Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.
翻译:虽然密码算法可能在数学上是安全的,但往往可以从算法的实现中泄露秘密信息。定时和功率侧信道漏洞是对密码算法实现的最广泛考虑的威胁。定时漏洞可能更容易检测和利用,而今天所有高质量的密码代码都应该以常数时间风格编写。然而,这并不能阻止功率侧信道的存在。在常数时间代码中,潜在攻击者可以采用功率侧信道攻击来尝试泄漏机密信息。检测潜在功率侧信道漏洞是一项繁琐的任务,因为它需要在汇编级别分析代码,并需要根据操作数和值推理可能泄露信息的指令。为帮助密码学家更轻松地检测潜在功率侧信道漏洞,本文介绍了Pascal:Power Analysis Side Channel Attack Locator,这是一个工具,引入了二进制分析的新颖符号寄存器分析技术,以高精度验证潜在功率侧信道漏洞的位置。Pascal在多种后量子密码算法的实现上进行了评估,并在自动化方式下找到了这些算法中几十个先前报告的单迹功率侧信道漏洞。