### Provably Secure Higher-Order Masking of AES

Matthieu Rivain and Emmanuel Prouff

##### Abstract

Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When $d$th-order masking is involved (i.e. when $d$ masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order $d$. The design of generic $d$th-order masking schemes taking the order $d$ as security parameter is therefore of great interest for the physical security of cryptographic implementations. This paper presents the first generic $d$th-order masking scheme for AES with a provable security and a reasonable software implementation overhead. Our scheme is based on the hardware-oriented masking scheme published by Ishai et al. at Crypto 2003. Compared to this scheme, our solution can be efficiently implemented in software on any general-purpose processor. This result is of importance considering the lack of solution for $d\geq 3$.

Available format(s)
Category
Implementation
Publication info
Published elsewhere. Full version of a paper published in the proceedings of CHES 2010.
Contact author(s)
matthieu rivain @ gmail com
History
Short URL
https://ia.cr/2010/441

CC BY

BibTeX

@misc{cryptoeprint:2010/441,
author = {Matthieu Rivain and Emmanuel Prouff},
title = {Provably Secure Higher-Order Masking of AES},
howpublished = {Cryptology ePrint Archive, Paper 2010/441},
year = {2010},
note = {\url{https://eprint.iacr.org/2010/441}},
url = {https://eprint.iacr.org/2010/441}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.