Paper 2012/028

A First-Order Leak-Free Masking Countermeasure

Houssem MAGHREBI, Emmanuel PROUFF, Sylvain GUILLEY, and Jean-Luc DANGER


One protection of cryptographic implementations against side-channel attacks is the masking of the sensitive variables. In this article, we present a first-order masking that does not leak information when the registers change values according to some specific (and realistic) rules. This countermeasure applies to all devices that leak a function of the distance between consecutive values of internal variables. In particular, we illustrate its practicality on both hardware and software implementations. Moreover, we introduce a framework to evaluate the soundness of the new first-order masking when the leakage slightly deviates from the rules involved to design the countermeasure. It reveals that the countermeasure remains more efficient than the state-of-the-art first-order masking if the deviation from the ideal model is equal to a few tens of percents, and that it is as good as a first-order Boolean masking even if the deviation is $50$\%.

Note: Paper to be published at CT-RSA 2012, with some corrections in the construction of the $F$ functions (in Sec. 4.1).

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
First-order maskingleakage in distanceleakage-free countermeasure
Contact author(s)
maghrebi @ enst fr
2012-01-22: received
Short URL
Creative Commons Attribution


      author = {Houssem MAGHREBI and Emmanuel PROUFF and Sylvain GUILLEY and Jean-Luc DANGER},
      title = {A First-Order Leak-Free Masking Countermeasure},
      howpublished = {Cryptology ePrint Archive, Paper 2012/028},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.