Cryptology ePrint Archive: Report 2013/396

On the Practical Security of a Leakage Resilient Masking Scheme

Emmanuel Prouff and Matthieu Rivain and Thomas Roche

Abstract: At TCC 2012, Dziembowski and Faust show how to construct leakage resilient circuits using secret sharing based on the inner product [2]. At Asiacrypt 2012, Ballash et al. turned the latter construction into an efficient masking scheme and they apply it to protect an implementation of AES against side-channel attacks [1]. The so-called Inner-Product masking (IPmasking for short) was claimed to be secure with respect to two different security models: the $\lambda$-limited security model (Section 4 of [1]), and the dth-order security model (see definitions p.8 of [1]). In the former model, the security proof makes sense for a sharing dimension $n > 130$ which is acknowledged impractical by the authors. In the latter model, the scheme is claimed secure up to the order $d = n-1$. In this note, we contradict the dth-order security claim by exhibiting a 1st-order flaw in the masking algorithm for any chosen sharing dimension n.

Category / Keywords:

Date: received 17 Jun 2013, last revised 17 Jun 2013

Contact author: thomas roche at ssi gouv fr

Available format(s): PDF | BibTeX Citation

Version: 20130618:085930 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]