On the Use of Shamir's Secret Sharing against Side-Channel Analysis
نویسندگان
چکیده
At CHES 2011 Goubin and Martinelli described a new countermeasure against side-channel analysis for AES based on Shamir’s secret-sharing scheme. In the present paper, we exhibit a flaw in this scheme and we show that it is always theoretically broken by a firstorder side-channel analysis. As a consequence of this attack, only a slight adaptation of the scheme proposed by Ben-Or et al. at STOC in 1988 can securely process multiplications on data shared with Shamir’s technique. In the second part of this paper, we propose an improvement of this scheme that leads to a complexity Õ(d) instead of O(d), where d is the number of shares per data.
منابع مشابه
High-order Masking by Using Coding Theory and Its Application to AES
To guarantee that some implementation of a cryptographic scheme is secure against side channel analysis, one needs to formally prove its leakage resilience. A relatively recent trend is to apply methods pertaining to the field of Multi-Party Computation: in particular this means applying secret sharing techniques to design masking countermeasures. It is known besides that there is a strong conn...
متن کاملProtecting AES with Shamir's Secret Sharing Scheme
Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir’s Secret Sharing scheme [23] as an alt...
متن کاملHigher-Order Glitch Resistant Implementation of the PRESENT S-Box
Glitches, occurring from unwanted switching CMOS gates, have been shown to leak information even when side-channel countermeasures are applied to hardware cryptosystems. The polynomial masking scheme presented at CHES 2011 by Roche et al. is a method that offers provable security against side-channel analysis at any order even in the presence of glitches. The method is based on Shamir’s secret ...
متن کاملOn the Simplicity of Converting Leakages from Multivariate to Univariate - (Case Study of a Glitch-Resistant Masking Scheme)
Several masking schemes to protect cryptographic implementations against side-channel attacks have been proposed. A few considered the glitches, and provided security proofs in presence of such inherent phenomena happening in logic circuits. One which is based on multi-party computation protocols and utilizes Shamir’s secret sharing scheme was presented at CHES 2011. It aims at providing securi...
متن کاملOn the Simplicity of Converting Leakages from Multivariate to Univariate
Several masking schemes to protect cryptographic implementations against side-channel attacks have been proposed. A few considered the glitches, and provided security proofs in presence of such inherent phenomena happening in logic circuits. One which is based on multi-party computation protocols and utilizes Shamir’s secret sharing scheme was presented at CHES 2011. It aims at providing securi...
متن کامل