Paper 2024/339

From Random Probing to Noisy Leakages Without Field-Size Dependence

Gianluca Brian, ETH Zurich
Stefan Dziembowski, University of Warsaw, IDEAS NCBR
Sebastian Faust, TU Darmstadt

Side channel attacks are devastating attacks targeting cryptographic implementations. To protect against these attacks, various countermeasures have been proposed -- in particular, the so-called masking scheme. Masking schemes work by hiding sensitive information via secret sharing all intermediate values that occur during the evaluation of a cryptographic implementation. Over the last decade, there has been broad interest in designing and formally analyzing such schemes. The random probing model considers leakage where the value on each wire leaks with some probability $\epsilon$. This model is important as it implies security in the noisy leakage model via a reduction by Duc et al. (Eurocrypt 2014). Noisy leakages are considered the "gold-standard" for analyzing masking schemes as they accurately model many real-world physical leakages. Unfortunately, the reduction of Duc et al. is non-tight, and in particular requires that the amount of noise increases by a factor of $|\mathbb{F}|$ for circuits that operate over $\mathbb{F}$ (where $\mathbb{F}$ is a finite field). In this work, we give a generic transformation from random probing to average probing, which avoids this loss of $|\mathbb{F}|$. Since the average probing is identical to the noisy leakage model (Eurocrypt 2014), this yields for the first time a security analysis of masked circuits where the noise parameter $\delta$ in the noisy leakage model is independent of $|\mathbb{F}|$. The latter is particularly important for cryptographic schemes operating over large fields, e.g., the AES or the recently standardized post-quantum schemes.

Available format(s)
Publication info
A minor revision of an IACR publication in EUROCRYPT 2024
Leakage resilienceLeakage models
Contact author(s)
gianluca brian @ inf ethz ch
2024-03-04: revised
2024-02-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gianluca Brian and Stefan Dziembowski and Sebastian Faust},
      title = {From Random Probing to Noisy Leakages Without Field-Size Dependence},
      howpublished = {Cryptology ePrint Archive, Paper 2024/339},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.