Paper 2012/028

A First-Order Leak-Free Masking Countermeasure

Houssem MAGHREBI, Emmanuel PROUFF, Sylvain GUILLEY, and Jean-Luc DANGER

Abstract

One protection of cryptographic implementations against side-channel attacks is the masking of the sensitive variables. In this article, we present a first-order masking that does not leak information when the registers change values according to some specific (and realistic) rules. This countermeasure applies to all devices that leak a function of the distance between consecutive values of internal variables. In particular, we illustrate its practicality on both hardware and software implementations. Moreover, we introduce a framework to evaluate the soundness of the new first-order masking when the leakage slightly deviates from the rules involved to design the countermeasure. It reveals that the countermeasure remains more efficient than the state-of-the-art first-order masking if the deviation from the ideal model is equal to a few tens of percents, and that it is as good as a first-order Boolean masking even if the deviation is $50$\%.

Note: Paper to be published at CT-RSA 2012, with some corrections in the construction of the $F$ functions (in Sec. 4.1).

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
First-order maskingleakage in distanceleakage-free countermeasure
Contact author(s)
maghrebi @ enst fr
History
2012-01-22: received
Short URL
https://ia.cr/2012/028
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/028,
      author = {Houssem MAGHREBI and Emmanuel PROUFF and Sylvain GUILLEY and Jean-Luc DANGER},
      title = {A First-Order Leak-Free Masking Countermeasure},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/028},
      year = {2012},
      url = {https://eprint.iacr.org/2012/028}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.