By Topic

Security analysis of higher-order Boolean masking schemes for block ciphers (with conditions of perfect masking)

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $31
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Piret, G. ; Dept. d''lnformatique, Ecole Normale Super., Paris ; Standaert, F.-X.

Side-channel attacks are an important class of cryptanalytic techniques against cryptographic implementations and masking is a frequently considered solution to improve the resistance of a cryptographic implementation against side-channel attacks. The security of higher-order Boolean masking schemes in various contexts is analysed. The results presented are 2-fold. First, the definitions of higher-order side-channel attacks with the related security notions are formalised and certain security weaknesses in recently proposed masking schemes are put forward. Second, the conditions upon which a substitution box in a block cipher can be perfectly masked by Boolean values in order to counteract side-channel attacks are investigated. That is, can the leakages' statistical distributions at a masked S-box output (over all possible masks) be independent of the secret key targeted in the attacks? The consequences of this requirement are studied in two commonly considered leakage models, namely the Hamming weight and distance models, and conditions on the substitution boxes are derived. As a result of the analysis, it appears that these conditions are not achievable as they lead to evident cryptanalytic weaknesses. Thus, it is formally confirmed that masking cannot be used as a stand-alone countermeasure and cannot offer provable security against side-channel attacks.

Published in:

Information Security, IET  (Volume:2 ,  Issue: 1 )