Leakage Squeezing of Order Two

  • Claude Carlet
  • Jean-Luc Danger
  • Sylvain Guilley
  • Houssem Maghrebi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)


In masking schemes, leakage squeezing is the study of the optimal shares’ representation, that maximizes the resistance order against high-order side-channel attacks. Squeezing the leakage of first-order Boolean masking has been problematized and solved previously in [8]. The solution consists in finding a bijection F that modifies the mask, in such a way that its graph, seen as a code, be of greatest dual distance. This paper studies second-order leakage squeezing, i.e. leakage squeezing with two independent random masks. It is proved that, compared to first-order leakage squeezing, second-order leakage squeezing at least increments (by one unit) the resistance against high-order attacks, such as high-order correlation power analyses (HO-CPA). Now, better improvements over first-order leakage squeezing are possible by relevant constructions of squeezing bijections. We provide with linear bijections that improve by strictly more than one (instead of one) the resistance order. Specifically, when the masking is applied on bytes (which suits AES), resistance against 1st-order (resp. 2nd-order) attacks is possible with one (resp. two) masks. Optimal leakage squeezing with one mask resists HO-CPA of orders up to 5. In this paper, with two masks, we provide resistance against HO-CPA not only of order 5 + 1 = 6, but also of order 7.


High-order side-channel attacks leakage squeezing Boolean logic rate 1/3 linear codes with 3 disjoint information sets AES 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Carlet, C., Gaborit, P., Kim, J.-L., Solé, P.: A new class of codes for Boolean masking of cryptographic computations, October 6 (2011),
  2. 2.
    Dichtl, M.: A new method of black box power analysis and a fast algorithm for optimal key search. J. Cryptographic Engineering 1(4), 255–264 (2011)CrossRefGoogle Scholar
  3. 3.
    DPA Contest (2nd edition) (2009-2010),
  4. 4.
    Grassl, M.: Bounds on the minimum distance of linear codes and quantum codes (2007), (accessed on July 23, 2012)
  5. 5.
    Heuser, A., Schindler, W., Stöttinger, M.: Revealing side-channel issues of complex circuits by enhanced leakage models. In: Rosenstiel, W., Thiele, L. (eds.) DATE, pp. 1179–1184. IEEE (2012)Google Scholar
  6. 6.
    Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis – Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (October 2011),
  7. 7.
    Maghebi, H., Guilley, S., Carlet, C., Danger, J.-L.: Classification of High-Order Boolean Masking Schemes and Improvements of their Efficiency. Cryptology ePrint Archive, Report 2011/520 (September 2011),
  8. 8.
    Maghrebi, H., Carlet, C., Guilley, S., Danger, J.-L.: Optimal First-Order Masking with Linear and Non-linear Bijections. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 360–377. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage Squeezing Countermeasure against High-Order Attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 208–223. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (December 2006) ISBN 0-387-30857-1Google Scholar
  11. 11.
    Mangard, S., Schramm, K.: Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Moradi, A., Mischke, O.: Glitch-free Implementation of Masking in Modern FPGAs. In: HOST, June 2-3, pp. 89–95. IEEE Computer Society, Moscone Center, San Francisco, CA, USA (2012), doi:10.1109/HST.2012.6224326Google Scholar
  13. 13.
    Moradi, A., Mischke, O.: How Far Should Theory Be from Practice? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 92–106. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptology 24(2), 292–321 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Prouff, E., Rivain, M., Bevan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Computers 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Prouff, E., Roche, T.: Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Shah, S., Velegalati, R., Kaps, J.-P., Hwang, D.: Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs. In: Prasanna, V.K., Becker, J., Cumplido, R. (eds.) ReConFig, pp. 274–279. IEEE Computer Society (2010)Google Scholar
  21. 21.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and Differential Routing – DPA Resistance Assessment. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 354–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Tiri, K., Verbauwhede, I.: A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs. In: DATE, pp. 58–63. IEEE Computer Society (2005),
  23. 23.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks. Cryptology ePrint Archive, Report 2011/610 (2011),
  24. 24.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Claude Carlet
    • 1
  • Jean-Luc Danger
    • 2
    • 3
  • Sylvain Guilley
    • 2
    • 3
  • Houssem Maghrebi
    • 2
  1. 1.LAGA, UMR 7539, CNRS, Department of MathematicsUniversity of Paris XIII and University of Paris VIIISaint-Denis CedexFrance
  2. 2.TELECOM-ParisTech, Crypto GroupParis Cedex 13France
  3. 3.Secure-IC S.A.S.RennesFrance

Personalised recommendations