Constant-time higher-order Boolean-to-arithmetic masking

Converting a Boolean mask to an arithmetic mask, and vice versa, is often required in implementing side-channel-resistant instances of cryptographic algorithms that mix Boolean and arithmetic operations. In this paper, we describe a method for converting a Boolean mask to an arithmetic mask that runs in constant time for a fixed order and has quadratic complexity as the security order increases, a significant improvement in previous work that has exponential complexity. We propose explicit algorithms for a second-order secure Boolean-to-arithmetic mask conversion that uses 31 instructions and for a third-order secure mask conversion that uses 74 instructions. We show that our second-order secure algorithm is at least an order of magnitude faster and our third-order secure algorithm is more than twice as fast as other algorithms in the literature.

[1]  Jean-Sébastien Coron,et al.  Secure Conversion between Boolean and Arithmetic Masking of Any Order , 2014, CHES.

[2]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[3]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[4]  Jovan Dj. Golic Techniques for Random Masking in Hardware , 2007, IEEE Transactions on Circuits and Systems I: Regular Papers.

[5]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[6]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[7]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[8]  Tim Güneysu,et al.  Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware , 2015, ACNS.

[9]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[10]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[11]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[12]  Johann Großschädl,et al.  Algorithms for Switching between Boolean and Arithmetic Masking of Second Order , 2013, SPACE.

[13]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[14]  Jean-Sébastien Coron,et al.  Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity , 2015, FSE.

[15]  Jason Wittenberg,et al.  Clarify: Software for Interpreting and Presenting Statistical Results , 2003 .

[16]  Megan Wachs,et al.  Gate-Level Masking under a Path-Based Leakage Metric , 2014, CHES.

[17]  Jean-Sébastien Coron High-Order Conversion from Boolean to Arithmetic Masking , 2017, CHES.

[18]  Marc Joye,et al.  Addition with Blinded Operands , 2014, COSADE.

[19]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[20]  W. Marsden I and J , 2012 .

[21]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[22]  Johann Großschädl,et al.  Faster Mask Conversion with Lookup Tables , 2015, COSADE.

[23]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[24]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[25]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[26]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[27]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[28]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[29]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.