• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations

DMCA

Side-Channel Indistinguishability∗

Cached

  • Download as a PDF

Download Links

  • [hal-institut-mines-telecom.archives-ouvertes.fr]
  • [hal-univ-paris8.archives-ouvertes.fr]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Claude Carlet , Sylvain Guilley
Citations:2 - 1 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Carlet_side-channelindistinguishability∗,
    author = {Claude Carlet and Sylvain Guilley},
    title = {Side-Channel Indistinguishability∗},
    year = {}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We introduce a masking strategy for hardware that prevents any side-channel attacker from recover-ing uniquely the secret key of a cryptographic de-vice. In this masking scheme, termed homomor-phic, the sensitive data is exclusive-ored with a ran-dom value that belongs to a given set. We show that if this masking set is concealed, then no infor-mation about the cryptographic key leaks. If the masking set is public (or disclosed), then any (high-order) attack reveals a group of equiprobable keys. Those results are applied to the case of the AES, where sensitive variables are bytes. To any mask corresponds a masked substitution box. We prove that there exists a homomorphic masking with 16 masks (hence a number of substitution boxes equal to that of the same algorithm without masking) that resists mono-variate first-, second-, and third-order side-channel attacks. Furthermore, even if the masking set is public, each byte of the correct key is found only ex æquo with 15 incorrect ones, making the side-channel analysis insufficient alone – the remaining key space shall be explored by other means (typically exhaustive search). Thus, our homomorphic masking strategy allows both to increase the number of side-channel measurements and to demand for a final non negligible brute-forcing (of complexity 16NB = 264 for AES, that ∗Extended version of [3]. has NB = 16 substitution boxes). The hardware implementation of the Rotating Substitution boxes Masking (RSM) is a practical instantiation of our homomorphic masking countermeasure.

Keyphrases

side-channel indistinguishability    masking set    substitution box    exhaustive search    key space    sensitive variable    third-order side-channel attack    final non negligible brute-forcing    rotating substitution box masking    side-channel measurement    secret key    homomorphic masking countermeasure    cryptographic de-vice    cryptographic key leak    correct key    masking scheme    masked substitution box    sensitive data    side-channel analysis insufficient    incorrect one    practical instantiation    hardware implementation    homomorphic masking    ex quo    ran-dom value    masking strategy    equiprobable key    homomorphic masking strategy    side-channel attacker   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University