TY - CHAP
T1 - Masking with randomized look up tables
T2 - Towards preventing side-channel attacks of all orders
AU - Standaert, François Xavier
AU - Petit, Christophe
AU - Veyrat-Charvillon, Nicolas
PY - 2012
Y1 - 2012
N2 - We propose a new countermeasure to protect block ciphers implemented in leaking devices, at the intersection between One-Time Programs and Boolean masking schemes. First, we show that this countermeasure prevents side-channel attacks of all orders during the execution of a protected block cipher implementation, given that some secure precomputations can be performed. Second, we show that taking advantage of the linear diffusion layer in modern block ciphers allows deriving clear arguments for the security of their implementations, that can be easily interpreted by hardware designers. Masking with randomized look up tables allows fast execution times but its memory requirements are high and, depending on the block cipher to protect, can be prohibitive. We believe this proposal brings an interesting connection between former countermeasures against side-channel attacks and recent formal solutions to cope with physical leakage. It illustrates the security vs. performance tradeoff between these complementary approaches and, as a result, highlights simple design guidelines for leakage resilient ciphers.
AB - We propose a new countermeasure to protect block ciphers implemented in leaking devices, at the intersection between One-Time Programs and Boolean masking schemes. First, we show that this countermeasure prevents side-channel attacks of all orders during the execution of a protected block cipher implementation, given that some secure precomputations can be performed. Second, we show that taking advantage of the linear diffusion layer in modern block ciphers allows deriving clear arguments for the security of their implementations, that can be easily interpreted by hardware designers. Masking with randomized look up tables allows fast execution times but its memory requirements are high and, depending on the block cipher to protect, can be prohibitive. We believe this proposal brings an interesting connection between former countermeasures against side-channel attacks and recent formal solutions to cope with physical leakage. It illustrates the security vs. performance tradeoff between these complementary approaches and, as a result, highlights simple design guidelines for leakage resilient ciphers.
UR - http://www.scopus.com/inward/record.url?scp=84857731587&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-28368-0_19
DO - 10.1007/978-3-642-28368-0_19
M3 - Chapter
AN - SCOPUS:84857731587
SN - 9783642283673
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 283
EP - 299
BT - Cryptography and Security
A2 - Naccache, David
ER -