Paper 2022/600

A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations

Loïc Masure, Olivier Rioul, and François-Xavier Standaert

Abstract

We prove a bound that approaches Duc et al.'s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let \(Y\) be a sensitive intermediate variable of a cryptographic primitive taking its values in a set \(\mathcal{Y}\). If \(Y\) is protected by masking (a.k.a. secret sharing) at order \(d\) (i.e., with $d+1$ shares), then the complexity of any non-adaptive side-channel analysis --- measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence --- is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of \(Y\) and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of \(-1\) as conjectured, and its multiplicative constant is\(\mathcal{O}\left(\log |\mathcal{Y}| \cdot |\mathcal{Y}|^{-1} \cdot C^{-d}\right)\), where \(C = 2 \log(2) \approx 1.38\). It drastically improves upon previous proven bounds, where the exponent was \(-1/2\), and the multiplicative constant was \(\mathcal{O}\left(|\mathcal{Y}|^{-d}\right)\). As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
side-channelwhite-box evaluationmutual informationmaskingsucces rate
Contact author(s)
loic masure @ uclouvain be
History
2022-05-17: received
Short URL
https://ia.cr/2022/600
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/600,
      author = {Loïc Masure and Olivier Rioul and François-Xavier Standaert},
      title = {A Nearly Tight Proof of Duc et al.'s Conjectured Security Bound for Masked Implementations},
      howpublished = {Cryptology ePrint Archive, Paper 2022/600},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/600}},
      url = {https://eprint.iacr.org/2022/600}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.