Paper 2017/711

Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model

Sebastian Faust, Vincent Grosso, Santos Merino Del Pozo, Clara Paglialonga, and François-Xavier Standaert


Composability and robustness against physical defaults (e.g., glitches) are two highly desirable properties for secure implementations of masking schemes. While tools exist to guarantee them separately, no current formalism enables their joint investigation. In this paper, we solve this issue by introducing a new model, the robust probing model, that is naturally suited to capture the combination of these properties. We first motivate this formalism by analyzing the excellent robustness and low randomness requirements of first-order threshold implementations, and highlighting the difficulty to extend them to higher orders. Next, and most importantly, we use our theory to design higher-order secure, robust and composable multiplication gadgets. While admittedly inspired by existing approaches to masking (e.g., Ishai-Sahai-Wagner-like, threshold, domain-oriented), these gadgets exhibit subtle implementation differences with these state-of-the-art solutions (none of which being provably composable and robust). Hence, our results illustrate how sound theoretical models can guide practically-relevant implementations.

Available format(s)
Publication info
Published by the IACR in TCHES 2018
side-channel attacksmaskingprobing security proofsphysical defaultsthreshold implementationscomposability
Contact author(s)
fstandae @ uclouvain be
2018-07-16: revised
2017-07-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sebastian Faust and Vincent Grosso and Santos Merino Del Pozo and Clara Paglialonga and François-Xavier Standaert},
      title = {Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model},
      howpublished = {Cryptology ePrint Archive, Paper 2017/711},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.