Paper 2023/406

Quasi-linear masking to protect against both SCA and FIA

Claude Carlet, Department of Mathematics, University of Paris 8 (and Paris 13 and CNRS), Saint--Denis Cedex 02, France., University of Bergen, Norway
Abderrahman Daif, BULL SAS, Les Clayes-sous-Bois, France
Sylvain Guilley, Secure-IC S.A.S., Paris, France, Telecom Paris, Institut Polytechnique de Paris, Palaiseau, France
Cédric Tavernier, Hensoldt France, Plaisir, France
Abstract

The implementation of cryptographic algorithms must be protected against physical attacks. Side-channel and fault injection analyses are two prominent such implem\-entation-level attacks. Protections against either do exist; they are characterized by security orders: the higher the order, the more difficult the attack. In this paper, we leverage fast discrete Fourier transform to reduce the complexity of high-order masking, and extend it to allow for fault detection and/or correction. The security paradigm is that of code-based masking. Coding theory is amenable both to mix the information and masking material at a prescribed order, and to detect and/or correct errors purposely injected by an attacker. For the first time, we show that quasi-linear masking (pioneered by Goudarzi, Joux and Rivain at ASIACRYPT 2018) can be achieved alongside with cost amortisation. This technique consists in masking several symbols/bytes with the same masking material, therefore improving the efficiency of the masking. Similarly, it allows to optimize the detection capability of codes as linear codes are all the more efficient as the information to protect is longer. Namely, we prove mathematically that our scheme features side-channel security order of $d+1-t$, detects $d$ faults and corrects $\lfloor(d-1)/2\rfloor$ faults, where $2d+1$ is the encoding length and $t$ is the information size ($t\geq1$). Applied to AES, one can get side-channel protection of order $d=7$ when masking one column/line ($t=4$ bytes) at once. In addition to the theory, that makes use of the Frobenius Additive Fast Fourier Transform, we show performance results, both in software and hardware.

Note: Paper accepted at TCHES 2024/01

Metadata
Available format(s)
PDF
Category
Applications
Publication info
A minor revision of an IACR publication in TCHES 2024
Keywords
Side-channel analysis (SCA)Fault injection analysis (FIA)Code-Based MaskingFault DetectionCost amortization
Contact author(s)
claude carlet @ gmail com
daif abde @ yahoo fr
sylvain guilley @ secure-ic com
tavernier cedric @ gmail com
History
2023-11-11: last of 2 revisions
2023-03-21: received
See all versions
Short URL
https://ia.cr/2023/406
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/406,
      author = {Claude Carlet and Abderrahman Daif and Sylvain Guilley and Cédric Tavernier},
      title = {Quasi-linear masking to protect against both SCA and FIA},
      howpublished = {Cryptology ePrint Archive, Paper 2023/406},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/406}},
      url = {https://eprint.iacr.org/2023/406}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.