International Association for Cryptologic Research

International Association
for Cryptologic Research


Cryptanalysis of Masked Ciphers: A not so Random Idea

Tim Beyne
Siemen Dhooghe
Zhenda Zhang
DOI: 10.1007/978-3-030-64837-4_27
Search ePrint
Search Google
Presentation: Slides
Abstract: A new approach to the security analysis of hardware-oriented masked ciphers against second-order side-channel attacks is developed. By relying on techniques from symmetric-key cryptanalysis, concrete security bounds are obtained in a variant of the probing model that allows the adversary to make only a bounded, but possibly very large, number of measurements. Specifically, it is formally shown how a bounded-query variant of robust probing security can be reduced to the linear cryptanalysis of masked ciphers. As a result, the compositional issues of higher-order threshold implementations can be overcome without relying on fresh randomness. From a practical point of view, the aforementioned approach makes it possible to transfer many of the desirable properties of first-order threshold implementations, such as their low randomness usage, to the second-order setting. For example, a straightforward application to the block cipher LED results in a masking using less than 700 random bits including the initial sharing. In addition, the cryptanalytic approach introduced in this paper provides additional insight into the design of masked ciphers and allows for a quantifiable trade-off between security and performance.
Video from ASIACRYPT 2020
  title={Cryptanalysis of Masked Ciphers: A not so Random Idea},
  booktitle={Advances in Cryptology - ASIACRYPT 2020},
  author={Tim Beyne and Siemen Dhooghe and Zhenda Zhang},