Masking against side-channel attacks: A formal security proof

253Citations
Citations of this article
101Readers
Mendeley users who have this article in their library.

Abstract

Masking is a well-known countermeasure to protect block cipher implementations against side-channel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d + 1 shares, where d is called the masking order and plays the role of a security parameter. Although widely used in practice, masking is often considered as an empirical solution and its effectiveness is rarely proved. In this paper, we provide a formal security proof for masked implementations of block ciphers. Specifically, we prove that the information gained by observing the leakage from one execution can be made negligible (in the masking order). To obtain this bound, we assume that every elementary calculation in the implementation leaks a noisy function of its input, where the amount of noise can be chosen by the designer (yet linearly bounded). We further assume the existence of a leak-free component that can refresh the masks of shared variables. Our work can be viewed as an extension of the seminal work of Chari et al.published at CRYPTO in 1999 on the soundness of combining masking with noise to thwart side-channel attacks. © 2013 International Association for Cryptologic Research.

Cite

CITATION STYLE

APA

Prouff, E., & Rivain, M. (2013). Masking against side-channel attacks: A formal security proof. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7881 LNCS, pp. 142–159). https://doi.org/10.1007/978-3-642-38348-9_9

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free