From qualitative to quantitative proofs of security properties using first-order conditional logic1

In this work, we are concerned with the hardening of post-quantum key encapsulation mechanisms (KEM) against side-channel attacks, with a focus on the comparison operation required for the Fujisaki-Okamoto (FO) transform. We identify critical vulnerabilities in two proposals for masked comparison and successfully attack the masked comparison algorithms from TCHES 2018 and TCHES 2020. To do so, we use first-order side-channel attacks and show that the advertised security properties do not hold. Additionally, we break the higher-order secured masked comparison from TCHES 2020 using a collision attack, which does not require side-channel information. To enable implementers to spot such flaws in the implementation or underlying algorithms, we propose a framework that is designed to test the re-encryption step of the FO transform for information leakage. Our framework relies on a specifically parametrized t-test and would have identified the previously mentioned flaws in the masked comparison. Our framework can be used to test both the comparison itself and the full decapsulation implementation.

Download Full-text

Specifying and Verifying Organizational Security Properties in First-Order Logic

Verification, Induction, Termination Analysis - Lecture Notes in Computer Science ◽

10.1007/978-3-642-17172-7_3 ◽

2010 ◽

pp. 38-53 ◽

Cited By ~ 2

Author(s):

Christoph Brandt ◽

Jens Otten ◽

Christoph Kreitz ◽

Wolfgang Bibel

Keyword(s):

Order Logic ◽

First Order Logic ◽

First Order ◽

Security Properties ◽

Organizational Security

Download Full-text

Re-Consolidating First-Order Masking Schemes

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i1.305-342 ◽

2020 ◽

pp. 305-342

Author(s):

Aein Rezaei Shahmirzadi ◽

Amir Moradi

Keyword(s):

The Other ◽

Side Channel ◽

Side Channel Analysis ◽

First Order ◽

Cryptographic Algorithms ◽

Security Properties ◽

Channel Analysis ◽

Hardware Platforms

Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads and the amount of fresh randomness required to fulfill the resulting design’s security properties. There are already techniques applicable in hardware platforms that consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness.Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions, including the S-box of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.

Download Full-text

An Instruction Set Extension to Support Software-Based Masking

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.283-325 ◽

2021 ◽

pp. 283-325

Author(s):

Si Gao ◽

Johann Großschädl ◽

Ben Marshall ◽

Dan Page ◽

Thinh Pham ◽

...

Keyword(s):

Power Analysis ◽

Effective Means ◽

Instruction Set ◽

First Order ◽

Instruction Set Extension ◽

Memory Footprint ◽

Order Of Magnitude ◽

Security Properties ◽

Support Software ◽

Significant Effort

In both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores the use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative with respect to both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.

Download Full-text

Closed- and Open-world Reasoning in DL-Lite for Cloud Infrastructure Security

10.24963/kr.2021/17 ◽

2021 ◽

Author(s):

Claudia Cauli ◽

Magdalena Ortiz ◽

Nir Piterman

Keyword(s):

Description Logics ◽

Conjunctive Query ◽

Cloud Infrastructure ◽

First Order ◽

Open World ◽

Closed World ◽

Security Properties ◽

Open World Assumption ◽

Core Part ◽

Natural Description

Infrastructure in the cloud is deployed through configuration files, which specify the resources to be created, their settings, and their connectivity. We aim to model infrastructure before deployment and reason about it so that potential vulnerabilities can be discovered and security best practices enforced. Description logics are a good match for such modeling efforts and allow for a succinct and natural description of cloud infrastructure. Their open-world assumption allows capturing the distributed nature of the cloud, where a newly deployed infrastructure could connect to pre-existing resources not necessarily owned by the same user. However, parts of the infrastructure that are fully known need closed-world reasoning, calling for the usage of expressive formalisms, which increase the computational complexity of reasoning. Here, we suggest an extension of DL-LiteF that is tailored for capturing such cloud infrastructure. Our logic allows combining a core part that is completely defined (closed-world) and interacts with a partially known environment (open-world). We show that this extension preserves the first-order rewritability of DL-LiteF for knowledge-base satisfiability and conjunctive query answering. Security properties combine universal and existential reasoning about infrastructure. Thus, we also consider the problem of conjunctive query satisfiability and show that it can be solved in logarithmic space in data complexity.

