Orthogonal Direct Sum Masking: A Smartcard Friendly Computation Paradigm in a Code, with Builtin Protection against Side-Channel and Fault Attacks

Julien Bringer, Claude Carlet, Hervé Chabanne, Sylvain Guilley, and Houssem Maghrebi

Abstract

Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks. Those include side-channel and fault injection attacks. We introduce ODSM, Orthogonal Direct Sum Masking, a new computation paradigm that achieves protection against those two kinds of attacks. A large vector space is structured as two supplementary orthogonal subspaces. One subspace (called a code $\mathcal{C}$) is used for the functional computation, while the second subspace carries random numbers. As the random numbers are entangled with the sensitive data, ODSM ensures a protection against (monovariate) side-channel attacks. The random numbers can be checked either occasionally, or globally, thereby ensuring a fine or coarse detection capability. The security level can be formally detailed: it is proved that monovariate side-channel attacks of order up to $d_\mathcal{C}-1$, where $d_\mathcal{C}$ is the minimal distance of $\mathcal{C}$, are impossible, and that any fault of Hamming weight strictly less than $d_\mathcal{C}$ is detected. A complete instantiation of ODSM is given for AES. In this case, all monovariate side-channel attacks of order strictly less than $5$ are impossible, and all fault injections perturbing strictly less than $5$ bits are detected.

Note: Clearer MAGMA code

Available format(s)
Category
Implementation
Publication info
Published elsewhere. MINOR revision.WISTP 2014
DOI
10.1007/978-3-662-43826-8_4
Contact author(s)
sylvain guilley @ telecom-paristech fr
History
2016-08-07: last of 2 revisions
See all versions
Short URL
https://ia.cr/2014/665

CC BY

BibTeX

@misc{cryptoeprint:2014/665,
author = {Julien Bringer and Claude Carlet and Hervé Chabanne and Sylvain Guilley and Houssem Maghrebi},
title = {Orthogonal Direct Sum Masking: A Smartcard Friendly Computation Paradigm in a Code, with Builtin Protection against  Side-Channel and Fault Attacks},
howpublished = {Cryptology ePrint Archive, Paper 2014/665},
year = {2014},
doi = {10.1007/978-3-662-43826-8_4},
note = {\url{https://eprint.iacr.org/2014/665}},
url = {https://eprint.iacr.org/2014/665}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.