Skip to main content

Polynomial direct sum masking to protect against both SCA and FIA


Side-channel attacks (SCAs) and fault injection attacks (FIAs) allow an opponent to have partial access to the internal behavior of the hardware. Since the end of the 1990s, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state of the art, there exist several countermeasures to protect symmetric encryption (especially AES-128). Most of them protect only against one of these two attacks (SCA or FIA). A method called ODSM has been proposed to withstand SCA and FIA, but its implementation in the whole algorithm is a big open problem when no particular hardware protection is possible. In the present paper, we propose a practical masking scheme specifying ODSM which makes it possible to protect the symmetric encryption against these two attacks.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3


  1. Anderson, R.J., Kuhn, M.G.: Low cost attacks on tamper resistant devices. In: 5th International Workshop on Security Protocols, Paris, France, April 7–9, 1997, Proceedings, pp. 125–136 (1997)

  2. Azzi, S., Barras, B., Christofi, M., Vigilant, D.: Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification. J. Cryptogr. Eng. 7(1), 75–85 (2017)

    Article  Google Scholar 

  3. Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I

  4. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  5. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, May 2–4, 1988, Chicago, Illinois, USA, pp. 1–10 (1988)

  6. Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: 11th International Workshop on Selected Areas in Cryptography, SAC, Waterloo, Canada, August 9–10, Revised Selected Papers 2004, pp. 69–83 (2004)

  7. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  8. Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking—a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks. In: Information Security Theory and Practice. Securing the Internet of Things—8th IFIP WG 11.2 International Workshop, WISTP 2014, Heraklion, Crete, Greece, June 30–July 2, 2014. Proceedings , pp. 40–56 (2014)

  9. Bringer, J., Chabanne, H., Le, T.: Protecting AES against side-channel analysis using wire-tap codes. J. Cryptogr. Eng. 2(2), 129–141 (2012)

    Article  Google Scholar 

  10. Bruneau, N., Guilley, S., Heuser, A., Rioul, O., Standaert, F., Teglia, Y.: Taylor expansion of maximum likelihood attacks for masked and shuffled implementations. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 573–601 (2016)

  11. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Advances in Cryptology—CRYPTO’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, pp. 398–412 (1999)

  12. Daemen, J., Rijmen, V.: Aes proposal: Rijndael (1999)

  13. Goubin, L., Martinelli, A.: Protecting AES with Shamir’s secret sharing scheme. In: Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, September 28–October 1, 2011. Proceedings, pp. 79–94 (2011)

  14. Goubin, L., Patarin, J.: DES and differential power analysis (the “duplication” method). In: Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings, pp. 158–172 (1999)

  15. Guilley, S., Heuser, A., Rioul, O. Codes for side-channel attacks and protections. In: Codes, Cryptology and Information Security—Second International Conference, C2SI: Rabat, Morocco, April 10–12, 2017. Proceedings—In Honor of Claude Carlet 2017, pp. 35–55 (2017)

  16. Ishai, Y., Sahai, A., Wagner, D.A.: Private circuits: securing hardware against probing attacks. In: Advances in Cryptology—CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 2003, Proceedings, pp. 463–481 (2003)

  17. Massey, J.L.: Linear codes with complementary duals. Discrete Math. 106–107, 337–342 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  18. Poussier, R., Guo, Q., Standaert, F., Carlet, C., Guilley, S.: Connecting and improving direct sum masking and inner product masking. In: Smart Card Research and Advanced Applications—16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, pp. 123–141 (2017)

  19. Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop, Nara, Japan, September 28–October 1, 2011. Proceedings, pp. 63–78 (2011)

  20. Rijmen, V., Daemen, J.: Advanced encryption standard. In: Proceedings of Federal Information Processing Standards Publications, National Institute of Standards and Technology, pp. 19–22 (2001)

  21. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17–20, 2010. Proceedings (2010)

  22. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Cryptographic Hardware and Embedded Systems—CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009, Proceedings, pp. 171–188 (2009)

  23. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Abderrahman Daif.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Carlet, C., Daif, A., Guilley, S. et al. Polynomial direct sum masking to protect against both SCA and FIA. J Cryptogr Eng 9, 303–312 (2019).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Masking countermeasure
  • Error correcting codes
  • Side-channel attack
  • Fault injection attack
  • AES