Paper 2016/540

Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme

Alberto Battistello, Jean-Sebastien Coron, Emmanuel Prouff, and Rina Zeitoun


A common countermeasure against side-channel attacks consists in using the masking scheme originally introduced by Ishai, Sahai and Wagner (ISW) at Crypto 2003, and further generalized by Rivain and Prouff at CHES 2010. The countermeasure is provably secure in the probing model, and it was showed by Duc, Dziembowski and Faust at Eurocrypt 2014 that the proof can be extended to the more realistic noisy leakage model. However the extension only applies if the leakage noise $\sigma$ increases at least linearly with the masking order $n$, which is not necessarily possible in practice. In this paper we investigate the security of an implementation when the previous condition is not satisfied, for example when the masking order $n$ increases for a constant noise $\sigma$. We exhibit two (template) horizontal side-channel attacks against the Rivain-Prouff's secure multiplication scheme and we analyze their efficiency thanks to several simulations and experiments. We also describe a variant of Rivain-Prouff's multiplication that is still provably secure in the original ISW model, and also heuristically secure against our new attacks. Finally, we describe a new mask refreshing algorithm with complexity ${\cal O}(n \log n)$, instead of ${\cal O}(n^2)$ for the classical algorithm.

Note: New mask refreshing algorithm with quasi-linear complexity.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in CHES 2016
Side-channel attackISW countermeasureRivain-Prouff countermeasure
Contact author(s)
jean-sebastien coron @ uni lu
2016-07-27: last of 4 revisions
2016-05-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alberto Battistello and Jean-Sebastien Coron and Emmanuel Prouff and Rina Zeitoun},
      title = {Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2016/540},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.