mid-pSquare: Leveraging the Strong Side-Channel Security of Prime-Field Masking in Software

Prime Ciphers; Side-Channel Attacks; Software Masking; Algebraic attack; Block ciphers; Channel securities; Prime cipher; Prime field; Side-channel; Side-channel attacks; Software implementation; Software masking; Symmetrics; Software; Signal Processing; Hardware and Architecture

Abstract :

[en] Efficiently protecting embedded software implementations of standard symmetric cryptographic primitives against side-channel attacks has been shown to be a considerable challenge in practice. This is, in part, due to the most natural countermeasure for such ciphers, namely Boolean masking, not amplifying security well in the absence of sufficient physical noise in the measurements. So-called prime-field masking has been demonstrated to provide improved theoretical guarantees in this context, and the Feistel for Prime Masking (FPM) family of Tweakable Block Ciphers (TBCs) has been recently introduced by Grassi et al. (Eurocrypt’24) to efficiently leverage these advantages. However, it was so far only instantiated for and empirically evaluated in a hardware implementation context, by using a small (7-bit) prime modulus. In this paper, we build on the theoretical incentive to increase the prime field size to obtain improved side-channel (Faust et al., Eurocrypt’24) and fault (Moos et al., CHES’24) resistance, as well as on the practical incentive to instantiate an FPM instance with optimized performance on 32-bit software platforms. We introduce mid-pSquare for this purpose, a lightweight TBC operating over a 31-bit Mersenne prime field. We first provide an in-depth black-box security analysis with a particular focus on algebraic attacks – which, contrary to the cryptanalysis of instances over smaller primes, are more powerful than statistical ones in our setting. We also design a strong tweak schedule to account for potential related-tweak algebraic attacks which, so far, are almost unknown in the literature. We then demonstrate that mid-pSquare implementations deliver very competitive performance results on the target platform compared to analogous binary TBCs regardless of masked or unmasked implementation (we use fix-sliced SKINNY for our comparisons). Finally, we experimentally establish the side-channel security improvements that masked mid-pSquare can lead to, reaching unmatched resistance to profiled horizontal attacks on lightweight 32-bit processors (ARM Cortex-M4).

Disciplines :

Computer science

Author, co-author :

Balon, Brieuc; Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

Grassi, Lorenzo ; Eindhoven University of Technology, Eindhoven, Netherlands

MEAUX, Pierrick ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Coron

Moos, Thorben ; Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

Standaert, François-Xavier ; Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

Steiner, Matthias Johann ; Alpen-Adria-Universität Klagenfurt, Klagenfurt am Wörthersee, Austria

External co-authors :

yes

Language :

English

Title :

mid-pSquare: Leveraging the Strong Side-Channel Security of Prime-Field Masking in Software

Publication date :

05 September 2025

Journal title :

IACR Transactions on Cryptographic Hardware and Embedded Systems

eISSN :

2569-2925

Publisher :

Ruhr-University of Bochum

Volume :

2025

Issue :

Pages :

486 - 519

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://tches.iacr.org/index.php/TCHES/article/download/12419/12147

Funders :

ERC - European Research Council

Funding number :

787390

Funding text :

Lorenzo Grassi was supported by the European Research Council (ERC), grant number 101160608 \u201CSYMPZON\u201D. Pierrick M\u00E9aux was funded by the ERC under the Advanced Grant program (grant number: 787390). Fran\u00E7ois-Xavier Standaert and Thorben Moos are research director and post-doctoral researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.), respectively. This work has been funded in part by the ERC Advanced Grant number 101096871. Views and opinions expressed are those of the authors and do not necessarily reflect those of the European Union or the ERC. Neither the European Union nor the granting authority can be held responsible for them.

