Skip to main content
SpringerLink
Log in

Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks

  • Conference paper
Progress in Cryptology – INDOCRYPT 2011 (INDOCRYPT 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7107))

Included in the following conference series:

Abstract

Several types of countermeasures against side-channel attacks are known. The one called masking is of great interest since it can be applied to any protocol and/or algorithm, without nonetheless requiring special care at the implementation level. Masking countermeasures are usually studied with the maximal possible entropy for the masks. However, in practice, this requirement can be viewed as too costly. It is thus relevant to study how the security evolves when the number of mask values decreases.

In this article, we study a first-order masking scheme, that makes use of one n-bit mask taking values in a strict subset of \(\mathbb{F}_2^n\). For a given entropy budget, we show that the security does depend on the choice of the mask values. More specifically, we explore the space of mask sets that resist first and second-order correlation analysis (CPA and 2O-CPA), using exhaustive search for word size \(n \leqslant 5\) bit and a SAT-solver for n up to 8 bit. We notably show that it is possible to protect algorithms against both CPA and 2O-CPA such as AES with only 12 mask values. If the general trend is that more entropy means less leakage, some particular mask subsets can leak less (or on the contrary leak remarkably more). Additionally, we exhibit such mask subsets that allows a minimal leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common Criteria (aka CC) for Information Technology Security Evaluation (ISO/IEC 15408), http://www.commoncriteriaportal.org/

  2. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual Information Analysis: a Comprehensive Study. J. Cryptology 24(2), 269–291 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  3. Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Carlet, C.: Boolean Functions for Cryptography and Error Correcting Codes. In: Crama, Y., Hammer, P. (eds.) Boolean Methods and Models. Cambridge University Press (2008)

    Google Scholar 

  5. Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Criteria, C.: Application of Attack Potential to Smartcards, Mandatory Technical Document, Version 2.7, Revision 1, CCDB-2009-03-001 (March 2009), http://www.commoncriteriaportal.org/files/supdocs/CCDB-2009-03-001.pdf

  7. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 286–296. ACM, New York (2007)

    Google Scholar 

  10. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (December 2006) ISBN 0-387-30857-1, http://www.springer.com/Springer , http://www.dpabook.org/

  11. Mangard, S., Schramm, K.: Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Mentens, N., Gierlichs, B., Verbauwhede, I.: Power and Fault Analysis Resistance in Hardware Through Dynamic Reconfiguration. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 346–362. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Nassar, M., Guilley, S., Danger, J.L.: Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks — Complete version. Cryptology ePrint Archive, Report 2011/534 (September 2011), http://eprint.iacr.org/2011/534

  14. Prouff, E., Rivain, M.: A Generic Method for Secure SBox Implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Prouff, E., Rivain, M., Bevan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Computers 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  16. Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Schindler, W.: Advanced stochastic methods in side channel analysis on block ciphers in the presence of masking. Journal of Mathematical Cryptology 2(3), 291–310 (2008) ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, doi:10.1515/JMC.2008.013

    Article  MathSciNet  MATH  Google Scholar 

  18. Sinz, C.: Towards an Optimal CNF Encoding of Boolean Cardinality Constraints. In: van Beek, P. (ed.) CP 2005. LNCS, vol. 3709, pp. 827–831. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Soos, M.: SAT-solver “cryptominisat”, Version 2.9.0 (January 20, 2011), https://gforge.inria.fr/projects/cryptominisat

  20. Soos, M., Nohl, K., Castelluccia, C.: Extending SAT Solvers to Cryptographic Problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Standaert, F.X., Peeters, É., Macé, F., Quisquater, J.J.: Updates on the Security of FPGAs Against Power Analysis Attacks. In: Bertels, K., Cardoso, J.M.P., Vassiliadis, S. (eds.) ARC 2006. LNCS, vol. 3985, pp. 335–346. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Standaert, F.X., Rouvroy, G., Quisquater, J.J.: FPGA Implementations of the DES and Triple-DES Masked Against Power Analysis Attacks. In: Proceedings of FPL 2006, Madrid, Spain. IEEE (2006)

    Google Scholar 

  24. Veyrat-Charvillon, N., Standaert, F.-X.: Mutual Information Analysis: How, When and Why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Veyrat-Charvillon, N., Standaert, F.-X.: Adaptive Chosen-Message Side-Channel Attacks. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 186–199. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  26. Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bull TrustWay, Rue Jean Jaurès, B.P. 68, 78 340, Les Clayes-sous-Bois, France

    Maxime Nassar

  2. Institut TELECOM / TELECOM ParisTech, CNRS LTCI (UMR 5141), 46 rue Barrault, 75 634, Paris Cedex, France

    Maxime Nassar, Sylvain Guilley & Jean-Luc Danger

Authors
  1. Maxime Nassar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, 60607–7053, Chicago, IL, USA

    Daniel J. Bernstein

  2. Indian Institute of Science, India

    Sanjit Chatterjee

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nassar, M., Guilley, S., Danger, JL. (2011). Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks. In: Bernstein, D.J., Chatterjee, S. (eds) Progress in Cryptology – INDOCRYPT 2011. INDOCRYPT 2011. Lecture Notes in Computer Science, vol 7107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25578-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25578-6_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25577-9

  • Online ISBN: 978-3-642-25578-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation