Paper 2022/389

Higher-order masked Saber

Suparna Kundu, imec-COSIC
Jan-Pieter D’Anvers
Michiel Van Beirendonck
Angshuman Karmakar
Ingrid Verbauwhede

Side-channel attacks are formidable threats to the cryptosystems deployed in the real world. An effective and provably secure countermeasure against side-channel attacks is masking. In this work, we present a detailed study of higher-order masking techniques for the key-encapsulation mechanism Saber. Saber is one of the lattice-based finalist candidates in the National Institute of Standards of Technology's post-quantum standardization procedure. We provide a detailed analysis of different masking algorithms proposed for Saber in the recent past and propose an optimized implementation of higher-order masked Saber. Our proposed techniques for first-, second-, and third-order masked Saber have performance overheads of 2.7x, 5x, and 7.7x respectively compared to the unmasked Saber. We show that compared to Kyber which is another lattice-based finalist scheme, Saber's performance degrades less with an increase in the order of masking. We also show that higher-order masked Saber needs fewer random bytes than higher-order masked Kyber. Additionally, we adapt our masked implementation to uSaber, a variant of Saber that was specifically designed to allow an efficient masked implementation. We present the first masked implementation of uSaber, showing that it indeed outperforms masked Saber by at least 12% for any order. We provide optimized implementations of all our proposed masking schemes on ARM Cortex-M4 microcontrollers.

Available format(s)
Public-key cryptography
Publication info
Post-quantum cryptography Higher-order masking Saber Key-encapsulation mechanism
Contact author(s)
Suparna Kundu @ esat kuleuven be
2022-06-30: last of 2 revisions
2022-03-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Suparna Kundu and Jan-Pieter D’Anvers and Michiel Van Beirendonck and Angshuman Karmakar and Ingrid Verbauwhede},
      title = {Higher-order masked Saber},
      howpublished = {Cryptology ePrint Archive, Paper 2022/389},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.