A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations

Loïc Masure; Olivier Rioul; François Xavier Standaert

doi:10.1007/978-3-031-25319-5_4

A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations

Loïc Masure
, Olivier Rioul
, François Xavier Standaert

University of Louvain

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We prove a bound that approaches Duc et al.’s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let be a sensitive intermediate variable of a cryptographic primitive taking its values in a set. If is protected by masking (a.k.a. secret sharing) at order (i.e., with shares), then the complexity of any non-adaptive side-channel analysis—measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence—is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of as conjectured, and its multiplicative constant is It drastically improves upon previous proven bounds, where the exponent was and the multiplicative constant was As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.

Original language	English
Title of host publication	Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers
Editors	Ileana Buhan, Tobias Schneider
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	69-81
Number of pages	13
ISBN (Print)	9783031253188
DOIs	https://doi.org/10.1007/978-3-031-25319-5_4
Publication status	Published - 1 Jan 2023
Event	21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022 - Birmingham, United Kingdom Duration: 7 Nov 2022 → 9 Nov 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13820 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022
Country/Territory	United Kingdom
City	Birmingham
Period	7/11/22 → 9/11/22

Keywords

Convolution
Masking
Mutual information
Security bound

Access to Document

10.1007/978-3-031-25319-5_4

Cite this

Masure, L., Rioul, O., & Standaert, F. X. (2023). A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations. In I. Buhan, & T. Schneider (Eds.), Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers (pp. 69-81). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13820 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-25319-5_4

Masure, Loïc ; Rioul, Olivier ; Standaert, François Xavier. / A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations. Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. editor / Ileana Buhan ; Tobias Schneider. Springer Science and Business Media Deutschland GmbH, 2023. pp. 69-81 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5808135712604fb48764500b4f35c454,

title = "A Nearly Tight Proof of Duc et al.{\textquoteright}s Conjectured Security Bound for Masked Implementations",

abstract = "We prove a bound that approaches Duc et al.{\textquoteright}s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let be a sensitive intermediate variable of a cryptographic primitive taking its values in a set. If is protected by masking (a.k.a. secret sharing) at order (i.e., with shares), then the complexity of any non-adaptive side-channel analysis—measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence—is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of as conjectured, and its multiplicative constant is It drastically improves upon previous proven bounds, where the exponent was and the multiplicative constant was As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.",

keywords = "Convolution, Masking, Mutual information, Security bound",

author = "Lo{\"i}c Masure and Olivier Rioul and Standaert, \{Fran{\c c}ois Xavier\}",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022 ; Conference date: 07-11-2022 Through 09-11-2022",

year = "2023",

month = jan,

day = "1",

doi = "10.1007/978-3-031-25319-5\_4",

language = "English",

isbn = "9783031253188",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "69--81",

editor = "Ileana Buhan and Tobias Schneider",

booktitle = "Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers",

}

Masure, L, Rioul, O & Standaert, FX 2023, A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations. in I Buhan & T Schneider (eds), Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13820 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 69-81, 21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022, Birmingham, United Kingdom, 7/11/22. https://doi.org/10.1007/978-3-031-25319-5_4

A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations. / Masure, Loïc; Rioul, Olivier; Standaert, François Xavier.
Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. ed. / Ileana Buhan; Tobias Schneider. Springer Science and Business Media Deutschland GmbH, 2023. p. 69-81 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13820 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations

AU - Masure, Loïc

AU - Rioul, Olivier

AU - Standaert, François Xavier

PY - 2023/1/1

Y1 - 2023/1/1

N2 - We prove a bound that approaches Duc et al.’s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let be a sensitive intermediate variable of a cryptographic primitive taking its values in a set. If is protected by masking (a.k.a. secret sharing) at order (i.e., with shares), then the complexity of any non-adaptive side-channel analysis—measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence—is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of as conjectured, and its multiplicative constant is It drastically improves upon previous proven bounds, where the exponent was and the multiplicative constant was As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.

AB - We prove a bound that approaches Duc et al.’s conjecture from Eurocrypt 2015 for the side-channel security of masked implementations. Let be a sensitive intermediate variable of a cryptographic primitive taking its values in a set. If is protected by masking (a.k.a. secret sharing) at order (i.e., with shares), then the complexity of any non-adaptive side-channel analysis—measured by the number of queries to the target implementation required to guess the secret key with sufficient confidence—is lower bounded by a quantity inversely proportional to the product of mutual informations between each share of and their respective leakage. Our new bound is nearly tight in the sense that each factor in the product has an exponent of as conjectured, and its multiplicative constant is It drastically improves upon previous proven bounds, where the exponent was and the multiplicative constant was As a consequence for side-channel security evaluators, it is possible to provably and efficiently infer the security level of a masked implementation by simply analyzing each individual share, under the necessary condition that the leakage of these shares are independent.

KW - Convolution

KW - Masking

KW - Mutual information

KW - Security bound

U2 - 10.1007/978-3-031-25319-5_4

DO - 10.1007/978-3-031-25319-5_4

M3 - Conference contribution

AN - SCOPUS:85148024957

SN - 9783031253188

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 81

BT - Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers

A2 - Buhan, Ileana

A2 - Schneider, Tobias

PB - Springer Science and Business Media Deutschland GmbH

T2 - 21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022

Y2 - 7 November 2022 through 9 November 2022

ER -

Masure L, Rioul O, Standaert FX. A Nearly Tight Proof of Duc et al.’s Conjectured Security Bound for Masked Implementations. In Buhan I, Schneider T, editors, Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2023. p. 69-81. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-25319-5_4