Cryptography, which involves techniques for secure communication without the intrusion of third parties, is pivotal for protecting all kinds of data. From ensuring the confidentiality and integrity of online payments to validating electronic passports, the technology relies on security proofs for developing algorithms that minimise attacks or hacks from external parties.
Although the black-box computation reasoning behind cryptography is considered foolproof, in practice the interaction of outside parties (known as adversaries) with a cryptographically secure device can be compromised. Using side-channel attacks, hackers can measure the running time, power consumption or other external parameters of a device to help break into an encrypted system based on the black-box model.
With this in mind, the EU-funded project GAPS (Guiding physical security by proofs) is developing a better theory for physical security based on the proof-driven design approach. It is working to prevent side-channel attacks on the black-box model to extend the proof-driven security analysis in cryptographic implementations.
In more technical terms, the project's three-pronged approach involves developing better masking schemes, enhanced designs for leakage-resilient symmetric cryptography, and new computer-aided physical security analysis. In this respect, the project team is investigating the so-called masking countermeasure widely used on smart cards to protect against power analysis attacks. It is developing new security models and proof techniques for the masking countermeasure.
From this perspective, GAPS successfully demonstrated the relationship between the two key cryptographic black-box security models, namely the probing model and the noisy leakage model. Although it is easier to develop and automate security proofs in the probing model, the project is focusing on proofs for the noisy leakage model, which is closer to practical applications and has the potential to enhance security significantly.
Project results could have important impact on countering attacks against smart cards. These are widely used not only for payment transactions but for a variety of activities and applications from medical insurance to mobility and access. The project's results so far have led to seven publications that will help stakeholders strengthen cryptography and improve confidentiality in unprecedented ways.