Advertisement

High-Order Conversion from Boolean to Arithmetic Masking

  • Jean-Sébastien CoronEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10529)

Abstract

Masking with random values is an effective countermeasure against side-channel attacks. For cryptographic algorithms combining arithmetic and Boolean masking, it is necessary to switch from arithmetic to Boolean masking and vice versa. Following a recent approach by Hutter and Tunstall, we describe a high-order Boolean to arithmetic conversion algorithm whose complexity is independent of the register size k. Our new algorithm is proven secure in the Ishai, Sahai and Wagner (ISW) framework for private circuits. In practice, for small orders, our new countermeasure is one order of magnitude faster than previous work.

We also describe a 3rd-order attack against the 3rd-order Hutter-Tunstall algorithm, and a constant, 4th-order attack against the t-th order Hutter-Tunstall algorithms, for any \(t \ge 4\).

Supplementary material

References

  1. [BBD+16]
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October, pp. 116–129 (2016)Google Scholar
  2. [BSS+13]
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013, 404 (2013)Google Scholar
  3. [CGTV15]
    Coron, J.-S., Großschädl, J., Tibouchi, M., Vadnala, P.K.: Conversion from arithmetic to boolean masking with logarithmic complexity. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 130–149. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48116-5_7 CrossRefGoogle Scholar
  4. [CGV14]
    Coron, J.-S., Großschädl, J., Vadnala, P.K.: Secure conversion between boolean and arithmetic masking of any order. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 188–205. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_11 Google Scholar
  5. [CJRR99]
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 CrossRefGoogle Scholar
  6. [Cor17]
    Coron, J.-S.: High-order conversion from boolean to arithmetic masking. Cryptology ePrint Archive, Report 2017/252 (2017). http://eprint.iacr.org/2017/252
  7. [CRRY99]
    Contini, S., Rivest, R.L., Robshaw, M.J.B., Yin, Y.L.: Improved analysis of some simplified variants of RC6. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 1–15. Springer, Heidelberg (1999). doi: 10.1007/3-540-48519-8_1 CrossRefGoogle Scholar
  8. [DDF14]
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_24 CrossRefGoogle Scholar
  9. [Gou01]
    Goubin, L.: A sound method for switching between boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 3–15. Springer, Heidelberg (2001). doi: 10.1007/3-540-44709-1_2 CrossRefGoogle Scholar
  10. [GP99]
    Goubin, L., Patarin, J.: DES and differential power analysis the “Duplication” method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). doi: 10.1007/3-540-48059-5_15 CrossRefGoogle Scholar
  11. [HT16]
    Hutter, M., Tunstall, M.: Constant-time higher-order boolean-to-arithmetic masking. Cryptology ePrint Archive, Report 2016/1023 (2016). http://eprint.iacr.org/2016/1023. Version posted on 22 Dec 2016
  12. [ISW03]
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_27 CrossRefGoogle Scholar
  13. [LM90]
    Lai, X., Massey, J.L.: A proposal for a new block encryption standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991). doi: 10.1007/3-540-46877-3_35 Google Scholar
  14. [NIS95]
    NIST. Secure hash standard. In: Federal Information Processing Standard, FIPA-180-1 (1995)Google Scholar
  15. [NW97]
    Needham, R.M., Wheeler, D.J.: Tea extentions. Technical report, Computer Laboratory, University of Cambridge (1997)Google Scholar
  16. [OMHT06]
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006). doi: 10.1007/11605805_13 CrossRefGoogle Scholar
  17. [PR13]
    Prouff, E., Rivain, M.: Higher-order side channel security and mask refreshing. In: Advances in Cryptology - EUROCRYPT 2013 - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Proceedings, pp. 142–159 (2013)Google Scholar
  18. [RP10]
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15031-9_28 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  1. 1.University of LuxembourgLuxembourgLuxembourg

Personalised recommendations