High-order Masking by Using Coding Theory and Its Application to AES

To guarantee that some implementation of a cryptographic scheme is secure against side channel analysis, one needs to formally prove its leakage resilience. A relatively recent trend is to apply methods pertaining to the field of Multi-Party Computation: in particular this means applying secret sharing techniques to design masking countermeasures. It is known besides that there is a strong connection between secret sharing schemes and error-correcting codes, namely every linear code gives rise to a linear secret sharing scheme. However, the schemes mostly used in practice are the so-called Boolean masking and Shamir’s secret sharing scheme and it is widely thought that they are the most adapted to masking techniques because they correspond to MDS codes that are in some sense optimal. We propose alternative masking techniques that rely on non-MDS linear codes: these codes are non-binary but have an underlying binary structure which is that of a self-orthogonal binary code. Their being non-MDS is compensated by the fact that the distributed multiplication procedure is more efficient than with MDS codes due to an efficient encoding process and that the distributed computation of squares comes at almost no cost. In protecting AES against high-order side channel analysis, this approach is more efficient than methods using Shamir’s secret sharing scheme and competitive with Boolean masking.