Available on ORBilu :

since 11 November 2025

Statistics

Number of views

31 (0 by Unilu)

Number of downloads

27 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

[ABB+ 20] Melissa Azouaoui, Davide Bellizia, Ileana Buhan, Nicolas Debande, Sébastien Duval, Christophe Giraud, Éliane Jaulmes, François Koeune, Elisabeth Oswald, François-Xavier Standaert, and Carolyn Whitnall. A systematic appraisal of side channel evaluation strategies. In SSR, volume 12529 of LNCS, pages 46–66. Springer, 2020.
[AP21] Alexandre Adomnicai and Thomas Peyrin. Fixslicing aes-like ciphers new bitsliced AES speed records on arm-cortex M and RISC-V. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(1):402–425, 2021.
[BBC+ 23] Clémence Bouvier, Pierre Briaud, Pyrros Chaidos, Léo Perrin, Robin Salen, Vesselin Velichkov, and Danny Willems. New design techniques for efficient arithmetization-oriented hash functions: Anemoi permutations and Jive compression mode. In CRYPTO (3), volume 14083 of LNCS, pages 507–539. Springer, 2023.
[BBS99] Eli Biham, Alex Biryukov, and Adi Shamir. Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In EUROCRYPT, volume 1592 of LNCS, pages 12–23. Springer, 1999.
[BCC11] Christina Boura, Anne Canteaut, and Christophe De Cannière. Higher-Order Differential Properties of Keccak and Luffa. In FSE, volume 6733 of LNCS, pages 252–269. Springer, 2011.
[BCD+ 20] Tim Beyne, Anne Canteaut, Itai Dinur, Maria Eichlseder, Gregor Leander, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, Yu Sasaki, Yosuke Todo, and Friedrich Wiemer. Out of Oddity-New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems. In CRYPTO, volume 12172 of LNCS, pages 299–328. Springer, 2020.
[BCPZ16] Alberto Battistello, Jean-Sébastien Coron, Emmanuel Prouff, and Rina Zeitoun. Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme. In CHES, volume 9813 of LNCS, pages 23–39. Springer, 2016.
[BFSY05] Magali Bardet, Jean-Charles Faugère, Bruno Salvy, and Bo-Yin Yang. Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. In Proc. of MEGA, volume 5, 2005.
[BGG+ 14] Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, and François-Xavier Standaert. On the cost of lazy engineering for masked software implementations. In CARDIS, volume 8968 of Lecture Notes in Computer Science, pages 64–81. Springer, 2014.
[BJK+ 16] Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS. In CRYPTO, volume 9815 of LNCS, pages 123–153. Springer, 2016.
[BL25] Daniel Bernstein and Tanja Lange. eBACS: ECRYPT Benchmarking of Cryptographic Systems. https://bench.cr.yp.to, Accessed 10 March 2025.
[BS91] Eli Biham and Adi Shamir. Differential Cryptanalysis of DES-like Cryptosys-tems. J. Cryptol., 4(1):3–72, 1991.
[BS93] Eli Biham and Adi Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer, 1993.
[BS21] Olivier Bronchain and François-Xavier Standaert. Breaking Masked Implementations with Many Shares on 32-bit Software Platforms or When the Security Order Does Not Matter. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(3):202–234, 2021.
[BV25] Tim Beyne and Michiel Verbauwhede. Integral cryptanalysis in characteristic p. Cryptology ePrint Archive, Paper 2025/932, 2025.
[CB23] Gaëtan Cassiers and Olivier Bronchain. Scalib: A side-channel analysis library. J. Open Source Softw., 8(86):5196, 2023.
