Table Recomputation-Based Higher-Order Masking Against Horizontal Attacks

Masking is a class of well-known countermeasure against side-channel analysis by employing the idea of secret sharing. The theoretical security proof model of higher-order masking was initiated by Ishai, Sahai, and Wagner, and Barthe et al. pushed forward it by proposing a more refine security defin...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computer-aided design of integrated circuits and systems 2020-01, Vol.39 (1), p.34-44
Main Authors: Guo, Zhipeng, Tang, Ming, Prouff, Emmanuel, Luo, Maixing, Yan, Fei
Format: Article
Language:English
Subjects:
Computer Science
Cryptography and Security
Higher-order masking
horizontal side-channel attacks (HSCAs)
Integrated circuit modeling
Lookup tables
Masking
Probes
Resists
Security
side channel analysis (SCA)
Side-channel attacks
Software algorithms
table recomputation-based countermeasure
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Masking is a class of well-known countermeasure against side-channel analysis by employing the idea of secret sharing. The theoretical security proof model of higher-order masking was initiated by Ishai, Sahai, and Wagner, and Barthe et al. pushed forward it by proposing a more refine security definition named as t-SNI security. In CHES 2016, a new attack called horizontal side-channel attacks (HSCAs) came forward and successfully broke the Rivain-Prouff countermeasure, which has been proved to satisfy the t-SNI security. It presents a dilemma: instead of more secure, masking with higher-order may be more vulnerable due to the HSCA. Although there already exists an effective countermeasure for the Rivain-Prouff scheme, it is quite difficult to apply this method in the table recomputation-based higher-order masking schemes, such as the scheme introduced by Coron in EUROCRYPT 2014. To fill this gap, we propose a new table recomputation-based higher-order masking scheme, named as table compression masking (TCM) scheme. While meeting the t-SNI security, our new countermeasure is also secure against the HSCA. We give the formal security proof under the t-SNI security definition, as well as a heuristic security analysis considering the HSCA. Our analysis shows that, by dividing the full lookup table into many distinct parts and shifting them by refreshed shares, the same share will never be manipulated for more than twice in TCM scheme. This feature gives a heuristic security against HSCA. To our best knowledge, our countermeasure is the first solution for table recomputation-based higher-order masking to resist HSCA.
ISSN:0278-0070
1937-4151
DOI:10.1109/TCAD.2018.2883900