Paper 2011/516

Protecting AES with Shamir's Secret Sharing Scheme

Louis Goubin and Ange Martinelli


Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir's Secret Sharing scheme~\cite{Sha79} as an alternative to Boolean masking. We detail its implementation for the AES using the same tool than Rivain and Prouff in CHES 2010~\cite{RP10}: multi-party computation. We then conduct a security analysis of our scheme in order to compare it to Boolean masking. Our results show that for a given amount of noise the proposed scheme - implemented to the first order - provides the same security level as $3^{rd}$ up to $4^{th}$ order boolean masking, together with a better efficiency.

Available format(s)
Publication info
Published elsewhere. Full version of the paper published in the proceedings of CHES 2011
Side Channel Analysis (SCA)MaskingAES ImplementationShamir's Secret SharingMulti-party computation
Contact author(s)
martinelli ange @ gmail com
2011-09-22: received
Short URL
Creative Commons Attribution


      author = {Louis Goubin and Ange Martinelli},
      title = {Protecting {AES} with Shamir's Secret Sharing Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2011/516},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.