Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012

Roy, Arnab; Venkatesh, Srinivas Vivek

doi:10.1007/978-3-642-40349-1_24

Reference : Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012


	Document type :	Parts of books : Contribution to collective works
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/15273

Title :	Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012
Language :	English
Author, co-author :	Roy, Arnab [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Venkatesh, Srinivas Vivek [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	2013
Main document title :	Cryptographic Hardware and Embedded Systems - CHES 2013
Editor :	Bertoni, Guido
	Coron, Jean-Sébastien
Publisher :	Springer Berlin Heidelberg
Collection and collection volume :	Lecture Notes in Computer Science
Pages :	417-434
Peer reviewed :	Yes
ISBN :	978-3-642-40348-4
Keywords :	[en] block cipher; S-box; masking complexity; addition chain; polynomial evaluation; side-channel attack
Abstract :	[en] Masking is a well-known technique used to prevent block cipher implementations from side-channel attacks. Higher-order side channel attacks (e.g. higher-order DPA attack) on widely used block cipher like AES have motivated the design of efficient higher-order masking schemes. Indeed, it is known that as the masking order increases, the difficulty of side-channel attack increases exponentially. However, the main problem in higher-order masking is to design an efficient and secure technique for S-box computations in block cipher implementations. At FSE 2012, Carlet et al. proposed a generic masking scheme that can be applied to any S-box at any order. This is the first generic scheme for efficient software implementations. Analysis of the running time, or masking complexity, of this scheme is related to a variant of the well-known problem of efficient exponentiation (addition chain), and evaluation of polynomials. In this paper we investigate optimal methods for exponentiation in TeX by studying a variant of addition chain, which we call cyclotomic-class addition chain, or CC-addition chain. Among several interesting properties, we prove lower bounds on min-length CC-addition chains. We define the notion of TeX -polynomial chain, and use it to count the number of non-linear multiplications required while evaluating polynomials over TeX . We also give a lower bound on the length of such a chain for any polynomial. As a consequence, we show that a lower bound for the masking complexity of DES S-boxes is three, and that of PRESENT S-box is two. We disprove a claim previously made by Carlet et al. regarding min-length CC-addition chains. Finally, we give a polynomial evaluation method, which results into an improved masking scheme (compared to the technique of Carlet et al.) for DES S-boxes. As an illustration we apply this method to several other S-boxes and show significant improvement for them.
Permalink :	http://hdl.handle.net/10993/15273
DOI :	10.1007/978-3-642-40349-1_24
Other URL :	http://dx.doi.org/10.1007/978-3-642-40349-1_24
Mentions required by the publisher for OA :	The final publication is available at www.springerlink.com
Commentary :	8086

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	maskingches_final.pdf		Author postprint	405.75 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices