Codes for Side-Channel Attacks and Protections

  • Sylvain GuilleyEmail author
  • Annelie Heuser
  • Olivier Rioul
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10194)


This article revisits side-channel analysis from the standpoint of coding theory. On the one hand, the attacker is shown to apply an optimal decoding algorithm in order to recover the secret key from the analysis of the side-channel. On the other hand, the side-channel protections are presented as a coding problem where the information is mixed with randomness to weaken as much as possible the sensitive information leaked into the side-channel. Therefore, the field of side-channel analysis is viewed as a struggle between a coder and a decoder. In this paper, we focus on the main results obtained through this analysis. In terms of attacks, we discuss optimal strategy in various practical contexts, such as type of noise, dimensionality of the leakage and of the model, etc. Regarding countermeasures, we give a formal analysis of some masking schemes, including enhancements based on codes contributed via fruitful collaborations with Claude Carlet.


Leakage Model Dual Distance Adversarial Strategy Leakage Function Masking Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Part of this work has been funded by the ANR CHIST-ERA project SECODE (Secure Codes to thwart Cyber-physical Attacks).


  1. 1.
    Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30564-4_5 CrossRefGoogle Scholar
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28632-5_2 CrossRefGoogle Scholar
  3. 3.
    Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking: a smartcard friendly computation paradigm in a code, with Builtin protection against side-channel and fault attacks. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 40–56. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43826-8_4 Google Scholar
  4. 4.
    Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking: a smartcard friendly computation paradigm in a code, with Builtin protection against side-channel and fault attacks. Cryptology ePrint Archive, Report 2014/665 (2014).
  5. 5.
    Bruneau, N., Carlet, C., Guilley, S., Heuser, A., Prouff, E., Rioul, O.: Stochastic Collision Attack. In: IEEE Transactions on Information Forensics and Security (2016)Google Scholar
  6. 6.
    Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Less is more: dimensionality reduction from a theoretical perspective. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 22–41. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_2 CrossRefGoogle Scholar
  7. 7.
    Bruneau, N., Guilley, S., Heuser, A., Marion, D., Rioul, O.: Optimal side-channel attacks for multivariate leakages and multiple models. J. Crypt. Eng. (2016, to appear).
  8. 8.
    Bruneau, N., Guilley, S., Heuser, A., Rioul, O.: Masks will fall off: higher-order optimal distinguishers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 344–365. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45608-8_19 Google Scholar
  9. 9.
    Carlet, C.: Boolean functions for cryptography and error correcting codes, chapter of the monography. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge (2010). Preliminary version,
  10. 10.
    Carlet, C.: Correlation-immune boolean functions for leakage squeezing and rotating S-Box masking against side channel attacks. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE 2013. LNCS, vol. 8204, pp. 70–74. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41224-0_6 CrossRefGoogle Scholar
  11. 11.
    Carlet, C., Daif, A., Danger, J.-L., Guilley, S., Najm, Z., Ngo, X.T., Porteboeuf, T., Tavernier, C.: Optimized linear complementary codes implementation for hardware Trojan prevention. In: European Conference on Circuit Theory and Design, ECCTD, Trondheim, Norway, pp. 1–4. IEEE, 24–26 August 2015Google Scholar
  12. 12.
    Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing of order two. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 120–139. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34931-7_8 CrossRefGoogle Scholar
  13. 13.
    Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing: optimal implementation and security evaluation. J. Math. Crypt. 8(3), 249–295 (2014)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Carlet, C., Guilley, S.: Side-channel indistinguishability. In: HASP, pp. 9:1–9:8. ACM, New York, 13–14 June 2013Google Scholar
  15. 15.
    Carlet, C., Guilley, S.: Side-channel indistinguishability. On HAL, 19 July 2014. Extended version of [14] with more results in appendix,
