COSIC seminar "Threshold Cryptography against Combined Attacks" (Lauren De Meyer)
Text to Speech Voices
COSIC seminar – Threshold Cryptography against Combined Attacks – Lauren De Meyer (KU Leuven)
In 1999, Paul Kocher’s publication on Differential Power Analysis (DPA) kickstarted research into side-channel attacks and countermeasures. This research area grew quickly and has matured considerably over 20 years. Today’s most popular countermeasure, masking, can be seen as the embedded analogue of passively secure multi-party computation (MPC) protocols, which allow a number of parties to evaluate a function on secret-shared data, even in the presence of dishonest parties. The maximum number of adversaries amongst the computing parties is called the threshold. Accordingly, masked implementations which derive their security from MPC literature have been named threshold implementations.
Almost at the same time, Biham and Shamir published their work on Differential Fault Attacks (DFA). Yet, protecting implementations against fault attacks stands on much less rigorous grounds than protecting them against side-channels. The prevailing method is to use some type of redundancy. Recent attacks show that there is a need for protecting implementations jointly against side-channel and fault attacks. Analogously, modern MPC protocols consider active security, i.e. against malicious parties which do not only passively eavesdrop but also actively deviate from the protocol. This provides an opportunity for the field of threshold implementations to evolve with MPC and achieve provable secure implementations against combined passive and active physical attacks.
In this talk we will discuss two recent proposals in this area: CAPA and M&M, which both start from passively secure threshold schemes and extend those with information-theoretic MAC tags for protection against active adversaries.
source
Gloss