Higher-Order Masking Schemes for Simon

Abstract

Open image in new window is a highly optimized lightweight block cipher designed by the U.S. National Security Agency (NSA) and it is considered a promising candidate for resource-constrained embedded applications. Previous analysis results show that its unprotected implementations are vulnerable to side-channel attack (SCA). Thus, for its implementations on embedded platforms, protection against side-channel attacks must be taken into account. Up to now, several masking schemes were presented for Open image in new window . However, those schemes just provide resistance against the first-order SCA and can be broken in practice by second-order or higher-order SCA. In order to deal with those attacks, higher-order masking is needed. The existing higher-order masking schemes were mainly designed for block ciphers based on s-box, invalid for Open image in new window . Therefore it is necessary to design higher-order masking schemes for Open image in new window . In this paper, we present two higher-order boolean masking schemes for the software implementations of Open image in new window . The first is based on the famous ISW scheme proposed at Crypto 2003, and the second is based on the design principle similar to the masking scheme proposed by Coron et al. at FSE 2013. The two proposals are proven to achieve \(d^{th}\)-order SCA security in the probing model and they are shown to have a reasonable implementation cost on 8-bit AVR platforms by the evaluation of implementation efficiency.