Paper 2012/028

A First-Order Leak-Free Masking Countermeasure

Houssem MAGHREBI, Emmanuel PROUFF, Sylvain GUILLEY, and Jean-Luc DANGER

Abstract

One protection of cryptographic implementations against side-channel attacks is the masking of the sensitive variables. In this article, we present a first-order masking that does not leak information when the registers change values according to some specific (and realistic) rules. This countermeasure applies to all devices that leak a function of the distance between consecutive values of internal variables. In particular, we illustrate its practicality on both hardware and software implementations. Moreover, we introduce a framework to evaluate the soundness of the new first-order masking when the leakage slightly deviates from the rules involved to design the countermeasure. It reveals that the countermeasure remains more efficient than the state-of-the-art first-order masking if the deviation from the ideal model is equal to a few tens of percents, and that it is as good as a first-order Boolean masking even if the deviation is \%.

Note: Paper to be published at CT-RSA 2012, with some corrections in the construction of the functions (in Sec. 4.1).

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
First-order maskingleakage in distanceleakage-free countermeasure
Contact author(s)
maghrebi @ enst fr
History
2012-01-22: received
Short URL
https://ia.cr/2012/028
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/028,
      author = {Houssem MAGHREBI and Emmanuel PROUFF and Sylvain GUILLEY and Jean-Luc DANGER},
      title = {A First-Order Leak-Free Masking Countermeasure},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/028},
      year = {2012},
      url = {https://eprint.iacr.org/2012/028}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.