PhD defense Julien Béguinot: Evaluation of Information Leakage in Side Channels
Télécom Paris, 19 place Marguerite Perey F-91120 Palaiseau [getting there], amphi 5 and in videoconferencing
Jury
- Elisabeth Oswald, Professor, University of Birmingham (CCSP), UK, Reviewer
- Michael Gastpar, Professor, EPFL (LINX), Switzerland, Reviewer
- Emmanuel Prouff, Associate Researcher at Sorbonne Universités, France, Examiner
- Naofumi Homma, Professor, Tohoku University, Japan, Examiner
- Svetla Petkova-Nikova, Research Manager in COSIC, KU Leuven, Belgium, Examiner
- Thomas Prest, Head of Research, PQShield, UK, Examiner
- Olivier Rioul, Professor, Télécom Paris, France, Thesis Supervisor
- Sylvain Guilley, Invited Professor, Télécom Paris, France, CTO Secure-IC, Thesis Co-Supervisor
Abstract
A symmetric key cryptographic algorithm is deemed robust against cryptanalysis when seen as a function mapping a secret key and a plaintext to a ciphertext. However, the computation of this function may leak some sensitive information about the secret key being manipulated by the underlying hardware circuit. The corresponding attacks are devastating if no proper countermeasure is implemented. Countermeasures have to be implemented and the leakages of a chip have to be evaluated by a certification laboratory before it is deployed. The masking countermeasure essentially amounts to a secret sharing over the wire of a circuit.
The goal of my PhD is to leverage information theoretic tools to improve the leakage certification process of a device in the presence of the masking countermeasure.
The first aspect is to provide informational bounds on several operational measures of the adversary success. This includes the success rate of an attack in presence of key enumeration and the average enumeration time required to find a correct key (guessing entropy). This is achieved by variations of Fano’s inequality and offers Gibb’s inequality.
The second aspect is to provide information theoretic bounds on the leakages of masked sensitive variable in terms of the leakages of each share. This is achieved by a variation of Mrs Gerber’s lemma.
The third aspect is to derive a security bound in the presence of computations, especially in the presence of multiplications. I used the complementary Doeblin coefficient to reduce general side channels to the much simpler erasure channels.
Finally, connecting the three contributions above we obtain a faster evaluation methodology for laboratories based on information theoretic inequalities.
While this thesis is motivated by concrete problems, it essentially relies on information theoretic derivations. Information leakages are measured by Sibson’s α-information. Emphasis is put on desirable mathematical properties such as data processing inequalities, tensorization, Gibbs inequality and Mrs Gerber’s lemma.
And also: Assessing the risks associated with information leaks