Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Statistical Analysis of Second Order Differential Power Analysis
IEEE Transactions on Computers
Extending SAT Solvers to Cryptographic Problems
SAT '09 Proceedings of the 12th International Conference on Theory and Applications of Satisfiability Testing
Mutual Information Analysis: How, When and Why?
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A generic method for secure Sbox implementation
WISA'07 Proceedings of the 8th international conference on Information security applications
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Adaptive chosen-message side-channel attacks
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Mutual Information Analysis: a Comprehensive Study
Journal of Cryptology - Special Issue on Hardware and Security
Pinpointing the side-channel leakage of masked AES hardware implementations
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Side-channel indistinguishability
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs
DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
| Hi-index | 0.00 |
Several types of countermeasures against side-channel attacks are known. The one called masking is of great interest since it can be applied to any protocol and/or algorithm, without nonetheless requiring special care at the implementation level. Masking countermeasures are usually studied with the maximal possible entropy for the masks. However, in practice, this requirement can be viewed as too costly. It is thus relevant to study how the security evolves when the number of mask values decreases. In this article, we study a first-order masking scheme, that makes use of one n -bit mask taking values in a strict subset of $\mathbb{F}_2^n$ . For a given entropy budget, we show that the security does depend on the choice of the mask values. More specifically, we explore the space of mask sets that resist first and second-order correlation analysis (CPA and 2O-CPA), using exhaustive search for word size $n \leqslant 5$ bit and a SAT-solver for n up to 8 bit. We notably show that it is possible to protect algorithms against both CPA and 2O-CPA such as AES with only 12 mask values. If the general trend is that more entropy means less leakage, some particular mask subsets can leak less (or on the contrary leak remarkably more). Additionally, we exhibit such mask subsets that allows a minimal leakage.