Cryptology ePrint Archive: Report 2016/912

Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model

Gilles Barthe and François Dupressoir and Sebastian Faust and Benjamin Grégoire and François-Xavier Standaert and Pierre-Yves Strub

Abstract: In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes. For this purpose, we first argue that (i) the probing model is not straightforward to interpret, since it more naturally captures the intuitions of serial implementations, and (ii) the noisy leakage model is not always convenient, e.g. when combined with formal methods for the verification of cryptographic implementations. Therefore we introduce a new model, the bounded moment model, that formalizes a weaker notion of security order frequently used in the side-channel literature. Interestingly, we prove that probing security for a serial implementation implies bounded moment security for its parallel counterpart. This result therefore enables an accurate understanding of the links between formal security analyses of masking schemes and experimental security evaluations based on the estimation of statistical moments. Besides its consolidating nature, our work also brings useful technical contributions. First, we describe and analyze refreshing and multiplication algorithms that are well suited for parallel implementations and improve security against multivariate side-channel attacks. Second, we show that simple refreshing algorithms (with linear complexity) that are not secure in the continuous probing model are secure in the continuous bounded moment model. Eventually, we discuss the independent leakage assumption required for masking to deliver its security promises, and its specificities related to the serial or parallel nature of an implementation.

Category / Keywords: side-channel attacks, masking, formal methods, parallel implementations

Original Publication (with minor differences): IACR-EUROCRYPT-2017

Date: received 19 Sep 2016, last revised 13 Feb 2017

Contact author: gjbarthe at gmail com, fdupress@gmail com, sebastian faust@gmail com, Benjamin Gregoire@inria fr, fstandae@uclouvain be, pierre-yves@strub nu

Available format(s): PDF | BibTeX Citation

Version: 20170213:165012 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]