Cryptology ePrint Archive: Report 2018/1195

M&M: Masks and Macs against Physical Attacks

Lauren De Meyer and Victor Arribas and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen

Abstract: Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.

Category / Keywords: implementation / SCA, DFA, combined, countermeasure, masking, CAPA, ParTI, embedded, infective computation

Original Publication (in the same form): IACR-CHES-2019
DOI:
10.13154/tches.v2019.i1.25-50

Date: received 10 Dec 2018, last revised 10 Dec 2018

Contact author: lauren demeyer at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20181218:193343 (All versions of this report)

Short URL: ia.cr/2018/1195


[ Cryptology ePrint archive ]