Paper 2019/1106

Side-channel Masking with Pseudo-Random Generator

Jean-Sébastien Coron, Aurélien Greuet, and Rina Zeitoun

Abstract

High-order masking countermeasures against side-channel attacks usually require plenty of randomness during their execution. For security against t probes, the classical ISW countermeasure requires O(t^2 s) random bits, where s is the circuit size. However running a True Random Number Generator (TRNG) can be costly in practice and become a bottleneck on embedded devices. In [IKL+13] the authors introduced the notion of robust pseudo-random number generator (PRG), which must remain secure even against an adversary who can probe at most t wires. They showed that when embedding a robust PRG within a private circuit, the number of random bits can be reduced to O(t^4), that is independent of the circuit size s (up to a logarithmic factor). Using bipartite expander graphs, this can be further reduced to O(t^(3+eps)); however the resulting construction is unpractical. In this paper we describe a practical construction where the number of random bits is only O(t^2) for security against t probes, without expander graphs; moreover the running time of each pseudo-random generation goes down from O(t^4) to O(t). Our technique consists in using multiple independent PRGs instead of a single one. We show that for ISW circuits, the robustness property of the PRG is not required anymore, which leads to simple and efficient constructions. For example, for AES we only need 48 bytes of randomness to get second-order security (t=2), instead of 2880 in the original Rivain-Prouff countermeasure; when implemented on an ARM-based embedded device with a relatively slow TRNG, we obtain a 50% speed-up compared to Rivain-Prouff.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in Eurocrypt 2020
Keywords
Side-channel countermeasurehigh-order maskingISW probing model.
Contact author(s)
jscoron @ gmail com
aurelien greuet @ idemia com
rina zeitoun @ idemia com
History
2020-05-12: revised
2019-09-29: received
See all versions
Short URL
https://ia.cr/2019/1106
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1106,
      author = {Jean-Sébastien Coron and Aurélien Greuet and Rina Zeitoun},
      title = {Side-channel Masking with Pseudo-Random Generator},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1106},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1106}},
      url = {https://eprint.iacr.org/2019/1106}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.