Cryptology ePrint Archive: Report 2015/837
Multi-Variate High-Order Attacks of Shuffled Tables Recomputation
Nicolas BRUNEAU and Sylvain GUILLEY and Zakaria NAJM and Yannick TEGLIA
Abstract: Masking schemes based on tables recomputation are classical countermeasures against high-order side-channel attacks.
Still, they are known to be attackable at order $d$ in the case the masking involves $d$ shares.
In this work, we mathematically show that an attack of order strictly greater than $d$ can be more successful than an attack at order $d$.
To do so, we leverage the idea presented by Tunstall, Whitnall and Oswald at FSE 2013:
we exhibit attacks which exploit the multiple leakages linked to one mask during the recomputation of tables.
Specifically, regarding first-order table recomputation, improved by a shuffled execution, we show that there is a window of opportunity, in terms of noise variance, where a novel highly multivariate third-order attack is more efficient than a classical bivariate second-order attack.
Moreover, we show on the example of the high-order secure table computation presented by Coron at EUROCRYPT 2014 that the window of opportunity enlarges linearly with the security order $d$.
Category / Keywords: implementation /
Original Publication (with minor differences): IACR-CHES-2015
Date: received 28 Aug 2015
Contact author: sylvain guilley at telecom-paristech fr
Available format(s): PDF | BibTeX Citation
Note: Like in the CHES '15 paper, but where Alg. 1 and Fig. 1 have been made compatible.
Version: 20150831:152117 (All versions of this report)
Short URL: ia.cr/2015/837
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]