Cryptology ePrint Archive: Report 2017/116

Masking Proofs are Tight (and How to Exploit it in Security Evaluations)

Vincent Grosso and Fran├žois-Xavier Standaert

Abstract: Evaluating the security level of a leaking implementation against side-channel attacks is a challenging task. This is especially true when countermeasures such as masking are implemented since in this case: (i) the amount of measurements to perform a key recovery may become prohibitive for certification laboratories, and (ii) applying optimal (multivariate) attacks may be computationally intensive and technically challenging. In this paper, we show that by taking advantage of the tightness of masking security proofs, we can significantly simplify this evaluation task in a very general manner. More precisely, we show that the evaluation of a masked implementation can essentially be reduced to the one of an unprotected implementation. In addition, we show that despite optimal attacks against masking schemes are computationally intensive for large number of shares, heuristic (soft analytical side-channel) attacks can approach optimality very efficiently. As part of this second contribution, we also improve over the recent multivariate (aka horizontal) side-channel attacks proposed at CHES 2016 by Battistello et al.

Category / Keywords: side-channel analysis, masking, security proofs, worst-case evaluations

Original Publication (in the same form): IACR-EUROCRYPT-2018

Date: received 13 Feb 2017, last revised 8 Feb 2018

Contact author: fstandae at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20180208:192852 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]