 Hi everyone, I'm Abdel, and today I'll be presenting our work dynamic random problem expansion with Casilinear asymptotic complexity. And this is a joint work with Sonia Belaïd, Mathieu Rivin and Damien Vanu. So in this work, we reason about the security of implementations against side channel attacks. And so these attacks derive information about the secret from measurements such as power consumption or electromagnetic radiations, for instance. And so the most deployed countermeasure against these class of attacks is what we call the masking scheme. So the idea is to split a sensitive variable into n values that we call shares. And their recombination should give us the original secret. This actually helps to break the dependence with any set of n minus 1 shares, making it difficult to recover the secret as the value of n grows. But so when working with masked implementations, regular operations of addition, multiplication or copy over the field are not enough anymore. So we actually need some building blocks which perform these operations but over n share variables. And so this replaces each gate in the field by a functionally equivalent n share circuit that we call a gadget. And so we add a new gadget which we call refresh to produce a fresh enter copy of the original variable whenever we want to manipulate the same variable several times. So below you can see an example of such an addition gadget with two shares. So the idea is simply to perform a sharewise addition and make sure that the sum of the output shares are equal to the sum of the input shares. And so to reason about the security of masking schemes in theory, the community introduced the idea of leakage models. So usually we prove that a circuit is secure in a certain model if the leaking variables do not reveal any information about the secret values. So these models actually differ with respect to their closeness to reality of leakage and convenience for security proofs. And so the most widely used one until now is what we call the probing model where we consider that during an execution there is a fixed number of T leaking variables over the implementation. But this model has been challenged since it does not capture very well the reality of physical leakage, due for instance to horizontal attacks. And so another model that has been introduced is the random probing model where each variable leaks with a certain probability P. And so the last one is what we call the noisy leakage model where all variables leak a noisy function of their value. So there are other leakage models in the state of the art, but these three are the most widely used ones. And actually there is a reduction property which proves that if a circuit is secure in the probing model, then it is also secure in the other two models. But the problem with this reduction, especially to the random probing model, is that it uses the turnoff bound. And so the security parameter degrades as the size of the circuit grows. So this is for the first part of the reduction. Meanwhile, the second part of the reduction is tighter and we don't lose security when the size of the circuit grows. And so in this work we focus on the random probing model from which the tighter reduction to the noisy leakage model exists and in which security proofs are still manageable. Our work is actually a follow up to two previous works in the past two years. The first one is from crypto 2020 where the authors explicitly define what random probing security is. And they also introduce the notion of random probing secure composition to generate larger circuits with overall security. And their essential contribution resides in the study of the expansion strategy. Now, this strategy aims to arbitrarily amplify the security level of any RP secure circuit. While it has already been introduced in another work based on MPC protocols, here the authors exhibit a more practical definition. Now, the second work is from your crypto 2021 and it follows on this expansion strategy providing a detailed analysis with tighter complexity pounds. The authors also introduce some generic constructions for the expansion strategy with improved complexities. And so based on this generic construction, the exhibit concrete instantiations and they could provide three share and five share constructions with improved complexity over previous work, and which can tolerate a leakage rate of about two to the minus 7.5. And I will discuss later what this tolerated leakage rate means. Now, these two works actually show the importance and the potential that the expansion strategy can have for random probing security. And so by the end of the Eurocrypt 2021 paper, the authors show that there are still many open questions left and much room for improvement. So specifically how to tolerate, for example, the best leakage rate and how to achieve the best asymptotic complexity. So in this work, we also study this expansion strategy, given its importance, and we introduced the concept of dynamism and expansion. So previously applying the expansion would consist in choosing a fixed set of gadgets and using them recursively. The idea here is to be able to change gadgets between iterations in order to benefit from better security parameters and better complexities. So in order to do this, we had to generalize the definition of RPE in order to support any kind of basic operations instead of restricting it to add, copy, and multiplication. So for instance, for our work, we needed the multiplication by constant operation in our new compilers. So one of the questions that the dynamic expansion raised was to find RPE compilers, which have better asymptotic complexities, regardless of the tolerated leakage rate they can support. So for this, we were able to provide constructions of linear gadgets, notably addition, multiplication by constant, and