Masking Proofs are Tight (and How to Exploit it in Security Evaluations)

Vincent Grosso and François-Xavier Standaert

Abstract

Evaluating the security level of a leaking implementation against side-channel attacks is a challenging task. This is especially true when countermeasures such as masking are implemented since in this case: (i) the amount of measurements to perform a key recovery may become prohibitive for certification laboratories, and (ii) applying optimal (multivariate) attacks may be computationally intensive and technically challenging. In this paper, we show that by taking advantage of the tightness of masking security proofs, we can significantly simplify this evaluation task in a very general manner. More precisely, we show that the evaluation of a masked implementation can essentially be reduced to the one of an unprotected implementation. In addition, we show that despite optimal attacks against masking schemes are computationally intensive for large number of shares, heuristic (soft analytical side-channel) attacks can approach optimality very efficiently. As part of this second contribution, we also improve over the recent multivariate (aka horizontal) side-channel attacks proposed at CHES 2016 by Battistello et al.

Available format(s)
Publication info
Keywords
Contact author(s)
fstandae @ uclouvain be
History
2018-02-08: revised
See all versions
Short URL
https://ia.cr/2017/116

CC BY

BibTeX

@misc{cryptoeprint:2017/116,
author = {Vincent Grosso and François-Xavier Standaert},
title = {Masking Proofs are Tight (and How to Exploit it in Security Evaluations)},
howpublished = {Cryptology ePrint Archive, Paper 2017/116},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/116}},
url = {https://eprint.iacr.org/2017/116}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.