Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code

Created by W.Langdon from gp-bibliography.bib Revision:1.7615

@InProceedings{Shelton:2021:CCS,

• author = "Madura A. Shelton and Lukasz Chmielewski and Niels Samwel and Markus Wagner and Lejla Batina and Yuval Yarom",
• title = "Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code",
• booktitle = "Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",
• year = "2021",
• pages = "685--699",
• address = "Virtual Event, Republic of Korea",
• publisher = "Association for Computing Machinery",
• keywords = "genetic algorithms, genetic programming, genetic improvement, power analysis leakage, multivariate leakage, automatic countermeasures",
• isbn13 = "9781450384544",
• URL = "https://eprint.iacr.org/2021/1181",
• code_url = "https://github.com/0xADE1A1DE/Rositaplusplus",
• DOI = "doi:10.1145/3460120.3485380",
• abstract = "Side-channel attacks are a major threat to the security of cryptographic implementations, particularly for small devices that are under the physical control of the adversary. While several strategies for protecting against side-channel attacks exist, these often fail in practice due to unintended interactions between values deep within the CPU. To detect and protect from side-channel attacks, several automated tools have recently been proposed; one of their common limitations is that they only support first-order leakage. We present the first automated tool for detecting and eliminating higher-order leakage from cryptographic implementations. Rosita++ proposes statistical and software-based tools to allow high-performance higher-order leakage detection. It then uses the code rewrite engine of Rosita (Shelton et al. NDSS 2021) to eliminate detected leakage. For the sake of practicality we evaluate Rosita++ against second and third order leakage, but our framework is not restricted to only these orders.We evaluate Rosita++ against second-order leakage with three-share implementations of two ciphers, PRESENT and Xoodoo, and with the second-order Boolean-to-arithmetic masking, a core building block of masked implementations of many cryptographic primitives, including SHA-2, ChaCha and Blake. We show effective second-order leakage elimination at a performance cost of 36percent for Xoodoo, 189percent for PRESENT, and 29percent for the Boolean-to-arithmetic masking. For third-order analysis, we evaluate Rosita++ against the third-order leakage using a four-share synthetic example that corresponds to typical four-share processing. Rosita++ correctly identified this leakage and applied code fixes.",
• notes = "MW says 'follow-up to \cite{Shelton:2021:NDSS} Rosita++ can protect implementations against higher-order attacks (e.g. when you have multiple sensors to listen to power consumption), while Rosita was limited to first-order side-channel attacks.'",

}

Genetic Programming entries for Madura A Shelton Lukasz Chmielewski Niels Samwel Markus Wagner Lejla Batina Yuval Yarom

Citations