Paper 2011/516

Protecting AES with Shamir's Secret Sharing Scheme

Louis Goubin and Ange Martinelli

Abstract

Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir's Secret Sharing scheme~\cite{Sha79} as an alternative to Boolean masking. We detail its implementation for the AES using the same tool than Rivain and Prouff in CHES 2010~\cite{RP10}: multi-party computation. We then conduct a security analysis of our scheme in order to compare it to Boolean masking. Our results show that for a given amount of noise the proposed scheme - implemented to the first order - provides the same security level as up to order boolean masking, together with a better efficiency.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Full version of the paper published in the proceedings of CHES 2011
Keywords
Side Channel Analysis (SCA)MaskingAES ImplementationShamir's Secret SharingMulti-party computation
Contact author(s)
martinelli ange @ gmail com
History
2011-09-22: received
Short URL
https://ia.cr/2011/516
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2011/516,
      author = {Louis Goubin and Ange Martinelli},
      title = {Protecting {AES} with Shamir's Secret Sharing Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/516},
      year = {2011},
      url = {https://eprint.iacr.org/2011/516}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.