Academic Journal
View in EDS

A masking method based on orthonormal spaces, protecting several bytes against both SCA and FIA with a reduced cost.

Bibliographic Details
Title: A masking method based on orthonormal spaces, protecting several bytes against both SCA and FIA with a reduced cost.
Authors: Carlet, Claude, Daif, Abderrahman, Guilley, Sylvain, Tavernier, Cédric
Source: Journal of Cryptographic Engineering; Jun2024, Vol. 14 Issue 2, p223-240, 18p
Abstract: In the attacker models of side-channel attacks (SCA) and fault injection attacks (FIA), the opponent has access to a noisy version of the internal behavior of the hardware. Since the end of the nineties, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state-of-the-art, there exist several countermeasures to protect symmetric encryption (especially AES-128). Most of them protect only against one of these two attacks (either SCA or FIA). The main known countermeasure against SCA is masking; it makes the complexity of SCA growing exponentially with its order d. The most general version of masking is based on error correcting codes. It has the advantage of offering in principle a protection against both types of attacks (SCA and FIA), but all the functions implemented in the algorithm need to be masked accordingly, and this is not a simple task in general. We propose a particular version of such construction that has several advantages: It has a very low computation complexity, it offers a concrete protection against both SCA and FIA, and finally, it allows flexibility: Being not specifically dedicated to AES, it can be applied to any block cipher with any S-boxes. In the state-of-art, masking schemes all come with pros and cons concerning the different types of complexity (time, memory, amount of randomness). Our masking scheme concretely achieves the complexity of the best known scheme, for each complexity type. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Cryptographic Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
More Details
ISSN:21908508
DOI:10.1007/s13389-023-00339-9
Published in:Journal of Cryptographic Engineering
Language:English