Paper 2017/637
Very High Order Masking: Efficient Implementation and Security Evaluation
Anthony Journault and François-Xavier Standaert
Abstract
In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the bitslice cipher Fantomas. By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic timings for masked implementations with 32 shares. We then observe that the security level provided by such implementations is uneasy to quantify with current evaluation tools. We therefore propose a new ``multi-model" evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature. This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters. Concretely, it leads us to conclude that these implementations withstand worst-case adversaries with >2^64 measurements under falsifiable assumptions.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- A minor revision of an IACR publication in CHES 2017
- Keywords
- maskingblock ciphersperformances and security evaluations
- Contact author(s)
- fstandae @ uclouvain be
- History
- 2017-07-03: received
- Short URL
- https://ia.cr/2017/637
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/637,
author = {Anthony Journault and François-Xavier Standaert},
title = {Very High Order Masking: Efficient Implementation and Security Evaluation},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/637},
year = {2017},
url = {https://eprint.iacr.org/2017/637}
}
