Higher Order Masking of Look-Up Tables
نویسنده
چکیده
We describe a new algorithm for masking look-up tables of block-ciphers at any order, as a countermeasure against side-channel attacks. Our technique is a generalization of the classical randomized table countermeasure against first-order attacks. We prove the security of our new algorithm against t-th order attacks in the usual Ishai-Sahai-Wagner model from Crypto 2003; we also improve the bound on the number of shares from n ≥ 4t + 1 to n ≥ 2t + 1 for an adversary who can adaptively move its probes between successive executions. Our algorithm has the same time complexity O(n) as the Rivain-Prouff algorithm for AES, and its extension by Carlet et al. to any look-up table. In practice for AES our algorithm is less efficient than Rivain-Prouff, which can take advantage of the special algebraic structure of the AES Sbox; however for DES our algorithm performs slightly better.
منابع مشابه
High Order Masking of Look-up Tables with Common Shares
Masking is an effective countermeasure against side-channel attacks. In this paper, we improve the efficiency of the high-order masking of look-up tables countermeasure introduced at Eurocrypt 2014, based on a combination of three techniques, and still with a proof of security in the Ishai-Sahai-Wagner (ISW) probing model. The first technique consists in proving security under the stronger t-SN...
متن کاملMasking with Randomized Look Up Tables - Towards Preventing Side-Channel Attacks of All Orders
We propose a new countermeasure to protect block ciphers implemented in leaking devices, at the intersection between One-Time Programs and Boolean masking schemes. First, we show that this countermeasure prevents side-channel attacks of all orders during the execution of a protected block cipher implementation, given that some secure precomputations can be performed. Second, we show that taking...
متن کاملSide-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives
Block Memory Content Scrambling (BMS), presented at CHES 2011, enables an effective way of first-order side-channel protection for cryptographic primitives at the cost of a significant reconfiguration time for the mask update. In this work we analyze alternative ways to implement dynamic first-order masking of AES with randomized lookup tables that can reduce this mask update time. The memory p...
متن کاملProvably Secure Countermeasures against Side-channel Attacks
Side-channel attacks exploit the fact that the implementations of cryptographic algorithms leak information about the secret key. In power analysis attacks, the observable leakage is the power consumption of the device, which is dependent on the processed data and the performed operations. Masking is a widely used countermeasure to thwart the powerful Differential Power Analysis (DPA) attacks. ...
متن کاملEfficient Conversion Method from Arithmetic to Boolean Masking in Constrained Devices
A common technique employed for preventing a side channel analysis is boolean masking. However, the application of this scheme is not so straightforward when it comes to block ciphers based on AdditionRotation-Xor structure. In order to address this issue, since 2000, scholars have investigated schemes for converting Arithmetic to Boolean (AtoB) masking and Boolean to Arithmetic (BtoA) masking ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013