Cryptology ePrint Archive: Report 2018/825

Low Randomness Masking and Shuffling: An Evaluation Using Mutual Information

Kostas Papagiannopoulos

Abstract: Side-channel countermeasure designers often face severe performance overheads when trying to protect a device. Widely applied countermeasures such as masking and shuffling entail generating a large amount of random numbers, which can result in a computational bottleneck. To mitigate the randomness cost, this work evaluates low-randomness versions of both masking and shuffling, namely Recycled Randomness Masking (RRM) and Reduced Randomness Shuffling (RRS). These countermeasures employ memory units to store generated random numbers and reuse them in subsequent computations,making them primarily suitable for implementation on devices with sufficient memory. Both RRM and RRS are evaluated using the MI-based framework in the context of horizontal attacks. The evaluation exhibits the tradeoff between the randomness cost and the noisy leakage security level offered by the countermeasures, enabling the designer to fine-tune a masking or shuffling scheme and maximize the security level achieved for a certain cost.

Category / Keywords: masking, shuffling, RNG

Original Publication (with minor differences): IACR-CHES-2018

Date: received 4 Sep 2018, last revised 14 Sep 2018

Contact author: kostaspap88 at gmail com

Available format(s): PDF | BibTeX Citation

Note: Typo fixes

Version: 20180914:143805 (All versions of this report)

Short URL: ia.cr/2018/825