Masking vs. Multiparty Computation: How Large Is the Gap for AES?
In this paper, we evaluate the performances of state-of-the-art higher-order masking schemes for the AES. Doing so, we pay a particular attention to the comparison between specialized solutions introduced exclusively as countermeasures against side-channel analysis, and a recent proposal by Roche and Prouff exploiting MultiParty Computation (MPC) techniques. We show that the additional security features this latter scheme provides (e.g. its glitch-freeness) comes at the cost of large performance overheads. We then study how exploiting standard optimization techniques from the MPC literature can be used to reduce this gap. In particular, we show that “packed secret sharing” based on a modified multiplication algorithm can speed up MPC-based masking when the order of the masking scheme increases. Eventually, we discuss the randomness requirements of masked implementations. For this purpose, we first show with information theoretic arguments that the security guarantees of masking are only preserved if this randomness is uniform, and analyze the consequences of a deviation from this requirement. We then conclude the paper by including the cost of randomness generation in our performance evaluations. These results should help actual designers to choose a masking scheme based on security and performance constraints.
Unable to display preview. Download preview PDF.
- 2.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) STOC, pp. 1–10. ACM (1988)Google Scholar
- 6.Damgård, I., Keller, M.: Secure multiparty AES (full paper). IACR Cryptology ePrint Archive 2009:614 (2009)Google Scholar
- 9.Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: Kosaraju, S.R., Fellows, M., Wigderson, A., Ellis, J.A. (eds.) STOC, pp. 699–710. ACM (1992)Google Scholar
- 17.Liu, C.L.: Introduction to combinatorial mathematics (1968)Google Scholar
- 18.Mangard, S., Oswald, E., Popp, T.: Power analysis attacks - revealing the secrets of smart cards. Springer (2007)Google Scholar
- 23.Prouff, E., Rivain, M.: Masking against side channel attacks: a formal security proof. To Appear in the Proceedings of Eurocrypt 2013 (2013)Google Scholar
- 26.Roche, T., Prouff, E., Coron, J.-S.: On the use of Shamir’s secret sharing against side-channel analysis. To Appear in the Proceedings of Cardis 2012 (2012)Google Scholar
- 33.Wang, X., Sako, K. (eds.): ASIACRYPT 2012. LNCS, vol. 7658. Springer, Heidelberg (2012)Google Scholar