Cryptology ePrint Archive: Report 2017/345

Mind the Gap: Towards Secure 1st-order Masking in Software

Kostas Papagiannopoulos and Nikita Veshchikov

Abstract: Cryptographic implementations are vulnerable to side-channel analysis. Implementors often opt for masking countermeasures to protect against these types of attacks. Masking countermeasures can ensure theoretical protection against value-based leakages. However, the practical effectiveness of masking is often halted by physical effects such as glitches couplings and distance-based leakages, which violate the independent leakage assumption (ILA) and result in security order reductions. This paper aims to address this gap between masking theory and practice in the following threefold manner. First, we perform an in-depth investigation of the device-specific effects that invalidate ILA in the AVR microcontroller ATMega163. Second, we provide an automated tool, capable of detecting ILA violations in AVR assembly code. Last, we craft the first (to our knowledge) "hardened" 1st-order ISW-based, masked Sbox implementation, which is capable of resisting 1st-order, univariate side-channel attacks. Enforcing the ILA in the masked RECTANGLE Sbox requires 1319 clock cycles, i.e. a 15-fold increase compared to a naive 1st-order ISW-based implementation.

Category / Keywords: implementation / side-channel analysis, masking, AVR, distance leakages, ASCOLD

Original Publication (with minor differences): COSADE 2017

Date: received 19 Apr 2017

Contact author: kostaspap88 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170421:215040 (All versions of this report)

Short URL: ia.cr/2017/345

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]