Paper 2010/441

Provably Secure Higher-Order Masking of AES

Matthieu Rivain and Emmanuel Prouff


Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When $d$th-order masking is involved (i.e. when $d$ masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order $d$. The design of generic $d$th-order masking schemes taking the order $d$ as security parameter is therefore of great interest for the physical security of cryptographic implementations. This paper presents the first generic $d$th-order masking scheme for AES with a provable security and a reasonable software implementation overhead. Our scheme is based on the hardware-oriented masking scheme published by Ishai et al. at Crypto 2003. Compared to this scheme, our solution can be efficiently implemented in software on any general-purpose processor. This result is of importance considering the lack of solution for $d\geq 3$.

Available format(s)
Publication info
Published elsewhere. Full version of a paper published in the proceedings of CHES 2010.
Contact author(s)
matthieu rivain @ gmail com
2010-08-17: received
Short URL
Creative Commons Attribution


      author = {Matthieu Rivain and Emmanuel Prouff},
      title = {Provably Secure Higher-Order Masking of AES},
      howpublished = {Cryptology ePrint Archive, Paper 2010/441},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.