Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code
Created by W.Langdon from
gp-bibliography.bib Revision:1.8051
- @InProceedings{Shelton:2021:CCS,
-
author = "Madura A. Shelton and Lukasz Chmielewski and
Niels Samwel and Markus Wagner and Lejla Batina and
Yuval Yarom",
-
title = "Rosita++: Automatic Higher-Order Leakage Elimination
from Cryptographic Code",
-
booktitle = "Proceedings of the 2021 ACM SIGSAC Conference on
Computer and Communications Security",
-
year = "2021",
-
pages = "685--699",
-
address = "Virtual Event, Republic of Korea",
-
publisher = "Association for Computing Machinery",
-
keywords = "genetic algorithms, genetic programming, genetic
improvement, power analysis leakage, multivariate
leakage, automatic countermeasures",
-
isbn13 = "9781450384544",
-
URL = "https://eprint.iacr.org/2021/1181",
-
code_url = "https://github.com/0xADE1A1DE/Rositaplusplus",
-
DOI = "doi:10.1145/3460120.3485380",
-
abstract = "Side-channel attacks are a major threat to the
security of cryptographic implementations, particularly
for small devices that are under the physical control
of the adversary. While several strategies for
protecting against side-channel attacks exist, these
often fail in practice due to unintended interactions
between values deep within the CPU. To detect and
protect from side-channel attacks, several automated
tools have recently been proposed; one of their common
limitations is that they only support first-order
leakage. We present the first automated tool for
detecting and eliminating higher-order leakage from
cryptographic implementations. Rosita++ proposes
statistical and software-based tools to allow
high-performance higher-order leakage detection. It
then uses the code rewrite engine of Rosita (Shelton et
al. NDSS 2021) to eliminate detected leakage. For the
sake of practicality we evaluate Rosita++ against
second and third order leakage, but our framework is
not restricted to only these orders.We evaluate
Rosita++ against second-order leakage with three-share
implementations of two ciphers, PRESENT and Xoodoo, and
with the second-order Boolean-to-arithmetic masking, a
core building block of masked implementations of many
cryptographic primitives, including SHA-2, ChaCha and
Blake. We show effective second-order leakage
elimination at a performance cost of 36percent for
Xoodoo, 189percent for PRESENT, and 29percent for the
Boolean-to-arithmetic masking. For third-order
analysis, we evaluate Rosita++ against the third-order
leakage using a four-share synthetic example that
corresponds to typical four-share processing. Rosita++
correctly identified this leakage and applied code
fixes.",
-
notes = "MW says 'follow-up to \cite{Shelton:2021:NDSS}
Rosita++ can protect implementations against
higher-order attacks (e.g. when you have multiple
sensors to listen to power consumption), while Rosita
was limited to first-order side-channel attacks.'",
- }
Genetic Programming entries for
Madura A Shelton
Lukasz Chmielewski
Niels Samwel
Markus Wagner
Lejla Batina
Yuval Yarom
Citations