Paper 2013/303
Theory of masking with codewords in hardware: low-weight th-order correlation-immune Boolean functions
Shivam Bhasin, Claude Carlet, and Sylvain Guilley
Abstract
In hardware, substitution boxes for block ciphers can be saved already masked in the implementation.
The masks must be chosen under two constraints:
their number is determined by the implementation area and their properties should allow to deny high-order zero-offset attacks of highest degree.
First, we show that this problem translates into a known trade-off in Boolean functions, namely
finding correlation-immune functions of lowest weight.
For instance, this allows to prove that a byte-oriented block cipher such as AES can be protected with only
Note: The minimal weight of 6-th order correlation immune Boolean functions with 10 variables was already known. The authors thank Yuriy Tarannikov for this information.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. Radon Series on Computational and Applied Mathematics 16
- DOI
- 10.1515/9783110317916.41
- Keywords
- Side-channel analysismaskinghardware
- Contact author(s)
- sylvain guilley @ telecom-paristech fr
- History
- 2015-07-03: last of 5 revisions
- 2013-05-25: received
- See all versions
- Short URL
- https://ia.cr/2013/303
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/303, author = {Shivam Bhasin and Claude Carlet and Sylvain Guilley}, title = {Theory of masking with codewords in hardware: low-weight $d$th-order correlation-immune Boolean functions}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/303}, year = {2013}, doi = {10.1515/9783110317916.41}, url = {https://eprint.iacr.org/2013/303} }