Abstract
We revisit the popular adage that side-channel countermeasures must be combined to be efficient, and study its application to bitslice masking and shuffling. Our main contributions are twofold. First, we improve this combination: by shuffling the shares of a masked implementation rather than its tuples, we can amplify the impact of the shuffling exponentially in the number of shares, while this impact was independent of the masking security order in previous works. Second, we evaluate the masking and shuffling combination’s performance vs. security tradeoff under sufficient noise conditions: we show that the best approach is to mask first (i.e., fill the registers with as many shares as possible) and shuffle the independent operations that remain. We conclude that with moderate but sufficient noise, the “bitslice masking + shuffling” combination of countermeasures is practically relevant, and its interest increases when randomness is expensive and many independent operations are available for shuffling. When these conditions are not met, masking only is the best option. As additional side results, we improve the best known attack against the shuffling countermeasure from ASIACRYPT 2012. We also recall that algorithmic countermeasures like masking and shuffling, and therefore their combination, cannot be implemented securely without a minimum level of physical noise.
Highlights
Ever since the introduction of Differential Power Analysis (DPA) by Kocher et al [KJJ99], the idea that side-channel countermeasures must be combined to be effective has become a mantra
We introduce the notations used in the paper, the information theoretic tools needed for our evaluations and the two side-channel countermeasures we investigate, together with a discussion of their quantitative impact on the leakages
We observe the resulting MI and PIs according to the noise parameter σ2: direct permutation leakages" (DPLeak) AC12 is the label of the model m AC12(·|·) and DPLeak New is the label of the model m New(·|·)
Summary
Ever since the introduction of Differential Power Analysis (DPA) by Kocher et al [KJJ99], the idea that side-channel countermeasures must be combined to be effective has become a mantra. By “much better protection”, one implicitly means that the complexity of an attack against a combination of countermeasures should be higher than the sum of the complexities to attack each countermeasure separately. Following this intuition, any pair of countermeasures could potentially be combined, raising the question of whether they lead to concrete benefits in terms of security vs performance tradeoff. When masking the implementation, we use the notation yj for the j-th share of the vector y, such that the element-wise addition d−1 j=0 yj = y. We further denote yij as the j-th share of element i such that d−1 j=0 yij yi
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
