## Cryptology ePrint Archive: Report 2012/028

Houssem MAGHREBI and Emmanuel PROUFF and Sylvain GUILLEY and Jean-Luc DANGER

Abstract: One protection of cryptographic implementations against side-channel attacks is the masking of the sensitive variables. In this article, we present a first-order masking that does not leak information when the registers change values according to some specific (and realistic) rules. This countermeasure applies to all devices that leak a function of the distance between consecutive values of internal variables. In particular, we illustrate its practicality on both hardware and software implementations.

Moreover, we introduce a framework to evaluate the soundness of the new first-order masking when the leakage slightly deviates from the rules involved to design the countermeasure. It reveals that the countermeasure remains more efficient than the state-of-the-art first-order masking if the deviation from the ideal model is equal to a few tens of percents, and that it is as good as a first-order Boolean masking even if the deviation is $50$\%.

Category / Keywords: implementation / First-order masking, leakage in distance, leakage-free countermeasure

Note: Paper to be published at CT-RSA 2012, with some corrections in the construction of the $F$ functions (in Sec. 4.1).