Abstract
We improve the state-of-the-art masking schemes in two important directions. First, we propose a new masked multiplication algorithm that satisfies a recently introduced notion called Probe-Isolating Non-Interference (PINI). It captures a sufficient requirement for designing masked implementations in a trivial way, by combining PINI multiplications and linear operations performed share by share. Our improved algorithm has the best reported randomness complexity for large security orders (while the previous PINI multiplication was best for small orders). Second, we analyze the security of most existing multiplication algorithms in the literature against so-called horizontal attacks, which aim to reduce the noise of the actual leakages measured by an adversary, by combining the information of multiple target intermediate values. For this purpose, we leave the (abstract) probing model and consider a specialization of the (more realistic) noisy leakage / random probing models. Our (still partially heuristic but quantitative) analysis allows confirming the improved security of an algorithm by Battistello et al. from CHES 2016 in this setting. We then use it to propose new improved algorithms, leading to better tradeoffs between randomness complexity and noise rate, and suggesting the possibility to design efficient masked multiplication algorithms with constant noise rate in F2.
Highlights
Masking has been established as a well-founded solution to improve security against sidechannel attacks
We propose a new multiplication algorithm which leads to the best known randomness complexity for such large orders – ignoring [BBP+17] and restricting our analysis to boolean masking in F2 which usually leads to the best concrete performances [GR17, JS17]
From a theoretical viewpoint, security against horizontal attacks becomes increasingly important as the number of shares in a masking scheme increases, and optimizations based only on reducing the randomness complexity are not sufficient in this context
Summary
Masking has been established as a well-founded solution to improve security against sidechannel attacks. Since SASCA are among the (if not the) most efficient way to perform horizontal attacks in the current state-of-the-art [GS18], the bounds on the information that can be extracted thanks to SASCA (as provided by the LRPM) can be viewed as a good approximation of the worst-case security level in the noisy leakage model Based on this new tool, we are able to confirm the relevance of the qualitative analysis of Battistello et al in a quantitative manner, and a noise rate in O(1/ log(t)). From a theoretical viewpoint, security against horizontal attacks becomes increasingly important as the number of shares (and claimed security order) in a masking scheme increases, and optimizations based only on reducing the randomness complexity are not sufficient in this context This conclusion is based on quantitative but heuristic evaluations in the LRPM. To what extent black box attacks (e.g., exploiting machine learning / deep learning [MPP16]) can approach the efficiency of SASCA?
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
