Cryptology ePrint Archive: Report 2021/880

Towards Tight Random Probing Security

Gaëtan Cassiers and Sebastian Faust and Maximilian Orlt and François-Xavier Standaert

Abstract: Proving the security of masked implementations in theoretical models that are relevant to practice and match the best known attacks of the side-channel literature is a notoriously hard problem. The random probing model is a good candidate to contribute to this challenge, due to its ability to capture the continuous nature of physical leakage (contrary to the threshold probing model), while also being convenient to manipulate in proofs and to automate with verification tools. Yet, despite recent progresses in the design of masked circuits with good asymptotic security guarantees in this model, existing results still fall short when it comes to analyze the security of concretely useful circuits under realistic noise levels and with low number of shares. In this paper, we contribute to this issue by introducing a new composability notion, the Probe Distribution Table (PDT), and a new tool (called STRAPS, for the Sampled Testing of the RAndom Probing Security). Their combination allows us to significantly improve the tightness of existing analyses in the most practical (low noise, low number of shares) region of the design space. We illustrate these improvements by quantifying the random probing security of an AES S-box circuit, masked with the popular multiplication gadget of Ishai, Sahai and Wagner from Crypto 2003, with up to six shares.

Category / Keywords: implementation / Masking, Random probing model, Composability

Original Publication (with minor differences): IACR-CRYPTO-2021

Date: received 25 Jun 2021

Contact author: gaetan cassiers at uclouvain be, maximilian orlt at tu-darmstadt de, fstandae at uclouvain be, sebastian faust at cs tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20210629:114509 (All versions of this report)

Short URL: ia.cr/2021/880


[ Cryptology ePrint archive ]