Cryptology ePrint Archive: Report 2020/993

Cryptanalysis of Masked Ciphers: A not so Random Idea

Tim Beyne and Siemen Dhooghe and Zhenda Zhang

Abstract: A new approach to the security analysis of hardware-oriented masked ciphers against second-order side-channel attacks is developed. By relying on techniques from symmetric-key cryptanalysis, concrete security bounds are obtained in a variant of the probing model that allows the adversary to make only a bounded, but possibly very large, number of measurements. Specifically, it is formally shown how a bounded-query variant of robust probing security can be reduced to the linear cryptanalysis of masked ciphers. As a result, the compositional issues of higher-order threshold implementations can be overcome without relying on fresh randomness. From a practical point of view, the aforementioned approach makes it possible to transfer many of the desirable properties of first-order threshold implementations, such as their low randomness usage, to the second-order setting. For example, a straightforward application to the block cipher LED results in a masking using less than 700 random bits including the initial sharing. In addition, the cryptanalytic approach introduced in this paper provides additional insight into the design of masked ciphers and allows for a quantifiable trade-off between security and performance.

Category / Keywords: secret-key cryptography / Linear Cryptanalysis and Masking and Probing Security and Side-Channel Analysis and Threshold Implementations

Date: received 17 Aug 2020

Contact author: siemen dhooghe at esat kuleuven be,tim beyne@esat kuleuven be,zhenda zhang@esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20200818:084128 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]