[Resource Topic] 2013/396: On the Practical Security of a Leakage Resilient Masking Scheme

Welcome to the resource topic for 2013/396

On the Practical Security of a Leakage Resilient Masking Scheme

Authors: Emmanuel Prouff, Matthieu Rivain, Thomas Roche


At TCC 2012, Dziembowski and Faust show how to construct leakage resilient circuits using secret sharing based on the inner product [2]. At Asiacrypt 2012, Ballash et al. turned the latter construction into an efficient masking scheme and they apply it to protect an implementation of AES against side-channel attacks [1]. The so-called Inner-Product masking (IPmasking for short) was claimed to be secure with respect to two different security models: the \lambda-limited security model (Section 4 of [1]), and the dth-order security model (see definitions p.8 of [1]). In the former model, the security proof makes sense for a sharing dimension n > 130 which is acknowledged impractical by the authors. In the latter model, the scheme is claimed secure up to the order d = n-1. In this note, we contradict the dth-order security claim by exhibiting a 1st-order flaw in the masking algorithm for any chosen sharing dimension n.

ePrint: https://eprint.iacr.org/2013/396

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .