Masking against Side-Channel Attacks: A Formal Security Proof

  • Emmanuel Prouff
  • Matthieu Rivain
Conference paper

DOI: 10.1007/978-3-642-38348-9_9

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)
Cite this paper as:
Prouff E., Rivain M. (2013) Masking against Side-Channel Attacks: A Formal Security Proof. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg


Masking is a well-known countermeasure to protect block cipher implementations against side-channel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a security parameter. Although widely used in practice, masking is often considered as an empirical solution and its effectiveness is rarely proved. In this paper, we provide a formal security proof for masked implementations of block ciphers. Specifically, we prove that the information gained by observing the leakage from one execution can be made negligible (in the masking order). To obtain this bound, we assume that every elementary calculation in the implementation leaks a noisy function of its input, where the amount of noise can be chosen by the designer (yet linearly bounded). We further assume the existence of a leak-free component that can refresh the masks of shared variables. Our work can be viewed as an extension of the seminal work of Chari et al.published at CRYPTO in 1999 on the soundness of combining masking with noise to thwart side-channel attacks.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Emmanuel Prouff
    • 1
  • Matthieu Rivain
    • 2
  1. 1.ANSSIFrance
  2. 2.CryptoExpertsFrance

Personalised recommendations