Leakage squeezing countermeasure against high-order attacks

Abstract

In the recent years, side channel attacks have been widely investigated. In particular, second order attacks (2O-attacks) have been improved and successfully applied to break many masked implementations. In this context we propose a new concept to hinder attacks of all order: instead of injecting more entropy, we make the most of a single-mask entropy. With specially crafted bijections instantiated on the mask path, we manage to reduce the inter-class variance (method we call "leakage squeezing") so that the leakage distributions become almost independent from the processed data. We present two options for this countermeasure. The first one is based on a recoded memory with a size squared w.r.t. the unprotected requirement, whilst the second one is an enhancement alleviating the requirement for a large memory. We theoretically prove the robustness of those implementations and practically evaluate their security improvements. This is attested by a robustness evaluation based on an information theoretic framework and by a 2O-DPA, an EPA and a multi-variate mutual information analysis (MMIA) attack metric. As opposed to software-oriented 3O-DPA-proof countermeasures that seriously impact the performances, our is hardware-oriented and keeps a complexity similar to that of a standard 2O-attack countermeasure with an almost untouched throughput, which is a predominant feature in computing-intensive applications. © 2011 IFIP International Federation for Information Processing.