International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study: (Pleading for Standardized Leakage-Resilient Cryptography)

Authors:
Charles Momin
François-Xavier Standaert
Corentin Verhamme
Download:
DOI: 10.46586/tches.v2025.i3.717-744
URL: https://tches.iacr.org/index.php/TCHES/article/view/12234
Search ePrint
Search Google
Abstract: Implementation-level countermeasures like masking can be applied to any cryptographic algorithm in order to mitigate Differential Power Analysis (DPA). Leveraging re-keying with a Leakage-Resilient PRF (LR-PRF) is an alternative countermeasure that requires a change of primitive. Both options rely on different security mechanisms: signal-to-noise ratio amplification for masking, signal reduction for LRPRFs. This makes their general comparison difficult and suggests the investigation of relevant case studies to identify when to use one or the other as an interesting research direction. In this paper, we provide such a case study and compare the security that can be obtained by using an unprotected hardware coprocessor, to be integrated into a leakage-resilient PRF, and a certified one, protected with implementation-level countermeasures. Both are available on “commercial off-the-shelf” devices and could be used for lightweight IoT applications. We first perform an in-depth analysis of these targets. It allows us to put forward the different evaluation challenges that they raise, and the similar to slightly better cost vs. security tradeoff that the leakage-resilient PRF offers in our experiments. We then discuss the advantages and limitations of both types of countermeasures. While there are contexts where the higher flexibility of masking is needed, we conclude that there are also applications that would strongly benefit from the simplicity of the LR-PRF’s design and evaluation. Positing that the lack of standards is the main impediment to their more widespread deployment, we therefore hope that our results can motivate such standardization efforts.
BibTeX
@article{tches-2025-35794,
  title={Primitive-Level vs. Implementation-Level DPA Security: a Certified Case Study: (Pleading for Standardized Leakage-Resilient Cryptography)},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2025},
  pages={717-744},
  url={https://tches.iacr.org/index.php/TCHES/article/view/12234},
  doi={10.46586/tches.v2025.i3.717-744},
  author={Charles Momin and François-Xavier Standaert and Corentin Verhamme},
  year=2025
}