Paper 2017/345

Mind the Gap: Towards Secure 1st-order Masking in Software

Kostas Papagiannopoulos and Nikita Veshchikov


Cryptographic implementations are vulnerable to side-channel analysis. Implementors often opt for masking countermeasures to protect against these types of attacks. Masking countermeasures can ensure theoretical protection against value-based leakages. However, the practical effectiveness of masking is often halted by physical effects such as glitches couplings and distance-based leakages, which violate the independent leakage assumption (ILA) and result in security order reductions. This paper aims to address this gap between masking theory and practice in the following threefold manner. First, we perform an in-depth investigation of the device-specific effects that invalidate ILA in the AVR microcontroller ATMega163. Second, we provide an automated tool, capable of detecting ILA violations in AVR assembly code. Last, we craft the first (to our knowledge) "hardened" 1st-order ISW-based, masked Sbox implementation, which is capable of resisting 1st-order, univariate side-channel attacks. Enforcing the ILA in the masked RECTANGLE Sbox requires 1319 clock cycles, i.e. a 15-fold increase compared to a naive 1st-order ISW-based implementation.

Available format(s)
Publication info
Published elsewhere. MINOR revision.COSADE 2017
side-channel analysismaskingAVRdistance leakagesASCOLD
Contact author(s)
kostaspap88 @ gmail com
2017-04-21: received
Short URL
Creative Commons Attribution


      author = {Kostas Papagiannopoulos and Nikita Veshchikov},
      title = {Mind the Gap:  Towards Secure 1st-order Masking in Software},
      howpublished = {Cryptology ePrint Archive, Paper 2017/345},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.