  16. 16.
    Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_25 CrossRefGoogle Scholar
  17. 17.
    Danger, J.-L., Guilley, S.: Protection des modules de cryptographie contre les attaques en observation d’ordre élevé sur les implémentations à base de masquage. Brevet Français FR09/50341, assigné à l’Institut TELECOM, 20 January 2009Google Scholar
  18. 18.
    Danger, J.-L., Guilley, S., Nguyen, P., Nguyen, R., Souissi, Y.: Analyzing security breaches of countermeasures throughout the refinement process in hardware design flow. In: DATE, Lausanne, Switzerland, 27–31 March 2017Google Scholar
  19. 19.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete: or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_16 Google Scholar
  20. 20.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33027-8_14 CrossRefGoogle Scholar
  21. 21.
    Fischer, W., Gammel, B.M.: Masking at gate level in the presence of glitches. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 187–200. Springer, Heidelberg (2005). doi: 10.1007/11545262_14 CrossRefGoogle Scholar
  22. 22.
    Gomathisankaran, M., Tyagi, A.: Glitch resistant private circuits design using HORNS. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI, Tampa, FL, USA, pp. 522–527, 9–11 July 2014Google Scholar
  23. 23.
    Guilley, S., Heuser, A., Rioul, O.: A key to success: success exponents for side-channel distinguishers. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 270–290. Springer, Cham (2015). doi: 10.1007/978-3-319-26617-6_15 CrossRefGoogle Scholar
  24. 24.
    Heuser, A., Rioul, O., Guilley, S.: Good is not good enough: deriving optimal distinguishers from communication theory. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 55–74. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_4 Google Scholar
  25. 25.
    Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308–327. Springer, Heidelberg (2006). doi: 10.1007/11761679_19 CrossRefGoogle Scholar
  26. 26.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_27 CrossRefGoogle Scholar
  27. 27.
    Lin, K.J., Fan, S.C., Yang, S.H., Lo, C.C.: Overcoming glitches, dissipation timing skews in design of DPA-resistant cryptographic hardware. In: IEEE Computer Society Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2007, Nice, France, pp. 1265–1270. EDA Consortium, San Jose, 16–20 April 2007. doi: 10.1109/DATE.2007.364471
  28. 28.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_24 CrossRefGoogle Scholar
  29. 29.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005). doi: 10.1007/11545262_12 CrossRefGoogle Scholar
  30. 30.
    Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006). doi: 10.1007/11894063_7 CrossRefGoogle Scholar
  31. 31.
    Moradi, A., Mischke, O.: Glitch-free implementation of masking in modern FPGAs. In: HOST, pp. 89–95. IEEE Computer Society, Moscone Center, San Francisco, 2–3 June 2012. doi: 10.1109/HST.2012.6224326
  32. 32.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for aes, secure against first- and second-order zero-offset SCAs. In: DATE (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”), Dresden, Germany, pp. 1173–1178. IEEE Computer Society, 12–16 March 2012Google Scholar
  33. 33.
    Ngo, X.T., Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2015, Washington, DC, USA, pp. 82–87. IEEE, 5–7 May 2015Google Scholar
  34. 34.
    Ngo, X.T., Guilley, S., Bhasin, S., Danger, J.-L., Najm, Z.: Encoding the state of integrated circuits: a proactive and reactive protection against hardware trojans horses. In: Proceedings of the 9th Workshop on Embedded Systems Security, WESS 2014, pp. 7:1–7:10. ACM, New York (2014)Google Scholar
  35. 35.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Crypt. 24(2), 292–321 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    NIST/ITL/CSD: Advanced Encryption Standard (AES). FIPS PUB 197, November 2001.
  37. 37.
    Prouff, E., Rivain, M.: A generic method for secure SBox implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77535-5_17 CrossRefGoogle Scholar
  38. 38.
    Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_5 CrossRefGoogle Scholar
  40. 40.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15031-9_28 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Sylvain Guilley
    • 1
    • 2
    Email author
  • Annelie Heuser
    • 3
  • Olivier Rioul
    • 2
  1. 1.Secure-IC S.A.S.Cesson-SévignéFrance
  2. 2.LTCI, Télécom ParisTech, Université Paris-SaclayParisFrance
  3. 3.IRISARennesFrance

Personalised recommendations