Several weaknesses of the implementation for the theoretically secure masking schemes under ISW framework

Abstract

In Cryptology 2003, ISW framework was proposed by Ishai etc. to prove secure higher-order masking schemes against the power attacks. However, the theoretical security of masking can not guarantee the same security in the implementations. In this paper, we discuss whether there exists practical security problem of the provably secure masking schemes, which may lead masking schemes fail to resist attacks. For this purpose, we defined the secure complexity in the first phase of higher-order attack. Using this metric, we analyzed the practical security of software and hardware implementations of masking schemes. These secure problems, including sensitive information reuse and leakage of masking sequence, are widely existed in software and hardware implementations. We have verified that side-channel attack to be valid in the implementations of theoretically secure masking schemes. The experimental results showed there exists sensitive information reuse in software implementation of provably secure masking scheme, and leakage of masking sequence both in software and hardware implementations. Relying on these weaknesses, the secret key can be recovered through side-channel attacks. Furthermore, we proposed several suggestions of possible countermeasures, such as to insert random pseudo operation among masking sequences and to avoid general registers reusing sensitive information in the software implementations.