Abstract
There exists many masking schemes to protect implementations of cryptographic operations against side-channel attacks. It is common practice to analyze the security of these schemes in the probing model, or its variant which takes into account physical effects such as glitches and transitions. Although both effects exist in practice and cause leakage, masking schemes implemented in hardware are often only analyzed for security against glitches. In this work, we fill this gap by proving sufficient conditions for the security of hardware masking schemes against transitions, leading to the design of new masking schemes and a proof of security for an existing masking scheme in presence of transitions. Furthermore, we give similar results in the stronger model where the effects of glitches and transitions are combined.
Highlights
Masking is a well-known countermeasure against side-channel attacks
The Probe-Isolating Non-Interference (PINI) composition strategy [CS20] was originally introduced for the standard probing model: a circuit composed of PINI gadgets can be analyzed as if it was split into d shares, and an adversary putting a probe in a circuit share gets only information about the inputs to that circuit share, while learning nothing about the other shares
Let I be a set of inputs of the canonical execution of G and Ii be its translation to gadget whose executions are (Gi)
Summary
Masking is a well-known countermeasure against side-channel attacks. A common form of masking is Boolean masking: during computations, a sensitive value x ∈ Fq is replaced with a sharing (x0, . . . , xd−1) ∈ Fdq such that i xi = x. We study the problem of transitions in hardware masked implementations, aiming mainly to prove that some schemes are secure in the transition-robust probing model. Our motivations for this purpose are threefold. 138 Provably Secure Hardware Masking in the Transition- and Glitch-Robust Probing Model: Better Safe than Sorry and to guide new designs. It turns out analyzing transitions is non-trivial and requires additional refinements of the standard circuit models used in probing security proofs.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
