Private Multiplication over Finite Fields

  • Sonia BelaïdEmail author
  • Fabrice Benhamouda
  • Alain Passelègue
  • Emmanuel Prouff
  • Adrian Thillard
  • Damien Vergnaud
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10403)


The notion of privacy in the probing model, introduced by Ishai, Sahai, and Wagner in 2003, is nowadays frequently involved to assess the security of circuits manipulating sensitive information. However, provable security in this model still comes at the cost of a significant overhead both in terms of arithmetic complexity and randomness complexity. In this paper, we deal with this issue for circuits processing multiplication over finite fields. Our contributions are manifold. Extending the work of Belaïd, Benhamouda, Passelègue, Prouff, Thillard, and Vergnaud at Eurocrypt 2016, we introduce an algebraic characterization of the privacy for multiplication in any finite field and we propose a novel algebraic characterization for non-interference (a stronger security notion in this setting). Then, we present two generic constructions of multiplication circuits in finite fields that achieve non-interference in the probing model. Denoting by d the number of probes used by the adversary, the first proposal reduces the number of bilinear multiplications (i.e., of general multiplications of two non-constant values in the finite field) to only \(2d+1\) whereas the state-of-the-art was \(O(d^2)\). The second proposal reduces the randomness complexity to d random elements in the underlying finite field, hence improving the \(O(d \log d)\) randomness complexity achieved by Belaïd et al. in their paper. This construction is almost optimal since we also prove that d / 2 is a lower bound. Eventually, we show that both algebraic constructions can always be instantiated in large enough finite fields. Furthermore, for the important cases \(d \in \{2,3\}\), we illustrate that they perform well in practice by presenting explicit realizations for finite fields of practical interest.


Side-channel analysis Probing model Bilinear complexity Randomness complexity Constructions Lower bounds Probabilistic method 



The second author was supported by the Defense Advanced Research Projects Agency (DARPA) and Army Research Office (ARO) under Contract No. W911NF-15-C-0236. The third author was supported in part from a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. The fourth and fifth authors were supported in part by the European Union’s H2020 Programme under grant agreement number ICT-731591 (REASSURE). The fifth author was supported in part by the French ANR project BRUTUS, ANR-14-CE28-0015.


  1. 1.
    Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 486–510. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_19 Google Scholar
  2. 2.
    Balasch, J., Faust, S., Gierlichs, B., Verbauwhede, I.: Theory and practice of a leakage resilient masking scheme. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 758–775. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_45 CrossRefGoogle Scholar
  3. 3.
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.A., Grégoire, B., Strub, P.Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16, pp. 116-129. ACM Press, October 2016Google Scholar
  4. 4.
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 616–648. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_22 CrossRefGoogle Scholar
  5. 5.
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. Cryptology ePrint Archive, Report 2016/211 (2016). full version of [4].
  6. 6.
    Carlet, C., Prouff, E.: Polynomial evaluation and side channel analysis. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 315–341. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49301-4_20. CrossRefGoogle Scholar
  7. 7.
    Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic decomposition for probing security. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 742–763. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_36 CrossRefGoogle Scholar
  8. 8.
    Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic decomposition for probing security. Cryptology ePrint Archive, Report 2016/321 (2016). full version of [7].
  9. 9.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 CrossRefGoogle Scholar
  10. 10.
    Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 410–424. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43933-3_21 Google Scholar
  11. 11.
    Coron, J.-S., Prouff, E., Roche, T.: On the use of Shamir’s secret sharing against side-channel analysis. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 77–90. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37288-9_6 CrossRefGoogle Scholar
  12. 12.
    Coron, J.-S., Roy, A., Vivek, S.: Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 170–187. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_10 Google Scholar
  13. 13.
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_24 CrossRefGoogle Scholar
  14. 14.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_16 Google Scholar
  15. 15.
    Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting circuits from leakage: the computationally-bounded and noisy cases. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 135–156. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_7 CrossRefGoogle Scholar
  16. 16.
    Goubin, L., Patarin, J.: DES and differential power analysis the “duplication” method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). doi: 10.1007/3-540-48059-5_15 CrossRefGoogle Scholar
  17. 17.
    Gross, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. IACR Cryptology ePrint Archive 2016, p. 486 (2016). To appear in the proceedings of CARDIS 2016
  18. 18.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_27 CrossRefGoogle Scholar
  19. 19.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi: 10.1007/3-540-68697-5_9 Google Scholar
  20. 20.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J Cryptol. 24(2), 292–321 (2011). MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_9 CrossRefGoogle Scholar
  22. 22.
    Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_5 CrossRefGoogle Scholar
  23. 23.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_37 CrossRefGoogle Scholar
  24. 24.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15031-9_28 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Sonia Belaïd
    • 1
    Email author
  • Fabrice Benhamouda
    • 2
  • Alain Passelègue
    • 3
  • Emmanuel Prouff
    • 4
    • 5
  • Adrian Thillard
    • 6
  • Damien Vergnaud
    • 7
    • 8
  1. 1.Thales Communications & SecurityGennevilliersFrance
  2. 2.IBM ResearchYorktown HeightsUSA
  3. 3.UCLALos AngelesUSA
  4. 4.Safran Identity and SecurityParisFrance
  5. 5.Sorbonne Universitès, UPMC Univ Paris 06, CNRS, INRIA, Laboratoire d’Informatique de Paris 6 (LIP6), Équipe PolSysParisFrance
  6. 6.ANSSIParisFrance
  7. 7.Département d’informatique de L’ENS, École normale supérieure, CNRS, PSL Research UniversityParisFrance
  8. 8.INRIAParisFrance

Personalised recommendations