Symmetric & asymmetric cryptography offer the basic functionalities needed to communicate securely over a channel. Due to their different features and the different algebraic structures they exploit, the interaction between the design of these primitives and the security of their implementation against side-channel & fault attacks so far followed somewhat separated paths. Based on the observation that (i) many emerging challenges for the implementation security of symmetric & asymmetric primitives share similarities and would highly benefit from a more connected approach, and (ii) this is especially true when considering post-quantum asymmetric encryption schemes that include symmetric components and for which current designs are extremely challenging to protect against side-channel & faults attacks, the BRIDGE project aims to develop a unified treatment of symmetric & asymmetric cryptography by leveraging three innovative movements. First, we aim to export the concept of leveled implementation (where different parts of a primitive are protected with countermeasures of varying cost) from symmetric cryptography towards new post-quantum asymmetric schemes that inherently take implementation security as a design criteria. Second, we aim to export the use of larger (possibly prime) fields and more complex algebraic structures used in asymmetric cryptography to deliver advanced functionalities towards new symmetric schemes that guarantee security against side-channel & fault attacks in low-noise contexts that raise fundamental challenges for existing countermeasures. Third, we aim to exploit hard physical learning problems as radically new building blocks applicable to both types of primitives. By combining these movements, we aim to identify disruptive approaches to build new cryptographic schemes offering a better integration between symmetric & asymmetric designs and improvements of their implementation security by orders of magnitude.
Cryptographic implementations are traditionally evaluated based on a trade-off between security and efficiency. However, when it comes to physical security against attacks exploiting side-channel leakages or fault insertions, this approach is limited by the difficulty to define the adversaries (e.g., their knowledge about the target implementation) and to specify sound physical assumptions. Quite naturally, the problem becomes even more challenging in contexts where implementations can be maliciously modified during design or fabrication via so-called hardware Trojans. To a large extent, these vulnerabilities echo the general challenge of restoring trust that is faced by cryptographic research in view of the recent Snowden revelations. In this context, we believe that the design of small components able to perform secure computations locally will be an important building block of future information systems. For this purpose, the SWORD project envisions a paradigm shift in embedded security, by adding trust as an essential element in the evaluation of physically secure objects. Our two main ingredients to reach this ambitious goal are a good separation between mathematics and physics, and improved transparency in security evaluations. That is, we want cryptographic implementations to rely on physical assumptions that can be empirically verified, in order to obtain sound security guarantees based on mathematical proofs or arguments. And we want to make the empirical verification of physical assumptions more transparent, by considering open source hardware and software. By allowing adversaries and evaluators to know implementation details, we expect to enable a better understanding of the fundamentals of physical security, therefore leading to improved security, efficiency and trust in the longer term. That is, we hope to establish security guarantees based on a good understanding of the physics, rather than the (relative) misunderstanding caused by closed systems. Some important outcomes of this research project and a general motivation for the open approach it promotes can be found in an Eurocrypt 2019 invited talk.
Side-channel attacks are an important threat against cryptographic implementations,
in which an adversary takes advantage of physical information leakages (such as the power
consumption or the electromagnetic radiation of a smart card) in order to recover secret information.
By allowing to circumvent the models in which standard security proofs are obtained, they can lead to
powerful (e.g., key recovery) attacks against a large class of devices. Therefore, such attacks exhibit
a gap between the mathematical abstractions of modern cryptography and the concrete peculiarities of
actual electronic circuits. By considering physical and algorithmic issues in a unified way,
the goal of the CRASH project was to get rid of the incompatibilities between the different models
that can be used to explain the information leakage in cryptographic implementations.
For this
purpose, we first focused on the development of sound evaluation methods. Namely, since cryptographic
implementations are physical objects, we developed tools and methodologies allowing designers
to ensure that the security levels they claim for their implementations are (sufficiently) accurate,
which implies understanding the various errors that could bias these claims. Next, and based on sound
evaluation methods, we analyzed heuristic constructions (i.e., countermeasures) and formal models
(of leakage-resilience) in order to establish the best ingredients (assumptions and constructions)
allowing the design of efficient and side-channel resistant implementations. In this respect, an important
conclusion of the project was the increasing importance of open source (hardware and software) design
in order to facilitate the exploitation of formal tools, security proofs and design automation in the
field of physical security. In more details, the results of the ERC project CRASH have been described
in two invited talks, at SPACE 2016 and
INDOCRYPT 2016.
Thanks to the ICTEAM institute, we also made a short
research video summarizing the
outcomes of the project in less technical terms.