Abstract
This paper presents a unified approach to quantifying the information leakages in the most general code-based masking schemes. Specifically, by utilizing a uniform representation, we highlight first that all code-based masking schemes’ side-channel resistance can be quantified by an all-in-one framework consisting of two easy-tocompute parameters (the dual distance and the number of conditioned codewords) from a coding-theoretic perspective. In particular, we use signal-to-noise ratio (SNR) and mutual information (MI) as two complementary metrics, where a closed-form expression of SNR and an approximation of MI are proposed by connecting both metrics to the two coding-theoretic parameters. Secondly, considering the connection between Reed-Solomon code and SSS (Shamir’s Secret Sharing) scheme, the SSS-based masking is viewed as a particular case of generalized code-based masking. Hence as a straightforward application, we evaluate the impact of public points on the side-channel security of SSS-based masking schemes, namely the polynomial masking, and enhance the SSS-based masking by choosing optimal public points for it. Interestingly, we show that given a specific security order, more shares in SSS-based masking leak more information on secrets in an information-theoretic sense. Finally, our approach provides a systematic method for optimizing the side-channel resistance of every code-based masking. More precisely, this approach enables us to select optimal linear codes (parameters) for the generalized code-based masking by choosing appropriate codes according to the two coding-theoretic parameters. Summing up, we provide a best-practice guideline for the application of code-based masking to protect cryptographic implementations.
Highlights
Masking is one of the most well-studied countermeasures to protect cryptographic implementations against side-channel attacks due to the favorable provable security it provides
This paper presented a unified approach to quantifying the information leakages of codebased masking in the most general case, namely generalized code-based masking (GCM), which already encompasses many state-of-the-art masking schemes
The signal-to-noise ratio and mutual information are used as two complementary metrics to quantify the lowest degree of key-dependent leakages
Summary
Masking is one of the most well-studied countermeasures to protect cryptographic implementations against side-channel attacks due to the favorable provable security it provides. Thanks to the well-established concept of (Strong) Non-Inference (NI and SNI) introduced by Barthe et al [BBD+16], the basic gadgets carrying out the elementary operations (e.g., addition, multiplication, etc.) can be composed to construct the whole implementation without losing the claimed security properties. Regarding the former, the encoding is a more fundamental ingredient in masking that provides the achievable upper bounds of side-channel security order with tunable public parameters. A unified quantification approach would formalize and compare the security of different encodings and find optimal parameters for a specific masking scheme
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
