Paper 2019/1165

Fast verification of masking schemes in characteristic two

Nicolas Bordes and Pierre Karpman

Abstract

We revisit the matrix model for non-interference (NI) probing security of masking gadgets introduced by Belaïd et al. at CRYPTO 2017. This leads to two main results. 1) We generalise the theorems on which this model is based, so as to be able to apply them to masking schemes over any finite field --- in particular GF(2)--- and to be able to analyse the strong non-interference (SNI) security notion. We also follow Faust et al. (TCHES 2018) to additionally consider a robust probing model that takes hardware defects such as glitches into account. 2) We exploit this improved model to implement a very efficient verification algorithm that improves the performance of state-of-the-art software by three orders of magnitude. We show applications to variants of NI and SNI multiplication gadgets from Barthe et al. (EUROCRYPT 2017) which we verify to be secure up to order 11 after a significant parallel computation effort, whereas the previous largest proven order was 7; SNI refreshing gadgets (ibid.); and NI multiplication gadgets from Groß et al. (TIS@CCS 2016) secure in presence of glitches. We also reduce the randomness cost of some existing gadgets, notably for the implementation-friendly case of 8 shares, improving here the previous best results by 17% (resp. 19%) for SNI multiplication (resp. refreshing).

Metadata
Available format(s)
PDF
Publication info
A major revision of an IACR publication in EUROCRYPT 2021
Keywords
High-order maskingprobing modelmultiplication gadgetrefreshing gadgetlinear code.
Contact author(s)
nicolas bordes @ univ-grenoble-alpes fr
pierre karpman @ univ-grenoble-alpes fr
History
2021-06-30: last of 2 revisions
2019-10-08: received
See all versions
Short URL
https://ia.cr/2019/1165
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1165,
      author = {Nicolas Bordes and Pierre Karpman},
      title = {Fast verification of masking schemes in characteristic two},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1165},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1165}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.