High Order Masking of Look-up Tables with Common Shares

Masking is an effective countermeasure against side-channel attacks. In this paper, we improve the efficiency of the high-order masking of look-up tables countermeasure introduced at Eurocrypt 2014, based on a combination of three techniques, and still with a proof of security in the Ishai-Sahai-Wagner (ISW) probing model. The first technique consists in proving security under the stronger t-SNI definition, which enables to use n = t+1 shares instead of n = 2t+1 against t-th order attacks. The second technique consists in progressively incrementing the number of shares within the countermeasure, from a single share to n, thereby reducing the complexity of the countermeasure. The third technique consists in adapting the common shares approach introduced by Coron et al. at CHES 2016, so that half of a randomized look-up table can be pre-computed for multiple SBoxes. We show that our techniques perform well in practice. In theory, the combination of the three techniques should lead to a factor 10.7 improvement in efficiency, for a large number of shares. For a practical implementation with a reasonable number of shares, we get a 4.8 speed-up factor for AES.

[1]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[2]  Jean-Sébastien Coron,et al.  Faster Evaluation of SBoxes via Common Shares , 2016, CHES.

[3]  Srinivas Vivek,et al.  Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures , 2014, CHES.

[4]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[5]  Jean-Sébastien Coron,et al.  Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations , 2018, IACR Cryptol. ePrint Arch..

[6]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[7]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[8]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[9]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[10]  Claude Carlet,et al.  Algebraic Decomposition for Probing Security , 2015, CRYPTO.

[11]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[12]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[13]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[14]  Srinivas Vivek,et al.  Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012 , 2013, CHES.

[15]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..