 푓 푓 푓 푓 푓 c 0

R0 R1 Rn-2 Rn-1

15 SHA-3 (Applications)

• Stream Encryption New! Mandatory

KEY IV

r 0 푓 푓 푓 푓 푓 c 0

C0 C1 Cn-2 Cn-1

16 SHA-3 (Applications)

• Authenticated Encryption New! Mandatory

KEY IV M0 M1 MAC0 MAC1

r 0 푓 푓 푓 푓 푓 c 0

C0 C1

And many more.

17 SHA-3

• Keccak permutation function

24 Rounds of 4 4 3 3 2 2 1 1 0 0 0 1 2 3 4 0 1 2 3 4 State State 1600 bits 1600 bits

Also, PHOTON, QUARK, SPONGENT,…

18 SHA-3 (Single Core)

Regular Hashing Salted Hashing RNG MAC-generation Stream Encryption Authenticated Encryption

One HW Core

19 SHA-3 (Single Core)

Regular Hashing MAC-generation Salted Hashing Stream Encryption RNG Authenticated Encryption

Side-Channel Protection 3x implementation cost

20 SHA-3 (Single Core)

• Permutation Functions

Key Key Key Key Message MAC

AES AES AES 0 푓 푓 푓 푓

x1 y1 x2 y2 x3 y3

AES Block-cipher MAC-Keccak

21 SHA-3 (Single Core)

Regular Hashing Salted Hashing RNG MAC-generation (m-1) + 1 Stream Encryption (m-1) + 1 Authenticated Encryption (m-1) + 1

Design a new countermeasure – Minimal changes to the implementation – Can be turned ON / OFF New!

22 Outline

• Side-Channel Analysis • SHA-3, the story and its applications • SHA-3 Countermeasure • Why the countermeasure works!

23 SHA-3 Countermeasure

1. The Key goes to a separate input. 2. Mandate the use of IV in all keyed applications. 3. Squeeze the rate to “one bit” during IV. 4. Use Round-Reduced version of Keccak during IV, except the last bit. 5. Then, proceed normally.

Key IV0 IV1 IV|IV|-2 IV|IV|-1 M0 M1

r 0 푓 푓푟 푓푟 푓푟 푓 푓 c 0

Rate = 푟 Rate = 1 Rate = 푟

24 SHA-3 Countermeasure, WHY? IV Tree Structure 2 IV 1. The Key goes to a separate input. Increase1 size of the secret K 2. Mandate the use of IV in all keyed applications.00 Nonce IV0 K0 3. Squeeze the rate to “one bit” during IV. K01 4. Use Round-ReducedKey State version of Keccak during IV, except the last K bit. 10 K 5. Then, proceed normally. 1 K11

Key IV0 IV1 IV|IV|-2 IV|IV|-1 M0 M1

r 0 푓 푓푟 푓푟 푓푟 푓 푓 c 0

Rate = 푟 Rate = 1 Rate = 푟

25 SHA-3 Countermeasure, WHY?

1. The Key goes to a separate input. Increase size of the secret 2. Mandate the use of IV in all keyed applications. Nonce 3. Squeeze the rate to “one bit” during IV. 4. Use Round-Reduced version of Keccak during IV, except the last bit. 5. Then, proceed normally.

Key IV0 IV1 IV|IV|-2 IV|IV|-1 M0 M1

r 0 푓 푓푟 푓푟 푓푟 푓 푓 c 0

3 Rounds 24 Rounds Rate = 푟 Rate = 1 Rate = 푟

26 SHA-3 Countermeasure

• Implementation – Rate Reduction

– Round-Reduced Keccak Using 2 Gates at 3.7 GE (Synopsys Design Compiler at 130nm technology)

27 SHA-3 Countermeasure

• Implementation: – Performance 퐼푉 − 1 ∗ 3 extra rounds 퐼푉 − 1 /8 extra Keccak runs

– Trading SCA-protection for performance New! Use s bits of IV per step s is an SCA-security parameter in [1: |퐼푉|] New performance: 퐼푉 − 1 /8푠 extra Keccak runs

28 SHA-3 Countermeasure

• Comparison : against masked implementations of Keccak designers – Area

29 SHA-3 Countermeasure

• Comparison: – Performance

30 SHA-3 Countermeasure

• Comparison: – Flexibility SCA-protection can be tuned by software.

– Compatibility Can be applied to already built modules

– Portability Protect the Sponge with any permutation function

31 Outline

• Side-Channel Analysis • SHA-3, the story and its applications • SHA-3 Countermeasure • New Design Concept

32 New Design Concept

Practical Methods Theoretical Methods Masking & Hiding Leakage Resilient Cryptography

- Fix current implementations - Design new primitives - Efficient solutions - Provable prevention against - Practically verifiable all differential attacks Our Solution But But - Limited scope of protection - No solution to current primitives - Turns SCA harder - Very high implementation cost - Occasionally, breaks-down

33 New Design Concept

Practical Methods Theoretical Methods Masking & Hiding Leakage Resilient Cryptography

- Fix current implementations - Design new primitives - Efficient solutions - Provable prevention against - Practically verifiable all differential attacks Our Solution But But - Limited- Use scope LRC of protection as a tool to protect- No solutioncurrent to primitives current primitives - Turns- SCAAchieve harder a ﬁne granularity- Veryof SCA high- protectionimplementation cost - Occasionally,vs performance breaks-down Yes, our countermeasure belongs to LRC

34 Conclusion

• Proposed a countermeasure for the applications of SHA-3 at almost-zero area overhead. • The performance overhead can be trivialized at long message lengths. • The countermeasure is flexible, compatible and portable. • Use theoretical ideas through practical experience.

35 Thank You Questions?