Polynomial direct sum masking to protect against both SCA and FIA

Side-channel attacks (SCAs) and fault injection attacks (FIAs) allow an opponent to have partial access to the internal behavior of the hardware. Since the end of the 1990s, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state of the art, there exist several countermeasures to protect symmetric encryption (especially AES-128). Most of them protect only against one of these two attacks (SCA or FIA). A method called ODSM has been proposed to withstand SCA and FIA, but its implementation in the whole algorithm is a big open problem when no particular hardware protection is possible. In the present paper, we propose a practical masking scheme specifying ODSM which makes it possible to protect the symmetric encryption against these two attacks.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Sylvain Guilley,et al.  Codes for Side-Channel Attacks and Protections , 2017, C2SI.

[3]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[4]  Julien Bringer,et al.  Protecting AES against side-channel analysis using wire-tap codes , 2012, Journal of Cryptographic Engineering.

[5]  Louis Goubin,et al.  Protecting AES with Shamir's Secret Sharing Scheme , 2011, CHES.

[6]  James L. Massey,et al.  Linear codes with complementary duals , 1992, Discret. Math..

[7]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[8]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[9]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[10]  Sylvain Guilley,et al.  Taylor Expansion of Maximum Likelihood Attacks for Masked and Shuffled Implementations , 2016, ASIACRYPT.

[11]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[12]  David Naccache,et al.  Information Security Theory and Practice. Securing the Internet of Things , 2014, Lecture Notes in Computer Science.

[13]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[14]  Bruno Barras,et al.  Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification , 2017, Journal of Cryptographic Engineering.

[15]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[16]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[17]  Claude Carlet,et al.  Connecting and Improving Direct Sum Masking and Inner Product Masking , 2017, CARDIS.

[18]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[19]  Josep Balasch,et al.  Inner Product Masking Revisited , 2015, EUROCRYPT.

[20]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[21]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[22]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.