Connecting and Improving Direct Sum Masking and Inner Product Masking

Direct Sum Masking (DSM) and Inner Product (IP) masking are two types of countermeasures that have been introduced as alternatives to simpler (e.g., additive) masking schemes to protect cryptographic implementations against side-channel analysis. In this paper, we first show that IP masking can be written as a particular case of DSM. We then analyze the improved security properties that these (more complex) encodings can provide over Boolean masking. For this purpose, we introduce a slight variation of the probing model, which allows us to provide a simple explanation to the “security order amplification” for such masking schemes that was put forward at CARDIS 2016. We then use our model to search for new instances of masking schemes that optimize this security order amplification. We finally discuss the relevance of this security order amplification (and its underlying assumption of linear leakages) based on an experimental case study.

[1]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[2]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[3]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[4]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[5]  Michaël Quisquater,et al.  Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings , 2011, CHES.

[6]  Dawu Gu,et al.  Inner Product Masking for Bitslice Ciphers and Security Order Amplification for Linear Leakages , 2016, CARDIS.

[7]  François-Xavier Standaert,et al.  Efficient Masked S-Boxes Processing - A Step Forward - , 2014, AFRICACRYPT.

[8]  Claude Carlet,et al.  Achieving side-channel high-order correlation immunity with leakage squeezing , 2013, Journal of Cryptographic Engineering.

[9]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[10]  François Durvaux,et al.  How to Certify the Leakage of a Chip? , 2014, IACR Cryptol. ePrint Arch..

[11]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[12]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[13]  Claude Carlet,et al.  Orthogonal Direct Sum Masking - A Smartcard Friendly Computation Paradigm in a Code, with Builtin Protection against Side-Channel and Fault Attacks , 2014, WISTP.

[14]  Louis Goubin,et al.  Protecting AES with Shamir's Secret Sharing Scheme , 2011, CHES.

[15]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device , 2015, EUROCRYPT.

[16]  Claude Carlet,et al.  Complementary dual codes for counter-measures to side-channel attacks , 2016, Adv. Math. Commun..

[17]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[18]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[19]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[20]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[21]  Emmanuel Prouff,et al.  Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols , 2012, Journal of Cryptographic Engineering.

[22]  Iliya Bouyukliev,et al.  The smallest length of eight-dimensional binary linear codes with prescribed minimum distance , 2000, IEEE Trans. Inf. Theory.

[23]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[24]  François Durvaux,et al.  From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces , 2016, EUROCRYPT.

[25]  C. A. V. T. Henk The smallest length of binary 7-dimensional linear codes with prescribed minimum distance , 1981 .

[26]  Claude Carlet,et al.  Leakage Squeezing of Order Two , 2012, INDOCRYPT.

[27]  James H. Griesmer,et al.  A Bound for Error-Correcting Codes , 1960, IBM J. Res. Dev..

[28]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[29]  François-Xavier Standaert,et al.  How (not) to Use Welch's T-test in Side-Channel Security Evaluations , 2018, IACR Cryptol. ePrint Arch..

[30]  Josep Balasch,et al.  Inner Product Masking Revisited , 2015, EUROCRYPT.

[31]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[32]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[33]  Claude Carlet,et al.  Leakage squeezing: Optimal implementation and security evaluation , 2014, J. Math. Cryptol..