Cryptology ePrint Archive: Report 2014/665

Orthogonal Direct Sum Masking: A Smartcard Friendly Computation Paradigm in a Code, with Builtin Protection against Side-Channel and Fault Attacks

Julien Bringer and Claude Carlet and Hervé Chabanne and Sylvain Guilley and Houssem Maghrebi

Abstract: Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks. Those include side-channel and fault injection attacks. We introduce ODSM, Orthogonal Direct Sum Masking, a new computation paradigm that achieves protection against those two kinds of attacks. A large vector space is structured as two supplementary orthogonal subspaces. One subspace (called a code $\mathcal{C}$) is used for the functional computation, while the second subspace carries random numbers. As the random numbers are entangled with the sensitive data, ODSM ensures a protection against (monovariate) side-channel attacks. The random numbers can be checked either occasionally, or globally, thereby ensuring a fine or coarse detection capability. The security level can be formally detailed: it is proved that monovariate side-channel attacks of order up to $d_\mathcal{C}-1$, where $d_\mathcal{C}$ is the minimal distance of $\mathcal{C}$, are impossible, and that any fault of Hamming weight strictly less than $d_\mathcal{C}$ is detected. A complete instantiation of ODSM is given for AES. In this case, all monovariate side-channel attacks of order strictly less than $5$ are impossible, and all fault injections perturbing strictly less than $5$ bits are detected.

Category / Keywords: implementation /

Original Publication (with minor differences): WISTP 2014
DOI: 10.1007/978-3-662-43826-8_4

Date: received 25 Aug 2014, last revised 28 Aug 2014

Contact author: sylvain guilley at telecom-paristech fr

Available format(s): PDF | BibTeX Citation

Note: Clearer MAGMA code

Version: 20140828:234222 (All versions of this report)

Short URL: ia.cr/2014/665

Discussion forum: Show discussion | Start new discussion