[CDSU23] Gaëtan Cassiers, Henri Devillez, François-Xavier Standaert, and Balazs Ud-varhelyi. Efficient regression-based linear discriminant analysis for side-channel security evaluations towards analytical attacks against 32-bit implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2023(3):270–293, 2023.
[CGG+ 22] Carlos Cid, Lorenzo Grassi, Aldo Gunsing, Reinhard Lüftenegger, Christian Rechberger, and Markus Schofnegger. Influence of the Linear Layer on the Algebraic Degree in SP-Networks. IACR Trans. Symmetric Cryptol., 2022(1):110–137, 2022.
[CGLS21] Gaëtan Cassiers, Benjamin Grégoire, Itamar Levi, and François-Xavier Stan-daert. Hardware Private Circuits: From Trivial Composition to Full Verifica-tion. IEEE Trans. Computers, 70(10):1677–1690, 2021.
[CGP+ 12] Jean-Sébastien Coron, Christophe Giraud, Emmanuel Prouff, Soline Renner, Matthieu Rivain, and Praveen Kumar Vadnala. Conversion of security proofs from one leakage model to another: A new issue. In COSADE, volume 7275 of Lecture Notes in Computer Science, pages 69–81. Springer, 2012.
[CJRR99] Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards Sound Approaches to Counteract Power-Analysis Attacks. In CRYPTO, volume 1666 of LNCS, pages 398–412. Springer, 1999.
[CLO13] David Cox, John Little, and Donal O’Shea. Ideals, varieties, and algorithms: an introduction to computational algebraic geometry and commutative algebra. Springer Science & Business Media, 2013.
[CMM+ 23] Gaëtan Cassiers, Loïc Masure, Charles Momin, Thorben Moos, and François-Xavier Standaert. Prime-Field Masking in Hardware and its Soundness against Low-Noise SCA Attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2023(2):482–518, 2023.
[CS20] Gaëtan Cassiers and François-Xavier Standaert. Trivially and efficiently composing masked gadgets with probe isolating non-interference. IEEE Trans. Inf. Forensics Secur., 15:2542–2555, 2020.
[DDF14] Alexandre Duc, Stefan Dziembowski, and Sebastian Faust. Unifying Leakage Models: From Probing Attacks to Noisy Leakage. In EUROCRYPT, volume 8441 of LNCS, pages 423–440. Springer, 2014.
[DEMS21] Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer. Ascon v1.2: Lightweight authenticated encryption and hashing. J. Cryptol., 34(3):33, 2021.
[DFS15] Alexandre Duc, Sebastian Faust, and François-Xavier Standaert. Making Masking Security Proofs Concrete-Or How to Evaluate the Security of Any Leaking Device. In EUROCRYPT, volume 9056 of LNCS, pages 401–429. Springer, 2015.
[DFS16] Stefan Dziembowski, Sebastian Faust, and Maciej Skórski. Optimal Amplification of Noisy Leakages. In TCC (A2), volume 9563 of LNCS, pages 291–318. Springer, 2016.
[DGGK21] Christoph Dobraunig, Lorenzo Grassi, Anna Guinet, and Daniël Kuijsters. Ciminion: Symmetric Encryption Based on Toffoli-Gates over Large Finite Fields. In EUROCRYPT, volume 12697 of LNCS, pages 3–34. Springer, 2021.
[DKLS20] Orr Dunkelman, Abhishek Kumar, Eran Lambooij, and Somitra Kumar Sanadhya. Counting Active S-Boxes is not Enough. In INDOCRYPT, volume 12578 of LNCS, pages 332–344. Springer, 2020.
[DR02] Joan Daemen and Vincent Rijmen. The Design of Rijndael: AES-The Advanced Encryption Standard. Information Security and Cryptography. Springer, 2002.
[EGL+ 20] Maria Eichlseder, Lorenzo Grassi, Reinhard Lüftenegger, Morten Øygarden, Christian Rechberger, Markus Schofnegger, and Qingju Wang. An Algebraic Attack on Ciphers with Low-Degree Round Functions: Application to Full MiMC. In ASIACRYPT, Part I, volume 12491 of LNCS, pages 477–506. Springer, 2020.
