Abstract. Several types of countermeasures against side-channel attacks are known. The one called masking is of great interest since it can be applied to any protocol and/or algorithm, without nonetheless requiring special care at the implementation level. Masking countermeasures are usually studied with the maximal possible entropy for the masks. However, in practice, this requirement can be viewed as too costly. It is thus relevant to study how the security evolves when the number of mask values decreases. In this article, we study a first-order masking scheme, that makes use of one n-bit mask taking values in a strict subset of F n 2 . For a given entropy budget, we show that the security does depend on the choice of the mask values. More specifically, we explore the space of mask sets that resist first-and second-order correlation analysis (CPA and 2O-CPA), using exhaustive search for word size n 5 bit and a SAT-solver for n up to 8 bit. We notably show that it is possible to protect algorithms against both CPA and 2O-CPA such as AES with only 12 mask values. If the general trend is that more entropy means less leakage, some particular mask subsets can leak less (or on the contrary leak remarkably more). Additionally, we exhibit such mask subsets that allows for a minimal leakage.
The security of cryptographic implementations relies not only on the algorithm quality but also on the countermeasures to thwart attacks aiming at disclosing the secrecy. These attacks can take advantage of the secret leakages appearing through the power consumption or the electromagnetic radiations also called "Side Channels". This is for instance the case of the Differential Power Analysis (DPA) or the Correlation Power Analysis (CPA). Fault injections is another threatening attack type targeting specific nets in a view to change their value. The major principle to fight the side-channel attack consists in making the power consumption constant. The Masking method allows the designer to get a power consumption which has a constant mean and a variance given by a random variable. Another manner is the Hiding method which consists in generating a constant power consumption by using a Dual-rail with Precharge phase Logic (DPL). This paper presents an overview of the various logic styles that have been promoted in the last six years, with an emphasis on their relative advantages and drawbacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.