SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis

Abstract

MPC-in-the-head based protocols have recently gained much popularity and are at the brink of seeing widespread usage. With widespread use come the spectres of implementation issues and implementation attacks such as side-channel attacks. We show that implementations of protocols implementing the MPC-in-the-head paradigm are vulnerable to side-channel attacks. As a case study, we choose the ZKBoo-protocol of Giacomelli, Madsen, and Orlandi (USENIX 2016) and show that even a single leaked value is sufficient to break the security of the protocol. To show that this attack is not just a theoretical vulnerability, we apply differential power analysis to show the vulnerabilities via a simulation. In order to remedy this situation, we extend and generalize the ZKBoo-protocol by making use of the notion of strong non-interference of Barthe et al. (CCS 2016). To apply this notion to ZKBoo, we construct novel versions of strongly non-interfering gadgets that balance the randomness across the different branches evenly. Finally, we show that each circuit can be decomposed into branches using only these balanced strongly non-interfering gadgets. This allows us to construct a version of ZKBoo, called $(n+1)$-ZKBoo which is secure against side-channel attacks with limited overhead in both signature-size and running time. Furthermore, $(n+1)$-ZKBoo is scalable to the desired security against adversarial probes. We experimentally confirm that the attacks successful against ZKBoo no longer work on $(n+1)$-ZKBoo. Moreover, we present an extensive performance analysis and quantify the overhead of our scheme using a practical implementation.

Original languageEnglish
Title of host publicationCryptology ePrint Archive: Report 2020/544
Number of pages17
PublisherAssociation for Computing Machinery
Publication date30.10.2020
Pages1033-1049
ISBN (Print)978-145037089-9
DOIs
Publication statusPublished - 30.10.2020
Event27th ACM SIGSAC Conference on Computer and Communications Security - Virtual, Online, United States
Duration: 09.11.202013.11.2020
Conference number: 164492

Fingerprint

Dive into the research topics of 'SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis'. Together they form a unique fingerprint.

Cite this