Cryptology ePrint Archive: Report 2018/438

Trivially and Efficiently Composing Masked Gadgets with Probe Isolating Non-Interference

Gaëtan Cassiers and François-Xavier Standaert

Abstract: We revisit the analysis and design of masked cryptographic implementations to prevent side-channel attacks. Our starting point is the (known) observation that proving the security of a higher-order masked block cipher exhaustively requires unrealistic computing power. As a result, a natural strategy is to split algorithms in smaller parts (or gadgets), with as main objectives to enable both simple composition (as initiated by Barthe et al. at CCS 2016) and efficient implementations.

We argue that existing composition strategies allow either trivial composition with significant overheads or optimized composition with more analysis efforts. As a result, we first introduce a new definition of Probe Isolating Non-Interference (PINI) that allows both trivial composition and efficient implementations. We next prove general composition theorems for PINI gadgets that considerably simplify the analysis of complex masked implementations. We finally design efficient multiplication gadgets that satisfy this definition. As additional results, we exhibit a limitation of existing compositional strategies for the analysis of Multiple-Inputs / Multiple-Outputs (MIMO) gadgets, extend Barthe et al.'s definition of Strong Non-Interference (SNI) to deal with this context, and describe an optimization method to design efficient MIMO-SNI (sub)circuits. Our results allow proving the security of a recent masked AES implementation by Goudarzi and Rivain (EUROCRYPT 2017). From the implementation viewpoint, PINI implementations reach the level of performance of the best composable masking schemes for the AES Rijndael, and outperform them by significant factors for lightweight ciphers.

Category / Keywords: masking, security proofs, probing model, secure composition

Original Publication (in the same form): IEEE Transactions on Information Forensics & Security

Date: received 10 May 2018, last revised 27 Feb 2020

Contact author: gaetan cassiers at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20200227:213920 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]