Affine Masking against Higher-Order Side Channel Analysis

Fumaroli, Guillaume; Martinelli, Ange; Prouff, Emmanuel; Rivain, Matthieu

doi:10.1007/978-3-642-19574-7_18

Cited by 75 publications

(57 citation statements)

References 25 publications

(55 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [25,6], the authors propose to use an affine function instead of just XOR to mask sensitive variables, thus improving the security of the scheme for a low complexity overhead. However, this countermeasure is developed only to the 1 th order and it is not clear how it can be extended to higher orders.…”

Section: Introductionmentioning

confidence: 99%

Protecting AES with Shamir’s Secret Sharing Scheme

Goubin

Martinelli

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir's Secret Sharing scheme [22] as an alternative to Boolean masking. We detail its implementation for the AES using the same tool than Rivain and Prouff in CHES 2010 [16]: multi-party computation. We then conduct a security analysis of our scheme in order to compare it to Boolean masking. Our results show that for a given amount of noise the proposed scheme -implemented to the first orderprovides the same security level as 3 rd up to 4 th order boolean masking, together with a better efficiency.

show abstract

Section: Introductionmentioning

confidence: 99%

Protecting AES with Shamir’s Secret Sharing Scheme

Goubin

Martinelli

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Typically only two, or at most three, shares are used and the masks (i.e. randomness) are not refreshed in between rounds or in between invocations of an intermediate value [7,6]. Consequently, practical masking schemes maintain the consistency between the subsequent transformations on the state and so the cross-correlation distinguisher remains applicable.…”

Section: Measures To Secure the Split-and-concatenate Simulatormentioning

confidence: 99%

“…We also store the state ST 5 . Next, the encryption of x under k * is performed and the leakage of the last 5 rounds is captured l 6,10 along with ST 6 . To connect the two otherwise disconnected states we generate an extra trace AES1 k # (ST 5 ) l 5 .…”

Section: Maintaining State Consistencymentioning

confidence: 99%

Simulatable Leakage: Analysis, Pitfalls, and New Constructions

Longo

Martin

Oswald

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In 2013, Standaert et al. proposed the notion of simulatable leakage to connect theoretical leakage resilience with the practice of side channel attacks. Their use of simulators, based on physical devices, to support proofs of leakage resilience allows verification of underlying assumptions: the indistinguishability game, involving real vs. simulated leakage, can be 'played' by an evaluator. Using a concrete, block cipher based leakage resilient PRG and high-level simulator definition (based on concatenating two partial leakage traces), they included detailed reasoning why said simulator (for AES-128) resists state-of-the-art side channel attacks.In this paper, we demonstrate a distinguisher against their simulator and thereby falsify their hypothesis. Our distinguishing technique, which is evaluated using concrete implementations of the Standaert et al. simulator on several platforms, is based on 'tracking' consistency (resp. identifying simulator inconsistencies) in leakage traces by means of crosscorrelation. In attempt to rescue the approach, we propose several alternative simulator definitions based on splitting traces at points of low intrinsic cross-correlation. Unfortunately, these come with significant caveats, and we conclude that the most natural way of producing simulated leakage is by using the underlying construction 'as is' (but with a random key).

show abstract

“…Our selection was motivated by the two following criteria: (i) exclude "broken" proposals (i.e. with low-order weaknesses), such as the multiplicative masking in [13], the higherorder masking in [27] (broken in [4]), or Goubin and Martinelli's proposal in [14] (broken in [26]); (ii) exclude schemes that do not systematically generalize to higher-orders, such as the affine masking in [10,32], the threshold implementations in [20], and several ideas from the "early" DPA literature (see [18] for a survey) 1 . This essentially leaves us with Rivain and Prouff's higher-order Boolean masking scheme from CHES 2010 [24] (next denoted as RivP), its optimization by Kim et al using extension fields for the AES S-box implementation in [16] (next denoted as KHL), Genelle et al's solution based on the switching between additive and multiplicative masking [12] (next denoted as GPQ), and the MPCinspired proposal by Roche and Prouff from CHES 2011 [25] (next denoted as RocP).…”

Section: Introductionmentioning

confidence: 99%

Masking vs. multiparty computation: how large is the gap for AES?

2014

View full text Add to dashboard Cite

Abstract. In this paper, we evaluate the performances of state-of-theart higher-order masking schemes for the AES. Doing so, we pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal by Roche and Prouff exploiting MultiParty Computation (MPC) techniques. We show that the additional security features this latter scheme provides (e.g. its glitch-freeness) comes at the cost of large performance overheads. We then study how exploiting standard optimization techniques from the MPC literature can be used to reduce this gap. In particular, we show that "packed secret sharing" based on a modified multiplication algorithm can speed up MPC-based masking when the order of the masking scheme increases. Eventually, we discuss the randomness requirements of masked implementations. For this purpose, we first show with information theoretic arguments that the security guarantees of masking are only preserved if this randomness is uniform, and analyze the consequences of a deviation from this requirement. We then conclude the paper by including the cost of randomness generation in our performance evaluations. These results should help actual designers to choose a masking scheme based on security and performance constraints.

show abstract

Affine Masking against Higher-Order Side Channel Analysis

Cited by 75 publications

References 25 publications

Protecting AES with Shamir’s Secret Sharing Scheme

Protecting AES with Shamir’s Secret Sharing Scheme

Simulatable Leakage: Analysis, Pitfalls, and New Constructions

Masking vs. multiparty computation: how large is the gap for AES?

Contact Info

Product

Resources

About