### A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations

Loïc Masure, Olivier Rioul, and François-Xavier Standaert

##### Abstract

We prove a bound that approaches Duc et al.'s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let $$Y$$ be a sensitive intermediate variable of a cryptographic primitive taking its values in a set $$\mathcal{Y}$$. If $$Y$$ is protected by masking (a.k.a. secret sharing) at order $$d$$ (i.e., with $d+1$ shares), then the complexity of any non-adaptive side-channel analysis --- measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence --- is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of $$Y$$ and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of $$-1$$ as conjectured, and its multiplicative constant is$$\mathcal{O}\left(\log |\mathcal{Y}| \cdot |\mathcal{Y}|^{-1} \cdot C^{-d}\right)$$, where $$C = 2 \log(2) \approx 1.38$$. It drastically improves upon previous proven bounds, where the exponent was $$-1/2$$, and the multiplicative constant was $$\mathcal{O}\left(|\mathcal{Y}|^{-d}\right)$$. As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.

Available format(s)
Publication info
Preprint.
Keywords
Contact author(s)
loic masure @ uclouvain be
History
Short URL
https://ia.cr/2022/600

CC BY

BibTeX

@misc{cryptoeprint:2022/600,
author = {Loïc Masure and Olivier Rioul and François-Xavier Standaert},
title = {A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations},
howpublished = {Cryptology ePrint Archive, Paper 2022/600},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/600}},
url = {https://eprint.iacr.org/2022/600}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.