TY - GEN
T1 - Removing the Field Size Loss from Duc et al.’s Conjectured Bound for Masked Encodings
AU - Béguinot, Julien
AU - Cheng, Wei
AU - Guilley, Sylvain
AU - Liu, Yi
AU - Masure, Loïc
AU - Rioul, Olivier
AU - Standaert, François Xavier
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - At Eurocrypt 2015, Duc et al. conjectured that the success rate of a side-channel attack targeting an intermediate computation encoded in a linear secret-sharing, a.k.a. masking with d+ 1 shares, could be inferred by measuring the mutual information between the leakage and each share separately. This way, security bounds can be derived without having to mount the complete attack. So far, the best proven bounds for masked encodings were nearly tight with the conjecture, up to a constant factor overhead equal to the field size, which may still give loose security guarantees compared to actual attacks. In this paper, we improve upon the state-of-the-art bounds by removing the field size loss, in the cases of Boolean masking and arithmetic masking modulo a power of two. As an example, when masking in the AES field, our new bound outperforms the former ones by a factor 256. Moreover, we provide theoretical hints that similar results could hold for masking in other fields as well.
AB - At Eurocrypt 2015, Duc et al. conjectured that the success rate of a side-channel attack targeting an intermediate computation encoded in a linear secret-sharing, a.k.a. masking with d+ 1 shares, could be inferred by measuring the mutual information between the leakage and each share separately. This way, security bounds can be derived without having to mount the complete attack. So far, the best proven bounds for masked encodings were nearly tight with the conjecture, up to a constant factor overhead equal to the field size, which may still give loose security guarantees compared to actual attacks. In this paper, we improve upon the state-of-the-art bounds by removing the field size loss, in the cases of Boolean masking and arithmetic masking modulo a power of two. As an example, when masking in the AES field, our new bound outperforms the former ones by a factor 256. Moreover, we provide theoretical hints that similar results could hold for masking in other fields as well.
U2 - 10.1007/978-3-031-29497-6_5
DO - 10.1007/978-3-031-29497-6_5
M3 - Conference contribution
AN - SCOPUS:85152588044
SN - 9783031294969
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 86
EP - 104
BT - Constructive Side-Channel Analysis and Secure Design - 14th International Workshop, COSADE 2023, Proceedings
A2 - Kavun, Elif Bilge
A2 - Pehl, Michael
PB - Springer Science and Business Media Deutschland GmbH
T2 - 14th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2023
Y2 - 3 April 2023 through 4 April 2023
ER -