copy gadgets with a quasi-linear asymptotic complexity using as a building block the refresh gadget proposed in chess 2016. And so we proved that this refresh gadget can achieve the necessary properties in order for it to be used as a building block. And this is an improvement over the quadratic complexity of previous gadgets for the expansion. And finally, we also provide a construction of a multiplication gadget which has a quasi-linear randomness complexity and performs a linear number of multiplications between variables. Now, this is at the expense of more operations of multiplication by a constant, but we prove that these operations don't have an effect on the asymptotic complexity. Now, this construction is done in two steps, using a multiplication sub-gadget, which outputs a certain number of shares bigger than n. And so this gadget is essentially based on a work from crypto 2017. And then this is concatenated or followed by a compression gadget, which compresses this output back into n shares. And so we are able to provide an RPE compiler with a quasi-linear asymptotic complexity overall, and which can be used for the dynamic expansion strategy. So I will first start with an illustration of what random probing security is. Now, on the left, you can see a toy circuit with the five types of gates that we consider for our concrete instantiations. So there are typically addition, multiplication, copy, random gates, and multiplication by constant. So in the random probing model, each wire leaks with probability p. So we consider a set of leaking wires as a random variable, where each wire is added to the set with independent probability p. And so considering each set of wires, we need to be able to simulate the distribution of these wires without the knowledge of the secret inputs. Now this would imply that the wires are independent of the secret. If this is the case, we say that we have a simulation success. And if not, we say that we have a simulation failure. And this should occur with probability epsilon in the random probing model. And so a circuit is said p epsilon random probing secure, if any set of leaking wires on the circuit satisfies this definition. Now, in the random probing model, the expansion strategy allows gadgets to be composed and expanded to achieve arbitrary, arbitrarily large security levels. So the expansion strategy consists in using n-share gadgets for basic operations that are what we call random probing expandable. And in this case, we have beta different gates and beta corresponding gadgets. So the base operations are generalized to the definition of the strategy. The idea is to use these gadgets to replace a base circuit where each wire leaks with probability p, by an expanded circuit where each gate is replaced by the corresponding gadget and each wire by n wires carrying a sharing of the original wire. And so doing so, we hope to replace the leakage probability p of a wire in the original circuit by the failure event probability epsilon in the expanded gadget simulation. And so if the simulation fails, then one needs the full input sharing for the gadget simulation, which corresponds to leaking the corresponding wire value in the base case. So the interesting thing is that this expansion can be applied recursively until we attain a desired security level. And so this works as long as epsilon is strictly smaller than p, and this introduces the definition of the maximum tolerated leakage probability. So to do this, the gadgets should be random probing expandable. So the RP expandability notion of a gadget ensures that, first of all, it is random probing secure with p epsilon parameters, but it also guarantees that we can compose this gadget with other RP secure gadgets. The idea is to be able to simulate any set of wires on the gadget, along with t output shares, using at most t input shares. So if we have, for example, a circuit composed of a bunch of gadgets, and we fix the parameter t, here, for example, you can say that t is equal to two, then you can actually go from the bottom level to the top level by simulating t outputs along with the internal probes using t inputs until we arrive to the top most inputs of the circuit. So in addition, the random probing expandability property also imposes that we get an independent failure event probability on each input sharing of the gadget. So this is an essential condition for the expansion to work on an arbitrarily level k. So it has been shown that if the used gadgets are random probing expandable, according to the previous conditions with failure probability epsilon, then the compiled circuit with these gadgets is random probing secure with the failure probability reduced exponentially with respect to the expansion level k. So expanding a circuit to achieve an arbitrarily large security level comes, of course, with a certain cost. In fact, if we want to achieve a security level kappa using some fixed base and share gadgets, the complexity of the expansion can be expressed in terms of the size of the original circuit and kappa to the power e, where e is basically a function of two main parameters which are called nmax and d. So nmax is essentially a parameter which depends on the complexity of the base gadgets. So in the case of the constructions in our paper, where our basic operations are at copy multiplication and multiplication by constant, we prove that nmax specifically depends on the number of multiplication gates in the multiplication gadget, the number of adding copy gates in the adding copy gadget, and the number of multiplications by a constant in the multiplication by a constant gadget. So for example, if we use a standard multiplication gadget, nmax would be at least quadratic in the number of shares. Another critical parameter is the amplification order, which is defined as the size of the smallest