Paper 2012/567

Leakage Squeezing of Order Two

Claude Carlet, Jean-Luc Danger, Sylvain Guilley, and Houssem Maghrebi

Abstract

In masking schemes, \emph{leakage squeezing} is the study of the optimal shares' representation, that maximizes the resistance order against high-order side-channel attacks. Squeezing the leakage of first-order Boolean masking has been problematized and solved previously in~\cite{DBLP:conf/africacrypt/MaghrebiCGD12}. The solution consists in finding a bijection $F$ that modifies the mask, in such a way that its graph, seen as a code, be of greatest dual distance. This paper studies second-order leakage squeezing, \emph{i.e.} leakage squeezing with two independent random masks. It is proved that, compared to first-order leakage squeezing, second-order leakage squeezing at least increments (by one unit) the resistance against high-order attacks, such as high-order correlation power analyses (HO-CPA). Now, better improvements over first-order leakage squeezing are possible by relevant constructions of the squeezing bijections pair. We provide with linear bijections that improve by strictly more than one (instead of one) the resistance order. Specifically, when the masking is applied on bytes (which suits AES), resistance against $1$st-order (resp. $2$nd-order) attacks is possible with one (resp. two) masks. Optimal leakage squeezing with one mask resists HO-CPA of orders up to $5$. In this paper, with two masks, we provide resistance against HO-CPA not only of order $5+1=6$, but also of order $7$.

Note: In this paper, some information that is missing in the eponymous INDOCRYPT 2012 publication (due to the 20-page limit) is provided, such as the detail of linear bijections construction in the case n=4, and the truth tables for cases n=8 and n=4.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Extended version of a paper to be published at INDOCRYPT 2012
Contact author(s)
sylvain guilley @ telecom-paristech fr
History
2012-10-07: received
Short URL
https://ia.cr/2012/567
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/567,
      author = {Claude Carlet and Jean-Luc Danger and Sylvain Guilley and Houssem Maghrebi},
      title = {Leakage Squeezing of Order Two},
      howpublished = {Cryptology ePrint Archive, Paper 2012/567},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/567}},
      url = {https://eprint.iacr.org/2012/567}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.