Cryptology ePrint Archive: Report 2018/745

Achilles' Heel: the Unbalanced Mask Sets May Destroy a Masking Countermeasure

Jingdian Ming and Wei Cheng and Huizhong Li and Guang Yang and Yongbin Zhou and Qian Zhang

Abstract: Low Entropy Masking Scheme (LEMS) has attracted wide attention for its low-cost feature of small fixed mask sets in Side-Channel-Analysis (SCA). To achieve the expected side channel security, it is necessary to find a balanced mask set to reduce the correlations between key dependent variables and their corresponding leakages. However, the security proof of LEMS, based on an inadequate assumption, might lead to consequent mask sets proposed without balance property, which could cause vulnerable LEMS implementations. This paper focusing on correcting and improving this scheme, first gives the formal definitions of univariate balance property on mask sets and extends it to multivariate settings. From these definitions, we propose three fundamental properties to analyze the balance of mask sets in Rotating Sbox Masking (RSM), the most popular LEMS implementations. To demonstrate the definitions and properties, three state-of-the-art RSM mask sets were selected as research objects. The corresponding attacks when any properties violated distinctly indicate the necessity of evaluating the balance property of the mask set in advance (during the design phase). However, it is found impossible to get a mask set for the RSM with all three properties satisfied, which means the vulnerabilities of RSM scheme in its unbalanced mask set are unavoidable. Thus, this promising masking scheme may be broken for its unqualified mask set.

Category / Keywords: secret-key cryptography / Side Channel Analysis, Masking Countermeasures, DPA Contest, RSM Scheme, Unbalanced Mask Set

Date: received 9 Aug 2018, last revised 23 Aug 2018

Contact author: mingjingdian at iie ac cn

Available format(s): PDF | BibTeX Citation

Version: 20180824:014734 (All versions of this report)

Short URL: ia.cr/2018/745


[ Cryptology ePrint archive ]