set of probes for which we get a simulation failure. So for instance, if we take the same example of the two-share addition gadget from before and take the parameter of the rp expansion t equal to one, then we can consider the output share c1 and the single internal probe share b2. Now it is clear that in order to simulate both probes, we would need both shares of b and the share a1. But since as defined earlier, we need to be able to simulate all of the probes from at most t input shares, then this set w actually represents a simulation failure on input b, which means that the amplification order is equal to one. So why is this amplification order so important? Well, it is because the failure probability epsilon can be expressed as a function of p, where the amplification order is the smallest exponent of p in its expression. Now since during the expansion, we can pose this function a certain number of times, we hope to get the highest amplification order possible to reduce the failure probability as fast as possible and thus reduce the complexity. And so it has been proven that for n shares, the best amplification order that we can achieve that we can hope to achieve is equal to almost n plus one over two. In the basic version of the expansion strategy, the expanded compiler is defined and fixed with a certain number of gadgets which are used recursively to replace the gates in the compiled circuit. Now another possible approach would be to consider instead all different compilers with potentially different numbers of shares and then apply each of them at a different iteration. So we would start with the first compiler, for instance, with the K1 iterations, then the second, then the third, etc. And at each step, the number of shares of the compiled circuit and the corresponding failure function behaves exactly the same as in the static RPE case. Now the difference here is that at each step, a different number of shares is used and the failure function is the composition of different failure functions. So in the original case, the only condition for this to work is to have epsilon smaller than p. Now here we would have a generalized condition, a set of conditions in order for the, like in order to be able to move from one step of the compilation to another. Now the main question that needs to be answered here is why would we need the dynamic expansion instead of the usual one? Well, in fact, in our work, we rigorously show that an RPE compiler with a smaller number of shares tend to tolerate the best leakage rates in the random probing model because with fewer numbers of shares, we would also get fewer numbers of variables and thus like fewer sets of probes that reveal the secrets. While an RPE compiler with a big number of shares could achieve the highest amplification order possible with good asymptotic complexity. Now recall that the higher the amplification order, the fewer the number of iterations we would need to achieve a certain security level. So the idea in the dynamic expansion is to start with a few iterations of a compiler with, for instance, three shares tolerating the best rate and then continue on the expansion with a different compiler with higher number of shares and better asymptotic complexity. So to illustrate the benefits of this idea, we draw a figure representing the complexity, which means the number of gates of an RPE secure version of the AES algorithm and the security of this algorithm after applying the expansion strategy. Now we use the three share and five share compilers proposed in EuroCrip 2021, which are the best compilers proposed until now. And so the best tolerated leakage rate is of 2 to the minus 7.6 for the three share compiler in the random probing model. Now let's say for instance that we would like to achieve a security level of at least 2 to the minus 80. Then we can achieve it either by doing 11 iterations of the three share compiler, but also by starting with seven iterations of the three share compiler and then two iterations of the five share compiler. And we would get a factor 10 improvement over the complexity, as you can see in the figure. If for example, we would like to achieve a security of 2 to the minus 128, then we can still use 11 iterations of the three share compiler, but we also can use seven iterations of three shares and three iterations of five shares with almost the same complexity, but also almost doubling the achieved security level. So we can actually observe that doing the dynamic approach, we also, we, like we win either in terms of complexity or achieved security level or sometimes both. And so this clearly illustrates the benefits of using a dynamic approach instead of a static one. So after exhibiting the dynamic approach, we could have two possible directions for improvement. Either look for gadgets with small number of shares, which can tolerate the best leakage rate possible, or look for gadgets with a maximal amplification order and good asymptotic complexities, but with a higher number of shares. In this work, we focus on the latter goal. So as stated in our contributions, we provide constructions of linear gadgets with Casi linear asymptotic complexity, and we achieve the maximal amplification order. And we also construct a multiplication gadget with the Casi linear randomness complexity and the linear number of multiplications between variables in order to have a Casi linear asymptotic complexity for the final RPE compiler using all of these gadgets. So let me first start by exhibiting the construction of our linear gadgets. So we base our construction on a single building block of a refresh gadget, and this strategy has already been proven secure in the previous work of EuroCrypt 2021. But the refresh gadget that we use here is the NLogin refresh gadget from chess to sound 2016. So the main idea is to start