Paper 2011/520

Houssem Maghrebi and Sylvain Guilley and Claude Carlet and Jean-Luc Danger

Houssem maghebi, Sylvain Guilley, Claude Carlet, and Jean-Luc Danger

Abstract

This article provides an in-depth study of high-order (HO) Boolean masking countermeasure against side-channel attacks. We introduce the notion of HO-CPA immunity as a metric to characterize a leakage function. We show that this notion intervenes to assess both the resistance against HO-CPA attacks and the amount of leakage. Namely, the HO-CPA immunity, denoted $\mathsf{HCI}\in {\text{N}}^{\ast }$, coincides with the lowest order of a successful HO-CPA and gives the dependence of leakage behavior with the noise's variance ${\sigma }^2$ (according to $\mathcal{O}(1/{\sigma }^{2\times \mathsf{HCI}})$ in Landau notation). Then, we introduce the technique of leakage squeezing. It is an optimization of the straightforward masking where masks are recoded relevantly by bijections. Our main contribution is to show that the HO-CPA immunity of a masking countermeasure can be incremented by one or even by two at virtually no added cost. Indeed, the bijections (and inverse bijections) can be incorporated in tables that are often found in cryptographic algorithms (e.g. substitution boxes).

Note: A more pedagogical version of this report is published in the Journal of Cryptographic Engineering (JCEN): <a href="http://link.springer.com/article/10.1007/s13389-013-0067-1">http://link.springer.com/article/10.1007/s13389-013-0067-1</a>. <br /> <u>Citation:</u> "<i>Achieving side-channel high-order correlation immunity with leakage squeezing</i>", Claude Carlet, Jean-Luc Danger, Sylvain Guilley, Houssem Maghrebi, and Emmanuel Prouff. JCEN (Springer), DOI: 10.1007/s13389-013-0067-1