Paper 2022/600
A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations
Abstract
We prove a bound that approaches Duc et al.'s conjecture from Eurocrypt 2015 for the sidechannel security of masked implementations. Let \(Y\) be a sensitive intermediate variable of a cryptographic primitive taking its values in a set \(\mathcal{Y}\). If \(Y\) is protected by masking (a.k.a. secret sharing) at order \(d\) (i.e., with $d+1$ shares), then the complexity of any nonadaptive sidechannel analysis  measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence  is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of \(Y\) and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of \(1\) as conjectured, and its multiplicative constant is\(\mathcal{O}\left(\log \mathcal{Y} \cdot \mathcal{Y}^{1} \cdot C^{d}\right)\), where \(C = 2 \log(2) \approx 1.38\). It drastically improves upon previous proven bounds, where the exponent was \(1/2\), and the multiplicative constant was \(\mathcal{O}\left(\mathcal{Y}^{d}\right)\). As a consequence for sidechannel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.
Note: Adding comment to point to a similar work https://eprint.iacr.org/2022/576. Minor revision, after we have been notified that Eq. (15) in the previous version was suboptimal.
Metadata
 Available format(s)
 Publication info
 Published elsewhere. CARDIS 2022
 DOI
 10.1007/9783031253195_4
 Keywords
 sidechannelwhitebox evaluationmutual informationmaskingsucces rate
 Contact author(s)

loic masure @ uclouvain be
olivier rioul @ telecomparistech fr
fstandae @ uclouvain be  History
 20230210: last of 3 revisions
 20220517: received
 See all versions
 Short URL
 https://ia.cr/2022/600
 License

CC BY
BibTeX
@misc{cryptoeprint:2022/600, author = {Loïc Masure and Olivier Rioul and FrançoisXavier Standaert}, title = {A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations}, howpublished = {Cryptology ePrint Archive, Paper 2022/600}, year = {2022}, doi = {10.1007/9783031253195_4}, note = {\url{https://eprint.iacr.org/2022/600}}, url = {https://eprint.iacr.org/2022/600} }