Paper 2014/891
Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity
Jean-Sebastien Coron, Johann Groszschaedl, Praveen Kumar Vadnala, and Mehdi Tibouchi
Abstract
A general method to protect a cryptographic algorithm against side-channel attacks consists in masking all intermediate variables with a random value. For cryptographic algorithms combining Boolean operations with arithmetic operations, one must then perform conversions between Boolean masking and arithmetic masking. At CHES 2001, Goubin described a very elegant algorithm for converting from Boolean masking to arithmetic masking, with only a constant number of operations. Goubin also described an algorithm for converting from arithmetic to Boolean masking, but with O(k) operations where k is the addition bit size. In this paper we describe an improved algorithm with time complexity O(log k) only. Our new algorithm is based on the Kogge-Stone carry look-ahead adder, which computes the carry signal in O(log k) instead of O(k) for the classical ripple carry adder. We also describe an algorithm for performing arithmetic addition modulo 2^k directly on Boolean shares, with the same complexity O(log k) instead of O(k). We prove the security of our new algorithms against first-order attacks.
Metadata
- Available format(s)
-
PDF
- Publication info
- A minor revision of an IACR publication in FSE 2015
- Keywords
- Side-channel attackfirst-order countermeasurearithmetic to Boolean conversion.
- Contact author(s)
- jscoron @ gmail com
- History
- 2015-02-11: revised
- 2014-10-30: received
- See all versions
- Short URL
- https://ia.cr/2014/891
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/891,
author = {Jean-Sebastien Coron and Johann Groszschaedl and Praveen Kumar Vadnala and Mehdi Tibouchi},
title = {Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/891},
year = {2014},
url = {https://eprint.iacr.org/2014/891}
}
