Paper 2015/837
Multi-Variate High-Order Attacks of Shuffled Tables Recomputation
Nicolas BRUNEAU, Sylvain GUILLEY, Zakaria NAJM, and Yannick TEGLIA
Abstract
Masking schemes based on tables recomputation are classical countermeasures against high-order side-channel attacks. Still, they are known to be attackable at order $d$ in the case the masking involves $d$ shares. In this work, we mathematically show that an attack of order strictly greater than $d$ can be more successful than an attack at order $d$. To do so, we leverage the idea presented by Tunstall, Whitnall and Oswald at FSE 2013: we exhibit attacks which exploit the multiple leakages linked to one mask during the recomputation of tables. Specifically, regarding first-order table recomputation, improved by a shuffled execution, we show that there is a window of opportunity, in terms of noise variance, where a novel highly multivariate third-order attack is more efficient than a classical bivariate second-order attack. Moreover, we show on the example of the high-order secure table computation presented by Coron at EUROCRYPT 2014 that the window of opportunity enlarges linearly with the security order $d$.
Note: Like in the CHES '15 paper, but where Alg. 1 and Fig. 1 have been made compatible.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- A minor revision of an IACR publication in CHES 2015
- DOI
- 10.1007/978-3-662-48324-4_24
- Contact author(s)
- sylvain guilley @ telecom-paristech fr
- History
- 2015-08-31: received
- Short URL
- https://ia.cr/2015/837
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/837,
author = {Nicolas BRUNEAU and Sylvain GUILLEY and Zakaria NAJM and Yannick TEGLIA},
title = {Multi-Variate High-Order Attacks of Shuffled Tables Recomputation},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/837},
year = {2015},
doi = {10.1007/978-3-662-48324-4_24},
url = {https://eprint.iacr.org/2015/837}
}
