Paper 2015/359

Higher-Order Side Channel Security and Mask Refreshing

Jean-Sebastien Coron, Emmanuel Prouff, Matthieu Rivain, and Thomas Roche

Abstract

Masking is a widely used countermeasure to protect block cipher implementations against side-channel attacks. The principle is to split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a security parameter. A masked implementation is then said to achieve dth-order security if any set of d (or less) intermediate variables does not reveal key-dependent information. At CHES 2010, Rivain and Prouff have proposed a higher-order masking scheme for AES that works for any arbitrary order d. This scheme, and its subsequent extensions, are based on an improved version of the shared multiplication processing published by Ishai et al. at CRYPTO 2003. This improvement enables better memory/timing performances but its security relies on the refreshing of the masks at some points in the algorithm. In this paper, we show that the method proposed at CHES 2010 to do such mask refreshing introduces a security flaw in the overall masking scheme. Specically, we show that it is vulnerable to an attack of order d/2 + 1 whereas the scheme is supposed to achieve dth-order security. After exhibiting and analyzing the flaw, we propose a new solution which avoids the use of mask refreshing, and we prove its security. We also provide some implementation trick that makes our proposed solution, not only secure, but also faster than the original scheme.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in FSE 2013
Keywords
Side-Channel AttacksMasking
Contact author(s)
jean-sebastien coron @ uni lu
History
2015-04-23: received
Short URL
https://ia.cr/2015/359
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/359,
      author = {Jean-Sebastien Coron and Emmanuel Prouff and Matthieu Rivain and Thomas Roche},
      title = {Higher-Order Side Channel Security and Mask Refreshing},
      howpublished = {Cryptology ePrint Archive, Paper 2015/359},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/359}},
      url = {https://eprint.iacr.org/2015/359}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.