Cryptology ePrint Archive: Report 2018/505

Improved Parallel Mask Refreshing Algorithms: Generic Solutions with Parametrized Non-Interference \& Automated Optimizations

Gilles Barthe and Sonia Belaïd and François Dupressoir and Pierre-Alain Fouque and Benjamin Grégoire and François-Xavier Standaert and Pierre-Yves Strub

Abstract: Refreshing algorithms are a critical ingredient for secure masking. They are instrumental in enabling sound composability properties for complex circuits, and their randomness requirements dominate the performance overheads in (very) high-order masking. In this paper, we improve a proposal of mask refreshing algorithms from EUROCRYPT 2017, that has excellent implementation properties in software and hardware, in two main directions. First, we provide a generic proof that this algorithm is secure at arbitrary orders -- a problem that was left open so far. We introduce Parametrized Non-Interference as a new technical ingredient for this purpose, that may be of independent interest. Second, we use automated tools to further explore the design space of such algorithms and provide the best known parallel mask refreshing gadgets for concretely relevant security orders. Incidentally, we also prove the security of a recent proposal of mask refreshing with improved resistance against horizontal attacks from CHES 2017.

Category / Keywords: implementation / Side-channel attacks, masking countermeasure, refreshing algorithms, composability

Date: received 24 May 2018, last revised 30 May 2018

Contact author: sonia belaid at cryptoexperts com

Available format(s): PDF | BibTeX Citation

Note: Correcting errors in Table 3 (algorithms marked as insecure are in fact secure) and propagating consequences to Table 4.

Version: 20180530:212819 (All versions of this report)

Short URL: ia.cr/2018/505

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]