Download Full-text

Dual systems for all: Higher-order, role-based relational reasoning as a uniquely derived feature of human cognition

Behavioral and Brain Sciences ◽

10.1017/s0140525x19000451 ◽

2019 ◽

Vol 42 ◽

Author(s):

Daniel J. Povinelli ◽

Gabrielle C. Glorioso ◽

Shannon L. Kuznar ◽

Mateja Pavlic

Keyword(s):

Temporal Reasoning ◽

Higher Order ◽

Important Case ◽

Human Cognition ◽

Relational Reasoning ◽

Dual Systems ◽

First Order ◽

Reasoning System ◽

Role Based

Abstract Hoerl and McCormack demonstrate that although animals possess a sophisticated temporal updating system, there is no evidence that they also possess a temporal reasoning system. This important case study is directly related to the broader claim that although animals are manifestly capable of first-order (perceptually-based) relational reasoning, they lack the capacity for higher-order, role-based relational reasoning. We argue this distinction applies to all domains of cognition.

Download Full-text

Stochasting modeling of planetary ring systems

International Astronomical Union Colloquium ◽

10.1017/s025292110010154x ◽

1984 ◽

Vol 75 ◽

pp. 461-469 ◽

Cited By ~ 1

Author(s):

Robert W. Hart

Keyword(s):

Maximum Entropy ◽

Ring System ◽

The Sun ◽

Ultimate State ◽

Interparticle Interactions ◽

Ring Systems ◽

First Order ◽

Planetary Ring ◽

Insight Into

ABSTRACTThis paper models maximum entropy configurations of idealized gravitational ring systems. Such configurations are of interest because systems generally evolve toward an ultimate state of maximum randomness. For simplicity, attention is confined to ultimate states for which interparticle interactions are no longer of first order importance. The planets, in their orbits about the sun, are one example of such a ring system. The extent to which the present approximation yields insight into ring systems such as Saturn's is explored briefly.

Download Full-text

Morphological studies of linear (AB)n multiblock copolymers and their blends

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100122320 ◽

1992 ◽

Vol 50 (1) ◽

pp. 384-385

Author(s):

Richard J. Spontak ◽

Steven D. Smith ◽

Arman Ashraf

Keyword(s):

Electron Microscopy ◽

Microphase Separation ◽

Multiblock Copolymers ◽

First Order ◽

Morphological Studies ◽

Transmission Electron ◽

First Order Phase Transition ◽

Covalently Bonded ◽

Total Molecular Weight ◽

First Order Phase

Block copolymers are composed of sequences of dissimilar chemical moieties covalently bonded together. If the block lengths of each component are sufficiently long and the blocks are thermodynamically incompatible, these materials are capable of undergoing microphase separation, a weak first-order phase transition which results in the formation of an ordered microstructural network. Most efforts designed to elucidate the phase and configurational behavior in these copolymers have focused on the simple AB and ABA designs. Few studies have thus far targeted the perfectly-alternating multiblock (AB)n architecture. In this work, two series of neat (AB)n copolymers have been synthesized from styrene and isoprene monomers at a composition of 50 wt% polystyrene (PS). In Set I, the total molecular weight is held constant while the number of AB block pairs (n) is increased from one to four (which results in shorter blocks). Set II consists of materials in which the block lengths are held constant and n is varied again from one to four (which results in longer chains). Transmission electron microscopy (TEM) has been employed here to investigate the morphologies and phase behavior of these materials and their blends.

Download Full-text

Exact First Order Finite Element Modeling for Eddy Current NDE

Research in Nondestructive Evaluation ◽

10.1080/09349849108968051 ◽

1991 ◽

Vol 3 (1) ◽

pp. 235-253 ◽

Cited By ~ 1

Author(s):

L. D. Philipp ◽

Q. H. Nguyen ◽

D. D. Derkacht ◽

D. J. Lynch ◽

A. Mahmood

Keyword(s):

Finite Element ◽

Finite Element Modeling ◽

Eddy Current ◽

Element Modeling ◽

First Order ◽

Eddy Current Nde

Download Full-text