with an input sharing of N shares, split it into two N over two sharings and add a same random value to each couple of sharing from both sharings. So to each couple of shares from both sharings. So this uses N over two random values. Next, each block of N over two shares is used as input to a recursive call to the full gadget. And finally, the final layer does the same thing as the first layer. So it is added before outputting the final output share. And it adds also N over two random values to the final sharing. So this means that each call to the gadget uses N over two operations on each side. And so we have N operations in total. And this gives an overall complexity of big O of NLogin. So here you can see an example of the four share refresh gadget with different colors representing the different layers. So at each layer, two random values are used and are equally distributed over the output shares. The original layer of the orange layer, sorry, corresponds to the recursive calls to the gadget. So this gadget has been proven to be N minus one SNI in the probing model in the original work from chess 2016. In our work, we prove that it satisfies the stronger requirements to be used as a block for RPE constructions. Now such requirements have already been introduced in earlier works. But here we actually define an extension of these requirements in order for the constructions to work. So once we have done this, we can finally use the refresh gadget to build our three linear gadgets, notably add, copy, and multiplication by a constant. So for the add gadget, we would refresh both input shareings before performing the sharewise addition. For the copy gadget, we would produce two fresh copies of the input with two independent refreshes. And for the multiplication by a constant gadget, we would start by multiplying the sharing by the constant and then outputting the output of the refresh of the refresh gadget. Now all of these gadgets naturally have a complexity of big O of NLogin and are proven to be RPE secure with the maximal amplification order of N plus one over two. So this gives us the construction of all of the linear gadgets necessary for the RPE compiler with a case casilinear asymptotic complexity. In the rest, I will show you the construction of the multiplication gadget. So for the multiplication gadget, we split our construction into two sub gadgets. The idea is to apply a sub multiplication gadget on both input shareings, which outputs a certain number of shares, let's say M, and then compress this sharing back into N shares using a compression function or gadget. In classical constructions, for instance, the sub multiplication would be the sub, the cross products of shares. So M would be of about N squared. And then a compression function can be used such as the well known ISW. Now, since the multiplication gadget must be RPE secure, we must ensure that the composition of both sub gadgets is also RPE secure, which is not evidently the case all the time. In our work, we explicit the necessary properties for this to be true on both sub gadgets. Now for the construction of the sub multiplication gadget, we use an extension of the one proposed in crypto 2017 and which outputs a sharing of two N plus one shares. Now, in the original work, this would be two N minus one shares, but we use two extra random values and we would get to extra output shares. And I will explain this later. As for the compression function, we prove that the one proposed in crypto 2017 is actually not secure. And we propose a construction of a new compression with complexity in M log M always using the N log N refresh gadget. So let me first start by exhibiting the extended sub multiplication gadget based on the one from crypto 2017. For this, I will illustrate an example with a three shares construction. So the idea is to have a matrix of N squared constant values and compute one minus its transpose, which corresponds to the matrix Delta. So the sub gadget produces two N plus one output shares. In this case, it would be seven shares for three input sharings. So the first share would be the product of two linear combinations of the input sharings A and B. Here, the R I and S I are random values used by the gadget. And we can see that this share C one produces the cross products of the input shares, but also produces products between input shares and random values, which needs to be eliminated. So in order to eliminate them in a secure way, we would multiply the random values by constants from the matrices gamma and Delta on each side and multiply the run the corresponding random value by the linear combination of the other side. So Delta would be used for the S random values and gamma would be used for the R random values. Now it can be verified that the sum of all of these shares C one through C seven gives like gives the terms only corresponding to the cross products between the input shares. And here we can we have we can count 18 operations of multiplications by a constant, but we only have seven multiplications between variables, which are linear combinations between input shares. Now in a regular multiplication gadget, we would have nine multiplications between variables, which corresponds to the quadratic term n squared. Now in the original work from crypto 2017, the R one and S one random values are not used, which is why the authors had two fewer shares of C. But in our case, we needed these extra random values in order to achieve the maximal amplification order for the expansion security. Now for a number of shares and the sub multiplication gadget uses two n random values and outputs two n plus one shares. It performs two n plus one multiplication operations, which is linear in N, at the expense of performing a quadratic number of multiplications by constants. Now in a general manner, multiplications