Abstract
Hardware devices can be protected against side-channel attacks by introducing one random mask per sensitive variable. The computation throughout is unaltered if the shares (masked variable and mask) are processed concomitantly, in two distinct registers. Nonetheless, this setup
can still be attacked if the side-channel is squared, because this operation causes an interference between the two shares. This more sophisticated analysis is referred to as a zero-offset second-order correlation power analysis (CPA) attack. When the device leaks in Hamming distance, the countermeasure can be improved by the “leakage squeezing”. It consists in manipulating the mask through a bijection,
aimed at reducing the dependency between the shares' leakage. Thus dth-order zero-offset attacks, that consist in applying CPA on the dth power of the centered side-channel traces, can be thwarted for d ≥ 2 at no extra cost.
We denote by n the size in bits of the shares and call F the transformation function, that is, a bijection of
The authors are grateful to Sébastien Briais (Secure-IC S.A.S.), M. Abdelaziz Elaabid (Université Paris 8) and Patrick Solé (TELECOM-ParisTech and King Abdulaziz University) for insightful discussions. Besides, we sincerely acknowledge the thorough reviews we have received. Many points, such as the conditions on the mask refresh function for leakage squeezing to work as well in the context of Hamming distance and Hamming weight leakage functions, have been suggested by the reviewers.
Secure-IC and Télécom-ParisTech are funding members, with DOREMI, of the “Secure Compression Lab”. Morpho and Télécom-ParisTech are funders of the “Identity & Security Alliance”.
© 2014 by De Gruyter
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.