Paper 2018/1195

M&M: Masks and Macs against Physical Attacks

Lauren De Meyer, Victor Arribas, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen

Abstract

Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2019
DOI
10.13154/tches.v2019.i1.25-50
Keywords
SCADFAcombinedcountermeasuremaskingCAPAParTIembeddedinfective computation
Contact author(s)
lauren demeyer @ esat kuleuven be
History
2018-12-18: received
Short URL
https://ia.cr/2018/1195
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1195,
      author = {Lauren De Meyer and Victor Arribas and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen},
      title = {M&M: Masks and Macs against Physical Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1195},
      year = {2018},
      doi = {10.13154/tches.v2019.i1.25-50},
      url = {https://eprint.iacr.org/2018/1195}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.