Cryptology ePrint Archive: Report 2015/492

Masking vs. Multiparty Computation: How Large is the Gap for AES?

Vincent Grosso and François-Xavier Standaert and Sebastian Faust

Abstract: In this paper, we evaluate the performances of state-of-the-art higher-order masking schemes for the AES. Doing so, we pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal by Roche and Prouff exploiting MultiParty Computation (MPC) techniques. We show that the additional security features this latter scheme provides (e.g. its glitch-freeness) comes at the cost of large performance overheads. We then study how exploiting standard optimization techniques from the MPC literature can be used to reduce this gap. In particular, we show that ``packed secret sharing" based on a modified multiplication algorithm can speed up MPC-based masking when the order of the masking scheme increases. Eventually, we discuss the randomness requirements of masked implementations. For this purpose, we first show with information theoretic arguments that the security guarantees of masking are only preserved if this randomness is uniform, and analyze the consequences of a deviation from this requirement. We then conclude the paper by including the cost of randomness generation in our performance evaluations. These results should help actual designers to choose a masking scheme based on security and performance~constraints.

Category / Keywords: Side-channel analysis, countermeasures, performance evaluations, packed secrets sharing, randomness.

Original Publication (with minor differences): IACR-CHES-2013

Date: received 23 May 2015, last revised 23 May 2015

Contact author: vincent grosso at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20150525:144800 (All versions of this report)

Short URL: ia.cr/2015/492

Discussion forum: Show discussion | Start new discussion