Skip to main content
SpringerLink
Log in

Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizations

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Refreshing algorithms are a critical ingredient for secure masking. They are instrumental in enabling sound composability properties for complex circuits, and their randomness requirements dominate the performance overheads in (very) high-order masking. In this paper, we improve a proposal of mask refreshing algorithms from EUROCRYPT 2017 that has excellent implementation properties in software and hardware, in two main directions. First, we provide a generic proof that this algorithm is secure at arbitrary orders—a problem that was left open so far. We introduce parametrized non-interference as a new technical ingredient for this purpose that may be of independent interest. Second, we use automated tools to further explore the design space of such algorithms and provide the best known parallel mask refreshing gadgets for concretely relevant security orders. Incidentally, we also prove the security of a recent proposal of mask refreshing with improved resistance against horizontal attacks from CHES 2017.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

Notes

  1. In our notations, \({{\mathbf {x}}}^{{i}}\) always has to be interpreted modulo \(t+1\), i.e., \({{\mathbf {x}}}^{{i}} \mathrel {\triangleq }{{\mathbf {x}}}^{{i \bmod t+1}}\).

  2. We note that another algorithm can be obtained by producing multiple encodings of 0 via \(\mathsf {ZeroBlock}\) and adding them together after they are produced. This algorithm has a marginally higher memory complexity, and we believe this makes no difference to security—which we leave as a scope for further investigations.

References

  1. Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I, Volume 9665 of LNCS, pp. 622–643. Springer, Heidelberg (2016)

    Google Scholar 

  2. Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B.: Compositional verification of higher-order masking: application to a verifying masking compiler. Cryptology ePrint Archive, Report 2015/506. http://eprint.iacr.org/2015/506

  3. Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y.: Verified proofs of higher-order masking. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I, Volume 9056 of LNCS, pp. 457–485. Springer, Heidelberg (2015)

    MATH  Google Scholar 

  4. Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16, pp. 116–129. ACM Press, New York (2016)

    Chapter  Google Scholar 

  5. Barthe, G., Dupressoir, F., Faust, S., Grégoire, B., Standaert, F.-X., Strub, P.-Y.: Parallel implementations of masking schemes and the bounded moment leakage model. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I, Volume 10210 of LNCS, pp. 535–566. Springer, Heidelberg (2017)

    MATH  Google Scholar 

  6. Battistello, A., Coron, J.-S., Prouff, E., Zeitoun, R.: Horizontal side-channel attacks and countermeasures on the ISW masking scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016, Volume 9813 of LNCS, pp. 23–39. Springer, Heidelberg (2016)

    Google Scholar 

  7. Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II, Volume 9666 of LNCS, pp. 616–648. Springer, Heidelberg (2016)

    MATH  Google Scholar 

  8. Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic decomposition for probing security. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015, Part I, Volume 9215 of LNCS, pp. 742–763. Springer, Heidelberg (2015)

    Google Scholar 

  9. Cassiers, G., Standaert, F.-X.: Improved bitslice masking: from optimized non-interference to probe isolation. IACR Cryptol. ePrint Arch. 2018, 438 (2018)

    Google Scholar 

  10. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014, Volume 8441 of LNCS, pp. 441–458. Springer, Heidelberg (2014)

    Google Scholar 

  11. Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007, Volume 4727 of LNCS, pp. 28–44. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  12. Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013, Volume 8424 of LNCS, pp. 410–424. Springer, Heidelberg (2014)

    Google Scholar 

  13. Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014, Volume 8441 of LNCS, pp. 423–440. Springer, Heidelberg (2014)

    Google Scholar 

  14. Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete—or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I, Volume 9056 of LNCS, pp. 401–429. Springer, Heidelberg (2015)

    Google Scholar 

  15. Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting circuits from leakage: the computationally-bounded and noisy cases. In: Gilbert, H. (ed.) EUROCRYPT 2010, Volume 6110 of LNCS, pp. 135–156. Springer, Heidelberg (2010)

    Google Scholar 

  16. Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science. Springer (2017)

  17. Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16, pp. 1626–1638. ACM Press, New York (2016)

    Chapter  Google Scholar 

  18. Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I, Volume 10210 of LNCS, pp. 567–597. Springer, Heidelberg (2017)

    Google Scholar 

  19. Groß, H., Mangard, S.: Reconciling d+1 masking in hardware and software. In: Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science, pp. 115–136. Springer (2017)

  20. Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: 24th USENIX Security Symposium, USENIX Security 15, Washington, DC, USA, August 12–14, 2015, pp. 897–912 (2015)

  21. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003, Volume 2729 of LNCS, pp. 463–481. Springer, Heidelberg (2003)

    Google Scholar 

  22. Journault, A., Standaert, F.-X.: Very high order masking: efficient implementation and security evaluation. In: Fischer, W., Homma, N. (eds.): Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Volume 10529 of Lecture Notes in Computer Science, pp. 623–643. Springer (2017)

  23. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO’99, Volume 1666 of LNCS, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  24. Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013, Volume 7881 of LNCS, pp. 142–159. Springer, Heidelberg (2013)

    Google Scholar 

  25. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: CHES, Volume 6225 of Lecture Notes in Computer Science, pp. 413–427. Springer (2010)

  26. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, Volume 3860 of LNCS, pp. 208–225. Springer, Heidelberg (2006)

    Google Scholar 

  27. Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 62–74 (2010)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). This work has been funded in parts by the European Union through the ERC project SWORD (724725).

Author information

Authors and Affiliations

  1. IMDEA Software Institute, Madrid, Spain

    Gilles Barthe

  2. CryptoExperts, Paris, France

    Sonia BelaĂŻd

  3. University of Surrey, Guildford, UK

    François Dupressoir

  4. Université de Rennes 1, Rennes, France

    Pierre-Alain Fouque

  5. Inria Sophia-Antipolis – Méditerranée, Valbonne, France

    Benjamin Grégoire

  6. ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium

    François-Xavier Standaert

  7. Ecole Polytechnique, Palaiseau, France

    Pierre-Yves Strub

Authors
  1. Gilles Barthe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sonia BelaĂŻd
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. François Dupressoir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre-Alain Fouque
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Benjamin Grégoire
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Pierre-Yves Strub
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to François-Xavier Standaert.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Barthe, G., Belaïd, S., Dupressoir, F. et al. Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizations. J Cryptogr Eng 10, 17–26 (2020). https://doi.org/10.1007/s13389-018-00202-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-018-00202-2

Keywords

Search

Navigation