Cryptology ePrint Archive: Report 2017/103
Reconciling d+1 Masking in Hardware and Software
Hannes Gross and Stefan Mangard
Abstract: The continually growing number of security-related autonomous devices require efficient mechanisms to counteract low-cost side-channel analysis (SCA) attacks like differential power analysis. Masking provides a high resistance against SCA at an adjustable level of security. A high level of security, however, goes hand in hand with an increasing demand for fresh randomness which also affects other implementation costs. Since software based masking has other security requirements than masked hardware implementations, the research in these fields have been quite separated from each other over the last ten years. One important practical difference is that recently published software based masking schemes show a lower randomness footprint than hardware masking schemes.
In this work we combine existing software and hardware based masking schemes into a unified masking approach (UMA). We demonstrate how UMA can be used to protect software and hardware implementations likewise, and for lower randomness costs especially for hardware implementations. Theoretical considerations as well as practical implementation results are then used to compare this unified masking approach to other schemes from different perspectives and at different levels of security.
Category / Keywords: implementation / masking, hardware security, threshold implementations, domain-oriented masking, side-channel analysis
Date: received 9 Feb 2017, last revised 21 Mar 2017
Contact author: hannes gross at iaik tugraz at
Available format(s): PDF | BibTeX Citation
Version: 20170321:140553 (All versions of this report)
Short URL: ia.cr/2017/103
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]