Masking against Side-Channel Attacks: A Formal Security Proof

  • Emmanuel Prouff
  • Matthieu Rivain
Conference paper

DOI: 10.1007/978-3-642-38348-9_9

Volume 7881 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Prouff E., Rivain M. (2013) Masking against Side-Channel Attacks: A Formal Security Proof. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg

Abstract

Masking is a well-known countermeasure to protect block cipher implementations against side-channel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a security parameter. Although widely used in practice, masking is often considered as an empirical solution and its effectiveness is rarely proved. In this paper, we provide a formal security proof for masked implementations of block ciphers. Specifically, we prove that the information gained by observing the leakage from one execution can be made negligible (in the masking order). To obtain this bound, we assume that every elementary calculation in the implementation leaks a noisy function of its input, where the amount of noise can be chosen by the designer (yet linearly bounded). We further assume the existence of a leak-free component that can refresh the masks of shared variables. Our work can be viewed as an extension of the seminal work of Chari et al.published at CRYPTO in 1999 on the soundness of combining masking with noise to thwart side-channel attacks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Emmanuel Prouff
    • 1
  • Matthieu Rivain
    • 2
  1. 1.ANSSIFrance
  2. 2.CryptoExpertsFrance