Paper 2018/825

Low Randomness Masking and Shuffling: An Evaluation Using Mutual Information

Kostas Papagiannopoulos


Side-channel countermeasure designers often face severe performance overheads when trying to protect a device. Widely applied countermeasures such as masking and shuffling entail generating a large amount of random numbers, which can result in a computational bottleneck. To mitigate the randomness cost, this work evaluates low-randomness versions of both masking and shuffling, namely Recycled Randomness Masking (RRM) and Reduced Randomness Shuffling (RRS). These countermeasures employ memory units to store generated random numbers and reuse them in subsequent computations,making them primarily suitable for implementation on devices with sufficient memory. Both RRM and RRS are evaluated using the MI-based framework in the context of horizontal attacks. The evaluation exhibits the tradeoff between the randomness cost and the noisy leakage security level offered by the countermeasures, enabling the designer to fine-tune a masking or shuffling scheme and maximize the security level achieved for a certain cost.

Note: Typo fixes

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2018
Contact author(s)
kostaspap88 @ gmail com
2018-09-14: revised
2018-09-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kostas Papagiannopoulos},
      title = {Low Randomness Masking and Shuffling: An Evaluation Using Mutual Information},
      howpublished = {Cryptology ePrint Archive, Paper 2018/825},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.