Cryptology ePrint Archive: Report 2018/825
Low Randomness Masking and Shuffling: An Evaluation Using Mutual Information
Kostas Papagiannopoulos
Abstract: Side-channel countermeasure designers often face severe performance overheads when trying to protect a device. Widely applied countermeasures such as masking and shuffling entail generating a large amount of random numbers, which can result in a computational bottleneck. To mitigate the randomness cost, this work evaluates low-randomness versions of both masking and shuffling, namely Recycled Randomness Masking (RRM) and Reduced Randomness Shuffling (RRS). These countermeasures employ memory units to store generated random numbers and reuse them in subsequent computations,making them primarily suitable for implementation on devices with sufficient memory. Both RRM and RRS are evaluated using the MI-based framework in the context of horizontal attacks. The evaluation exhibits the tradeoff between the randomness cost and the noisy leakage security level offered by the countermeasures, enabling the designer to fine-tune a masking or shuffling scheme and maximize the security level achieved for a certain cost.
Category / Keywords: masking, shuffling, RNG
Original Publication (with minor differences): IACR-CHES-2018
Date: received 4 Sep 2018, last revised 14 Sep 2018
Contact author: kostaspap88 at gmail com
Available format(s): PDF | BibTeX Citation
Note: Typo fixes
Version: 20180914:143805 (All versions of this report)
Short URL: ia.cr/2018/825
[ Cryptology ePrint archive ]