Paper 2025/270
A Decomposition Approach for Evaluating Security of Masking
Abstract
Masking is a common countermeasure against side-channel attacks that encodes secrets into multiple shares, each of which may be subject to leakage. A key question is under what leakage conditions, and to what extent, does increasing the number of shares actually improve the security of these secrets. Although this question has been studied extensively in low-SNR regimes, scenarios where the adversary obtains substantial information—such as on low-noise processors or through static power analysis—have remained underexplored.
In this paper, we address this gap by deriving necessary and sufficient noise requirements for masking security in both standalone encodings and linear gadgets. We introduce a decomposition technique that reduces the relationship between an extended-field variable and its leakage into subproblems involving linear combinations of the variable’s bits. By working within binary subfields, we derive optimal bounds and then lift these results back to the extended field.
Beyond binary fields, we also present a broader framework for analyzing masking security in other structures, including prime fields. As an application, we prove a conjecture by Dziembowski et al. (TCC 2016), which states that for an additive group
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Contact author(s)
-
v jahandideh @ cs ru nl
b mennink @ cs ru nl
lejla @ cs ru nl - History
- 2025-02-18: approved
- 2025-02-18: received
- See all versions
- Short URL
- https://ia.cr/2025/270
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2025/270,
author = {Vahid Jahandideh and Bart Mennink and Lejla Batina},
title = {A Decomposition Approach for Evaluating Security of Masking},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/270},
year = {2025},
url = {https://eprint.iacr.org/2025/270}
}