by constant are much less expensive than regular multiplications. In our work, we prove that this construction is RPE secure, given that we have the right choice of constants in the matrix gamma. Now if the field is large enough, we prove that gamma can be for instance chosen uniformly at random from the underlying field, otherwise we would need to find explicit constructions. Now after constructing the sub multiplication gadgets, we need to construct the following compression gadget. Now in the work from crypto 2017, the authors also propose a compression gadget from M to N shares and claim it to be secure in the probing model. We actually argue that the constructed gadget is not secure for the RPE strategy and is actually not even secure in the probing model as claimed. Now for this reason, we needed to construct a new compression gadget which satisfies our needs. Now the proposed compression gadget has a simple conception and is based on a refreshed gadget. The idea is to refresh the input M sharing using a certain refreshed gadget and then output the sharewise addition of the refreshed output when it is split into different consecutive groups of N shares. So in total, we would have M over N groups of N shares and this compresses the M shares into N shares and the security of the compression gadget largely depends on the security of the refreshed gadget with input M shares. Now you have to recall that basing the construction of complex gadgets under fresh gadgets is very convenient since refreshed gadgets are smaller and thus proving the security is much easier. And so in addition, there are some verification tools which automatically verifies the security of small gadgets and which can be easily executed on small refreshed gadgets instead of more complex gadgets like compression or addition or copy. So the complexity of the new compression is almost equal to the complexity of the underlying refreshed gadget plus M addition operations. For instance, using the N log N refresh gadget, we would have with the complexity of M log N, like the compression would have a complexity of M log N, and we prove that this refresh can be safely used for the compression in our for the compression in our case. Now with M being linear in the number of shares N using the sub multiplication gadget from before, we get a compression gadget with casual linear complexity in the number of shares and which is secure in the global construction of the multiplication gadget when it is composed with a sub multiplication gadget. Now finally, using this compression gadget and the previous sub multiplication gadget, we can see that their composition provides a multiplication gadget which performs a linear number of multiplications between variables and which has a casual linear randomness complexity. Now this gadget is proven to be also RPE secure and achieves the maximal amplification order of N plus one over two, which is exactly what we were looking to achieve in the first place. So to sum up, we constructed linear gadgets along with a new multiplication by a constant gadget all with a casual linear complexity. We also constructed a new multiplication gadget with a linear number of multiplications operations and all of the above gadgets achieve an amplification order of N plus one over two, which is the maximal order. Now to plug all of this data into the asymptotic complexity of the corresponding RPE compiler, we need to consider the asymptotic complexity formula which expresses in terms of the size of the circuit to be compiled and kappa to the power e where kappa is the security parameter. Now from the definition of Nmax as defined earlier, we get that its asymptotic value is actually casual linear in the number of shares if we use our gadgets. So e would be a fraction of Vigo of N log N over the amplification order of N plus one over two. Now in this figure, we compare the asymptotic complexity exponent of our new compiler which is the pink curve and the previously best compiler in terms of asymptotic complexity with respect to the number of shares. Now while the best construction, which is from EuroCrip 2021, achieves values for e close to three for a reasonable number of shares, our new compiler quickly achieves the sub quadratic complexity in the same settings. And the interesting thing is that in this case, our compiler doesn't need to tolerate a good liquid rate in the random probing model because we can start the expansion with a specific small shares construction which tolerates a very good rate but which can have higher complexity and then continue on with our new compiler in order to have good overall asymptotic complexity. So to conclude in this work, we provide a new construction of an RPE compiler with a casual linear asymptotic complexity. The construction uses linear gadgets of add, copy and multiplication by constant with casual linear complexity and a new multiplication gadget with casual linear randomness complexity and the linear number of multiplications operations. This compiler fits perfectly into the dynamic RPE approach that we introduce and which is proven to be more interesting than a static approach. To get the best of both worlds, we start the expansion with an RPE compiler which tolerates a good leakage rate with a small number of shares, then continue on with an asymptotic RPE compiler which have better asymptotic complexity and does not necessarily tolerate a good leakage rate. Now since the question to the second part of the dynamic expansion have been partially answered in this work, one of the natural future works would be to find gadgets with small number of shares for example three shares which can tolerate the best leakage rate possible and define what is this best leakage rate possible. This would be the end of my presentation and I would like to thank you all for your attention.