Protecting AES with Shamir's Secret Sharing Scheme
نویسندگان
چکیده
Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir’s Secret Sharing scheme [23] as an alternative to Boolean masking. We detail its implementation for the AES using the same tool than Rivain and Prouff in CHES 2010 [17]: multi-party computation. We then conduct a security analysis of our scheme in order to compare it to Boolean masking. Our results show that for a given amount of noise the proposed scheme implemented to the first order provides the same security level as 3 up to 4 order boolean masking, together with a better efficiency.
منابع مشابه
High-order Masking by Using Coding Theory and Its Application to AES
To guarantee that some implementation of a cryptographic scheme is secure against side channel analysis, one needs to formally prove its leakage resilience. A relatively recent trend is to apply methods pertaining to the field of Multi-Party Computation: in particular this means applying secret sharing techniques to design masking countermeasures. It is known besides that there is a strong conn...
متن کاملOn the Use of Shamir's Secret Sharing against Side-Channel Analysis
At CHES 2011 Goubin and Martinelli described a new countermeasure against side-channel analysis for AES based on Shamir’s secret-sharing scheme. In the present paper, we exhibit a flaw in this scheme and we show that it is always theoretically broken by a firstorder side-channel analysis. As a consequence of this attack, only a slight adaptation of the scheme proposed by Ben-Or et al. at STOC i...
متن کاملA New Method for Construction Multiple Assignment Schemes for Generalized Secret Sharing
A secret sharing scheme is a way of protecting a secret by distributing partial information to a set of participants P in such a way that only authorized subsets of P can recover the secret. The family of authorized subsets is called the access structure of the scheme. In 1979, threshold schemes were proposed to realize threshold access structures, and in 1987, multiple assignment schemes were ...
متن کاملSecurity Analysis of a Hash-Based Secret Sharing Scheme
Secret sharing schemes perform an important role in protecting se-cret by sharing it among multiple participants. In 1979, (t; n) threshold secret sharing schemes were proposed by Shamir and Blakley independently. In a (t; n) threshold secret sharing scheme a secret can be shared among n partic-ipants such that t or more participants can reconstruct the secret, but it can not be reconstructed b...
متن کاملUsing Shamir's Secret Sharing Scheme and Symmetric Key Encryption to Achieve Data Privacy in Databases
The Internet has become an essential tool for communication and information access, and with growing demand, new challenges and usage continue to surface. A complimentary tool that came to exist in recent years is Cloud Computing an economical solution that serves as an alternative to owning and running computing facilities. While cloud computing has many advantages, there are a number of issue...
متن کامل