Low Entropy Masking Schemes, Revisited
نویسندگان
چکیده
Low Entropy Masking Schemes (LEMS) are a recent countermeasure against side-channel attacks. They aim at reducing the randomness requirements of masking schemes under certain (adversarial and implementation) conditions. Previous works have put forward the interest of this approach when such conditions are met. We complement these investigations by analyzing LEMS against adversaries and implementations that deviate from their expected behavior, in a realistic manner. Our conclusions are contrasted: they confirm the theoretical interest of the countermeasure, while suggesting that its exploitation in actual products may be risky, because of hard(er) to control hardware assumptions.
منابع مشابه
On the Vulnerability of Low Entropy Masking Schemes
Low Entropy Masking Schemes (LEMS) have been proposed to offer a reasonable tradeoff between the good protection against side-channel attacks offered by masking countermeasures and the high overhead that results from their implementation. Besides the limited analysis done in the original proposals of LEMS, their specific leakage characteristics have not yet been analyzed. This work explores the...
متن کاملInner Product Masking Revisited
Masking is a popular countermeasure against side channel attacks. Many practical works use Boolean masking because of its simplicity, ease of implementation and comparably low performance overhead. Some recent works have explored masking schemes with higher algebraic complexity and have shown that they provide more security than Boolean masking at the cost of higher overheads. In particular, ma...
متن کاملEntropy of Hybrid Censoring Schemes
A hybrid censoring scheme is a mixture of type I and type II censoring schemes. When $n$ items are placed on a life test, the experiment terminates under type I or type II hybrid censoring scheme if either a pre-fixed censoring time T or the rth (1<=r<=n is fixed) failure is first or later observed, respectively. In this paper, we investigate the decomposition of entropy in both hybrid cen...
متن کاملInner Product Masking for Bitslice Ciphers and Security Order Amplification for Linear Leakages
Designers of masking schemes are usually torn between the contradicting goals of maximizing the security gains while minimizing the performance overheads. Boolean masking is one extreme example of this tradeoff: its algebraic structure is as simple as can be (and so are its implementations), but it typically suffers more from implementation weaknesses. For example knowing one bit of each share ...
متن کاملReconciling d+1 Masking in Hardware and Software
The continually growing number of security-related autonomous devices requires efficient mechanisms to counteract low-cost side-channel analysis (SCA) attacks. Masking provides high resistance against SCA at an adjustable level of security. A high level of SCA resistance, however, goes hand in hand with an increasing demand for fresh randomness which drastically increases the implementation cos...
متن کامل