Cryptology ePrint Archive: Report 2010/441

Provably Secure Higher-Order Masking of AES

Matthieu Rivain and Emmanuel Prouff

Abstract: Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When $d$th-order masking is involved (i.e. when $d$ masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order $d$. The design of generic $d$th-order masking schemes taking the order $d$ as security parameter is therefore of great interest for the physical security of cryptographic implementations. This paper presents the first generic $d$th-order masking scheme for AES with a provable security and a reasonable software implementation overhead. Our scheme is based on the hardware-oriented masking scheme published by Ishai et al. at Crypto 2003. Compared to this scheme, our solution can be efficiently implemented in software on any general-purpose processor. This result is of importance considering the lack of solution for $d\geq 3$.

Category / Keywords: implementation /

Publication Info: Full version of a paper published in the proceedings of CHES 2010.

Date: received 13 Aug 2010

Contact author: matthieu rivain at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20100817:100659 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]