Paper 2020/993

Cryptanalysis of Masked Ciphers: A not so Random Idea

Tim Beyne, Siemen Dhooghe, and Zhenda Zhang


A new approach to the security analysis of hardware-oriented masked ciphers against second-order side-channel attacks is developed. By relying on techniques from symmetric-key cryptanalysis, concrete security bounds are obtained in a variant of the probing model that allows the adversary to make only a bounded, but possibly very large, number of measurements. Specifically, it is formally shown how a bounded-query variant of robust probing security can be reduced to the linear cryptanalysis of masked ciphers. As a result, the compositional issues of higher-order threshold implementations can be overcome without relying on fresh randomness. From a practical point of view, the aforementioned approach makes it possible to transfer many of the desirable properties of first-order threshold implementations, such as their low randomness usage, to the second-order setting. For example, a straightforward application to the block cipher LED results in a masking using less than 700 random bits including the initial sharing. In addition, the cryptanalytic approach introduced in this paper provides additional insight into the design of masked ciphers and allows for a quantifiable trade-off between security and performance.

Note: Removed unnecessary log2 factor in Theorem 1, adapted the Appendix on PRINCE (MSB vs LSB), and changed the correlation matrix to absolute correlation matrix.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
siemen dhooghe @ esat kuleuven be
tim beyne @ esat kuleuven be
zhenda zhang @ esat kuleuven be
2021-07-16: last of 3 revisions
2020-08-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tim Beyne and Siemen Dhooghe and Zhenda Zhang},
      title = {Cryptanalysis of Masked Ciphers: A not so Random Idea},
      howpublished = {Cryptology ePrint Archive, Paper 2020/993},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.