[Fau02] Jean-Charles Faugère. A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In Proceedings of the 2002 international symposium on Symbolic and algebraic computation, pages 75–83, 2002.
[FGHR14] Jean-Charles Faugère, Pierrick Gaudry, Louise Huot, and Guénaël Renault. Sub-cubic change of ordering for gröbner basis: a probabilistic approach. In Katsusuke Nabeshima, Kosaku Nagasaka, Franz Winkler, and Ágnes Szántó, editors, International Symposium on Symbolic and Algebraic Computation, ISSAC ’14, Kobe, Japan, July 23-25, 2014, pages 170–177. ACM, 2014.
[FM17] Jean-Charles Faugère and Chenqi Mou. Sparse FGLM Algorithms. Journal of Symbolic Computation, 80(3):538–569, 2017.
[FMM+ 24] Sebastian Faust, Loïc Masure, Elena Micheli, Maximilian Orlt, and François-Xavier Standaert. Connecting leakage-resilient secret sharing to practice: Scaling trends and physical dependencies of prime field masking. In EU-ROCRYPT (4), volume 14654 of Lecture Notes in Computer Science, pages 316–344. Springer, 2024.
[GHR+ 23] Lorenzo Grassi, Yonglin Hao, Christian Rechberger, Markus Schofnegger, Roman Walch, and Qingju Wang. Horst meets Fluid-SPN: Griffin for zero-knowledge applications. In CRYPTO (3), volume 14083 of LNCS, pages 573–606. Springer, 2023.
[GKR+ 21] Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. Poseidon: A new hash function for zero-knowledge proof systems. In 30th USENIX Security Symposium USENIX Security 2021, pages 519–535. USENIX Association, 2021.
[GLR+ 20] Lorenzo Grassi, Reinhard Lüftenegger, Christian Rechberger, Dragos Rotaru, and Markus Schofnegger. On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy. In EUROCRYPT (2), volume 12106 of LNCS, pages 674–704. Springer, 2020.
[GMM+ 24] Lorenzo Grassi, Loïc Masure, Pierrick Méaux, Thorben Moos, and François-Xavier Standaert. Generalized Feistel Ciphers for Efficient Prime Field Masking. In EUROCRYPT, volume 14653 of LNCS, pages 188–220. Springer, 2024.
[GØSW23] Lorenzo Grassi, Morten Øygarden, Markus Schofnegger, and Roman Walch. From Farfalle to Megafono via Ciminion: The PRF Hydra for MPC applica-tions. In EUROCRYPT, volume 14007 of LNCS, pages 255–286. Springer, 2023.
[GPPR11] Jian Guo, Thomas Peyrin, Axel Poschmann, and Matthew J. B. Robshaw. The LED Block Cipher. In CHES, volume 6917 of LNCS, pages 326–341. Springer, 2011.
[IKMP20] Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu, and Thomas Peyrin. Duel of the titans: The romulus and remus families of lightweight AEAD algorithms. IACR Trans. Symmetric Cryptol., 2020(1):43–120, 2020.
[JK97] Thomas Jakobsen and Lars R. Knudsen. The Interpolation Attack on Block Ciphers. In FSE, volume 1267 of LNCS, pages 28–40. Springer, 1997.
[KJJ99] Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In CRYPTO, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer, 1999.
[Knu94] Lars R. Knudsen. Truncated and Higher Order Differentials. In FSE, volume 1008 of LNCS, pages 196–211. Springer, 1994.
[Lai94] Xuejia Lai. Higher Order Derivatives and Differential Cryptanalysis. In Communications and Cryptography: Two Sides of One Tapestry, pages 227– 233. Springer US, 1994.
[LR88] Michael Luby and Charles Rackoff. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput., 17(2):373–386, 1988.
[Man04] Stefan Mangard. Hardware countermeasures against DPA? A statistical analysis of their effectiveness. In CT-RSA, volume 2964 of Lecture Notes in Computer Science, pages 222–235. Springer, 2004.
