Paper 2026/288

Bypassing the Random-Probing Model in Masking Security Proofs

Julien Béguinot, UCLouvain, ICTEAM Institute, Crypto Group
Gianluca Brian, TU Darmstadt
Loïc Masure, LIRMM, Univ. Montpellier, CNRS
Abstract

Masking, i.e., computing over secret-shared data, is one of the main counter-measures against side-channel analysis, provably secure in the standard noisy-leakage model. However, all the state-of-the-art security proofs rely on a reduction to a more abstract model called random probing (Eurocrypt’14). As a result, the noise requirements of such proofs must scale with the field size of the circuit which, beyond not reflecting real-world physics of target devices, is often prohibitive, especially in the post-quantum era. That is why it is critical to find alternative strategies to the reduction to the random-probing model. In this paper, we establish for the first time a masking security proof bypassing this reduction, answering positively to the above question. Contrary to the common belief that directly working in the noisy-leakage model is not convenient, we show how to reach this goal by leveraging an extension of the Xor lemma. We also show how to leverage the IOS framework (CHES’21) in order to derive composable security directly in the noisy-leakage model. As a result, our bound relies on relaxed noise requirements characterized in a weaker metric than the so far state of the art (Crypto’24, ’19). Moreover, our new proof strategy allows us to derive a security bound for circuits masked with the first-order ISW compiler, for which the optimal noise requirement scales as \(\Theta\left(\left|\mathbb{F}\right|^{1/2}\right)\), whereas proofs using the random-probing model work in a regime of \(\mathcal{O}\left(\left|\mathbb{F}\right|\right)\). The latter contribution illustrates how some current design choices for masked implementations could be concretely affected: we exhibit two exemplary masked implementations such that the former one is more secure in the (more abstract) random-probing model, whereas the latter one is more secure in the (more realistic) noisy-leakage model.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A major revision of an IACR publication in CRYPTO 2026
Keywords
MaskingNoisy leakageRandom ProbingXOR LemmaReductionLeakage Model
Contact author(s)
julien beguinot @ uclouvain be
gianluca brian @ tu-darmstadt de
loic masure @ lirmm fr
History
2026-06-01: revised
2026-02-17: received
See all versions
Short URL
https://ia.cr/2026/288
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/288,
      author = {Julien Béguinot and Gianluca Brian and Loïc Masure},
      title = {Bypassing the Random-Probing Model in Masking Security Proofs},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/288},
      year = {2026},
      url = {https://eprint.iacr.org/2026/288}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.