Paper 2025/799

Code-based Masking: From Fields to Bits Bitsliced Higher-Order Masked SKINNY

John Gaspoz, KU Leuven
Siemen Dhooghe, KU Leuven
Abstract

Masking is one of the most prevalent and investigated countermeasures against side-channel analysis. As an alternative to the simple (e.g., additive) encoding function of Boolean masking, a collection of more algebraically complex masking types has emerged. Recently, inner product masking and the more generic code-based masking have proven to enable higher theoretical security properties than Boolean masking. In CARDIS 2017, Poussier et al. connected this ``security order amplification'' effect to the bit-probing model, demonstrating that for the same shared size, sharings from more complex encoding functions exhibit greater resistance to higher-order attacks. Despite these advantages, masked gadgets designed for code-based implementations face significant overhead compared to Boolean masking. Furthermore, existing code-based masked gadgets are not designed for efficient bitslice representation, which is highly beneficial for software implementations. Thus, current code-based masked gadgets are constrained to operate over words (e.g., elements in $\mathbb{F}_{2^k}$), limiting their applicability to ciphers where the S-box can be efficiently computed via power functions, such as AES. In this paper, we address the aforementioned limitations. We first introduce foundational masked linear and non-linear circuits that operate over bits of code-based sharings, ensuring composability and preserving bit-probing security, specifically achieving $t$-Probe Isolating Non-Interference ($t$-PINI). Utilizing these circuits, we construct masked ciphers that operate over bits, preserving the security order amplification effect during computation. Additionally, we present an optimized bitsliced masked assembly implementation of the SKINNY cipher, which outperforms Boolean masking in terms of randomness and gate count. The third-order security of this implementation is formally proven and validated through practical side-channel leakage evaluations on a Cortex-M4 core, confirming its robustness against leakages up to one million traces.

Note: Preprint.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Code-based MaskingMaskingProbe Isolating Non-InterferenceProbing SecuritySide-channel AnalysisSoftware
Contact author(s)
john gaspoz @ esat kuleuven be
siemen dhooghe @ esat kuleuven be
History
2025-05-05: approved
2025-05-05: received
See all versions
Short URL
https://ia.cr/2025/799
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/799,
      author = {John Gaspoz and Siemen Dhooghe},
      title = {Code-based Masking: From Fields to Bits Bitsliced Higher-Order Masked {SKINNY}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/799},
      year = {2025},
      url = {https://eprint.iacr.org/2025/799}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.