[Mas93] James L. Massey. SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm. In Fast Software Encryption-FSE 1993, volume 809 of LNCS, pages 1–17. Springer, 1993.
[Mat93] Mitsuru Matsui. Linear Cryptanalysis Method for DES Cipher. In EURO-CRYPT, volume 765 of LNCS, pages 386–397. Springer, 1993.
[MCHS23] Loïc Masure, Gaëtan Cassiers, Julien M. Hendrickx, and François-Xavier Standaert. Information bounds and convergence rates for side-channel security evaluators. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2023(3):522–569, 2023.
[MMMS23] Loïc Masure, Pierrick Méaux, Thorben Moos, and François-Xavier Standaert. Effective and Efficient Masking with Low Noise Using Small-Mersenne-Prime Ciphers. In EUROCRYPT, volume 14007 of LNCS, pages 596–627. Springer, 2023.
[MOP07] Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks-revealing the secrets of smart cards. Springer, 2007.
[MSS24] Thorben Moos, Sayandeep Saha, and François-Xavier Standaert. Prime masking vs. faults-exponential security amplification against selected classes of attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2024(4):690–736, 2024.
[Pat98] Jacques Patarin. About Feistel Schemes with Six (or More) Rounds. In FSE, volume 1372 of LNCS, pages 103–121. Springer, 1998.
[Pat04] Jacques Patarin. Security of Random Feistel Schemes with 5 or More Rounds. In CRYPTO, volume 3152 of LNCS, pages 106–122. Springer, 2004.
[PR13] Emmanuel Prouff and Matthieu Rivain. Masking against Side-Channel Attacks: A Formal Security Proof. In EUROCRYPT, volume 7881 of LNCS, pages 142–159. Springer, 2013.
[SLP05] Werner Schindler, Kerstin Lemke, and Christof Paar. A Stochastic Model for Differential Side Channel Cryptanalysis. In CHES, volume 3659 of LNCS, pages 30–46. Springer, 2005.
[SM16] Tobias Schneider and Amir Moradi. Leakage assessment methodology-extended version. J. Cryptogr. Eng., 6(2):85–99, 2016.
[SMY09] François-Xavier Standaert, Tal Malkin, and Moti Yung. A unified framework for the analysis of side-channel key recovery attacks. In EUROCRYPT, volume 5479 of Lecture Notes in Computer Science, pages 443–461. Springer, 2009.
[Ste25] Matthias Johann Steiner. Gröbner basis cryptanalysis of Ciminion and Hydra. IACR Transactions on Symmetric Cryptology, 2025(1):240–275, Mar. 2025.
[VGS14] Nicolas Veyrat-Charvillon, Benoît Gérard, and François-Xavier Standaert. Soft Analytical Side-Channel Attacks. In ASIACRYPT, volume 8873 of LNCS, pages 282–296. Springer, 2014.
[VXXZ24] Virginia Vassilevska Williams, Yinzhan Xu, Zixuan Xu, and Renfei Zhou. New bounds for matrix multiplication: from alpha to omega. In David P. Woodruff, editor, Proceedings of the 2024 ACM-SIAM Symposium on Discrete Algorithms, SODA 2024, Alexandria, VA, USA, January 7-10, 2024, pages 3792–3835. SIAM, 2024.
[Wag99] David A. Wagner. The Boomerang Attack. In FSE, volume 1636 of LNCS, pages 156–170. Springer, 1999.
[WO19] Carolyn Whitnall and Elisabeth Oswald. A critical analysis of ISO 17825 (’testing methods for the mitigation of non-invasive attack classes against cryptographic modules’). In ASIACRYPT (3), volume 11923 of Lecture Notes in Computer Science, pages 256–284. Springer, 2019.
[YK21] Shih-Chun You and Markus G. Kuhn. Single-trace fragment template attack on a 32-bit implementation of keccak. In CARDIS, volume 13173 of Lecture Notes in Computer Science, pages 3–23. Springer, 2021.