Paper 2016/1023

Constant-Time Higher-Order Boolean-to-Arithmetic Masking

Michael Hutter and Michael Tunstall

Abstract

Converting a Boolean mask to an arithmetic mask, and vice versa, is often required in implementing side-channel resistant instances of cryptographic algorithms that mix Boolean and arithmetic operations. In this paper, we describe a method for converting a Boolean mask to an arithmetic mask that runs in constant time for a fixed order. We propose explicit algorithms for a second-order secure Boolean-to-arithmetic mask conversion that uses 31 instructions and for a third-order secure mask conversion that uses 74 instructions. We show that our solution is more efficient than previously proposed methods for any choice of masking-scheme order, typically by several orders of magnitude.

Note: Updated proofs from t-NI to t-SNI

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Side-channel analysis
Contact author(s)
michael tunstall @ cryptography com
History
2018-03-02: last of 7 revisions
2016-11-01: received
See all versions
Short URL
https://ia.cr/2016/1023
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/1023,
      author = {Michael Hutter and Michael Tunstall},
      title = {Constant-Time Higher-Order Boolean-to-Arithmetic Masking},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/1023},
      year = {2016},
      url = {https://eprint.iacr.org/2016/1023}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.