Paper 2017/271

High Order Masking of Look-up Tables with Common Shares

Jean-Sebastien Coron, Franck Rondepierre, and Rina Zeitoun

Abstract

Masking is an effective countermeasure against side-channel attacks. In this paper, we improve the efficiency of the high-order masking of look-up tables countermeasure introduced at Eurocrypt 2014, based on a combination of three techniques, and still with a proof of security in the Ishai-Sahai-Wagner (ISW) probing model. The first technique consists in proving security under the stronger t-SNI definition, which enables to use n=t+1 shares instead of n=2t+1 against t-th order attacks. The second technique consists in progressively incrementing the number of shares within the countermeasure, from a single share to n, thereby reducing the complexity of the countermeasure. The third technique consists in adapting the common shares approach introduced by Coron et al. at CHES 2016, so that half of a randomized look-up table can be pre-computed for multiple SBoxes. When combined, our three techniques lead to a factor 10.7 improvement in efficiency, asymptotically for a large number of shares n. For a practical implementation with a reasonable number of shares, we get a 4.8 speed-up factor compared to the initial countermeasure for AES.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in TCHES 2018
Keywords
Side-channel countermeasureISW probing model.
Contact author(s)
jean-sebastien coron @ uni lu
History
2018-01-10: revised
2017-03-25: received
See all versions
Short URL
https://ia.cr/2017/271
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/271,
      author = {Jean-Sebastien Coron and Franck Rondepierre and Rina Zeitoun},
      title = {High Order Masking of Look-up Tables with Common Shares},
      howpublished = {Cryptology ePrint Archive, Paper 2017/271},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/271}},
      url = {https://eprint.iacr.org/2017/271}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.