Leakage Squeezing of Order Two
In masking schemes, leakage squeezing is the study of the optimal shares’ representation, that maximizes the resistance order against high-order side-channel attacks. Squeezing the leakage of first-order Boolean masking has been problematized and solved previously in . The solution consists in finding a bijection F that modifies the mask, in such a way that its graph, seen as a code, be of greatest dual distance. This paper studies second-order leakage squeezing, i.e. leakage squeezing with two independent random masks. It is proved that, compared to first-order leakage squeezing, second-order leakage squeezing at least increments (by one unit) the resistance against high-order attacks, such as high-order correlation power analyses (HO-CPA). Now, better improvements over first-order leakage squeezing are possible by relevant constructions of squeezing bijections. We provide with linear bijections that improve by strictly more than one (instead of one) the resistance order. Specifically, when the masking is applied on bytes (which suits AES), resistance against 1st-order (resp. 2nd-order) attacks is possible with one (resp. two) masks. Optimal leakage squeezing with one mask resists HO-CPA of orders up to 5. In this paper, with two masks, we provide resistance against HO-CPA not only of order 5 + 1 = 6, but also of order 7.
KeywordsHigh-order side-channel attacks leakage squeezing Boolean logic rate 1/3 linear codes with 3 disjoint information sets AES
Unable to display preview. Download preview PDF.
- 1.Carlet, C., Gaborit, P., Kim, J.-L., Solé, P.: A new class of codes for Boolean masking of cryptographic computations, October 6 (2011), http://dblp.uni-trier.de/rec/bibtex/journals/tit/CarletGKS12
- 3.DPA Contest (2nd edition) (2009-2010), http://www.DPAcontest.org/v2/
- 4.Grassl, M.: Bounds on the minimum distance of linear codes and quantum codes (2007), http://www.codetables.de/ (accessed on July 23, 2012)
- 5.Heuser, A., Schindler, W., Stöttinger, M.: Revealing side-channel issues of complex circuits by enhanced leakage models. In: Rosenstiel, W., Thiele, L. (eds.) DATE, pp. 1179–1184. IEEE (2012)Google Scholar
- 6.Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis – Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (October 2011), http://eprint.iacr.org/2011/579
- 7.Maghebi, H., Guilley, S., Carlet, C., Danger, J.-L.: Classification of High-Order Boolean Masking Schemes and Improvements of their Efficiency. Cryptology ePrint Archive, Report 2011/520 (September 2011), http://eprint.iacr.org/2011/520
- 10.Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (December 2006) ISBN 0-387-30857-1Google Scholar
- 12.Moradi, A., Mischke, O.: Glitch-free Implementation of Masking in Modern FPGAs. In: HOST, June 2-3, pp. 89–95. IEEE Computer Society, Moscone Center, San Francisco, CA, USA (2012), doi:10.1109/HST.2012.6224326Google Scholar
- 20.Shah, S., Velegalati, R., Kaps, J.-P., Hwang, D.: Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs. In: Prasanna, V.K., Becker, J., Cumplido, R. (eds.) ReConFig, pp. 274–279. IEEE Computer Society (2010)Google Scholar
- 22.Tiri, K., Verbauwhede, I.: A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs. In: DATE, pp. 58–63. IEEE Computer Society (2005), http://dx.doi.org/10.1109/DATE.2005.44
- 23.Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks. Cryptology ePrint Archive, Report 2011/610 (2011), http://eprint.iacr.org/2011/610/