Algorithms for Switching between Boolean and Arithmetic Masking of Second Order
Masking is a widely-used countermeasure to thwart Differential Power Analysis (DPA) attacks, which, depending on the involved operations, can be either Boolean, arithmetic, or multiplicative. When used to protect a cryptographic algorithm that performs both Boolean and arithmetic operations, it is necessary to change the masks from one form to the other in order to be able to unmask the secret value at the end of the algorithm. To date, known techniques for conversion between Boolean and arithmetic masking can only resist first-order DPA. This paper presents the first solution to the problem of converting between Boolean and arithmetic masking of second order. To set the context, we show that a straightforward extension of first-order conversion schemes to second order is not possible. Then, we introduce two algorithms to convert from Boolean to arithmetic masking based on the second-order provably secure S-box output computation method proposed by Rivain et al (FSE 2008). The same can be used to obtain second-order secure arithmetic to Boolean masking. We prove the security of our conversion algorithms using similar arguments as Rivain et al. Finally, we provide implementation results of the algorithms on three different platforms.
KeywordsDifferential power analysis Second-order DPA Arithmetic masking Boolean Masking Provably secure masking
Unable to display preview. Download preview PDF.
- 13.Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 15.Mangard, S., Oswald, M.E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards, vol. 54, pp. 1–337. Springer (2007)Google Scholar
- 22.Tunstall, M., Whitnall, C., Oswald, E.: Masking tables—an underestimated security risk. In: Moriai, S. (ed.) Fast Software Encryption, 20th International Workshop, FSE 2013, Singapore, March 10-13. LNCS, Springer (2013) (Revised Selected Papers)Google Scholar