Paper 2018/1195
M&M: Masks and Macs against Physical Attacks
Lauren De Meyer, Victor Arribas, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen
Abstract
Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published by the IACR in TCHES 2019
- DOI
- 10.13154/tches.v2019.i1.25-50
- Keywords
- SCADFAcombinedcountermeasuremaskingCAPAParTIembeddedinfective computation
- Contact author(s)
- lauren demeyer @ esat kuleuven be
- History
- 2018-12-18: received
- Short URL
- https://ia.cr/2018/1195
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1195, author = {Lauren De Meyer and Victor Arribas and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen}, title = {M&M: Masks and Macs against Physical Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/1195}, year = {2018}, doi = {10.13154/tches.v2019.i1.25-50}, url = {https://eprint.iacr.org/2018/1195} }