Paper 2015/119

Making Masking Security Proofs Concrete or How to Evaluate the Security of any Leaking Device (Extended Version)

Alexandre Duc, Sebastian Faust, and François-Xavier Standaert


We investigate the relationships between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between the measurement complexity and the key enumeration time complexity in divide-and-conquer side-channel attacks, and show that these complexities can be lower bounded based on the mutual information metric, using simple and efficient algorithms. The combination of these observations enables significant reductions of the evaluation costs for certification bodies.

Available format(s)
Publication info
Published by the IACR in JOC 2018
side-channel analysismaskingsecurity proofsfair evaluations
Contact author(s)
fstandae @ uclouvain be
2019-03-11: last of 3 revisions
2015-02-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandre Duc and Sebastian Faust and François-Xavier Standaert},
      title = {Making Masking Security Proofs Concrete or How to Evaluate the Security of any Leaking Device (Extended Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2015/119},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.