Abstract
Inner Product Masking (IPM) is a generalization of several masking schemes including the Boolean one to protect cryptographic implementation against side-channel analysis. The core competitiveness of IPM is that it provides higher side-channel resistance than Boolean masking with the same number of shares. In this paper, we follow a coding theoretic approach and categorize all linear codes of IPM with n = 2 shares over the finite field \({\mathbb {F}}_{2^{8}}\) in terms of side-channel resistance. We focus on 2-share masking schemes, as they provide, at bit-level, as high as 3rd-order security (much higher than the 1st-order security of Boolean masking). We present the optimal codes for IPM in the sense of side-channel resistance assessed by the signal-to-noise ratio (SNR) and the mutual information (MI). We also show that IPM with equivalent linear codes have comparable level of side-channel resistance. Furthermore, we take the Best Known Linear Codes into consideration for comparison. The numerical results of SNR and MI confirm the effectiveness of our proposal for categorizing.
Similar content being viewed by others
References
Akkar, M.-L., Goubin, L.: A generic protection against high-order differential power analysis. In: LNCS, editor, Proceedings of FSE?03, volume 2887 of LNCS, pp. 192–205. Springer, Berlin (2003)
Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science (2015)
Balasch, J., Faust, S., Gierlichs, B., Paglialonga, C., Standaert, F.-X.: Consolidating inner product masking. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part I, volume 10624 of Lecture Notes in Computer Science, pp. 724–754. Springer (2017)
Barthe, G., Dupressoir, F., Faust, S., Grégoire, B., Standaert, F.-X., Strub, P.-Y.: Parallel implementations of masking schemes and the bounded moment leakage model. In: Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part I, volume 10210 of Lecture Notes in Computer Science, pp. 535–566 (2017)
Betsumiya, K., Harada, M.: Binary optimal odd formally self-dual codes. Des. Codes Cryptography 23(1), 11–22 (2001). http://www.math.nagoya-u.ac.jp/koichi/paper/fsd-odd.pdf
Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11-13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer (2004)
Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking - a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks. In: Naccache, D., Sauveron, D. (eds.) Information Security Theory and Practice. Securing the Internet of Things - 8th IFIP WG 11.2 International Workshop, WISTP 2014, Heraklion, Crete, Greece, June 30 - July 2, 2014 Proceedings, volume 8501 of Lecture Notes in Computer Science, pp. 40–56. Springer (2014)
Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H., Prouff, E.: Achieving side-channel high-order correlation immunity with leakage squeezing. J. Cryptographic Engineering 4(2), 107–121 (2014)
Carlet, C., Guilley, S.: Statistical properties of side-channel and fault injection attacks using coding theory. Cryptogr. Commun. 10(5), 909–933 (2018)
Cheng, W., Carlet, C., Goli, K., Danger, J.-L., Guilley, S.: Detecting faults in inner product masking scheme — IPM-FD: IPM with fault detection, August 24 2019. 8th International workshop on security proofs for embedded systems (PROOFS). Atlanta, GA, USA
Cheng, W., Guilley, S., Carlet, C., Mesnager, S., Danger, J.-L.: Optimizing inner product masking scheme by a coding theory approach. IEEE Trans. Inf. Forensics Secur. 16, 220–235 (2021)
Cheng, W., Guilley, S., Danger, J.-L., Carlet, C., Mesnager, S.: Optimal linear codes for IPM. https://github.com/Qomo-CHENG/OC-IPM (2020)
Common criteria development board. Application of attack potential to smartcards, mandatory technical document, Version 2.9, Revision 2, CCDB-2013-05-002, May 2013. http://www.commoncriteriaportal.org/files/supdocs/CCDB-2013-05-002.pdf
Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: Revealing the secrets of smart cards. Springer. ISBN 0-387-30857-1, http://www.dpabook.org/ (2006)
Moradi, A., Standaert, F.-X.: Moments-Correlating DPA. In: Bilgin, B., Nikova, S., Rijmen, V. (eds.) Proceedings of the ACM workshop on theory of implementation security, TIS@CCS 2016 Vienna, Austria, October, 2016, pp. 5–15. ACM (2016)
Poussier, R., Guo, Q., Standaert, F.-X., Carlet, C., Guilley, S.: Connecting and improving direct sum masking and inner product masking. In: Eisenbarth, T., Teglia, Y. (eds.) Smart Card Research and Advanced Applications - 16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, volume 10728 of Lecture Notes in Computer Science (2017)
Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT volume 5479 of LNCS, Cologne, Germany, pp. 443–461. Springer (2009)
University of Sydney (Australia). Magma computational algebra system. http://magma.maths.usyd.edu.au/magma/, Accessed on 2014-08-22
Wang, W., Méaux, P., Standaert, F.-X.: Efficient and private computations with code-based masking. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 128–171 (2020)
Wang, W., Standaert, F.-X., Yu, Y., Pu, S., Liu, J., Guo, Z., Gu, D.: Inner product masking for bitslice ciphers and security order amplification for linear leakages. In: Lemke-Rust, K., Tunstall, M. (eds.) Smart Card Research and Advanced Applications - 15th International Conference, CARDIS 2016, Cannes, France, November 7–9, 2016, Revised Selected Papers, volume 10146 of Lecture Notes in Computer Science, pp. 174–191 (2016)
Acknowledgements
This work has been partly financed via the project TeamPlay (https://teamplay-h2020.eu/), a project from European Union’s Horizon2020 research and innovation program, under grant agreement N∘ 779882, and also supported by SECODE project (https://secode.telecom-paristech.fr/) under grant N∘ ANR-15-CHR2-0007 funded by the CHIST-ERA programme and coordinated by ANR.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix: Generating matrices for the best IPM codes identified on \({\mathbb {F}}_{256}\) by Alg. 1
Appendix: Generating matrices for the best IPM codes identified on \({\mathbb {F}}_{256}\) by Alg. 1
This appendix provides the details about the three non-equivalent optimal codes identified by Alg. 1 and reported in the last line of Table 1.
Extension of the first optimal code from \({\mathbb {F}}_{256}\) to \({\mathbb {F}}_{2}\)
The generating matrix for the expanded code spanned by \(\begin {pmatrix} 1 & \alpha ^{8} \end {pmatrix}\) from \({\mathbb {F}}_{256}\) on the base field \({\mathbb {F}}_{2}\) is:
Extension of the second optimal code from \({\mathbb {F}}_{256}\) to \({\mathbb {F}}_{2}\)
The generating matrix for the expanded code spanned by \(\begin {pmatrix} 1 & \alpha ^{126} \end {pmatrix}\) from \({\mathbb {F}}_{256}\) on the base field \({\mathbb {F}}_{2}\) is:
Extension of the third optimal code from \({\mathbb {F}}_{256}\) to \({\mathbb {F}}_{2}\)
The generating matrix for the expanded code spanned by \(\begin {pmatrix} 1 & \alpha ^{127} \end {pmatrix}\) from \({\mathbb {F}}_{256}\) on the base field \({\mathbb {F}}_{2}\) is:
Rights and permissions
About this article
Cite this article
Cheng, W., Guilley, S. & Danger, JL. Categorizing all linear codes of IPM over \({\mathbb {F}}_{2^{8}}\). Cryptogr. Commun. 13, 527–542 (2021). https://doi.org/10.1007/s12095-021-00483-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-021-00483-1
Keywords
- Inner product masking
- Coding theory
- Dual distance
- Optimal linear code
- Expanded code
- Weight enumerator
- Kissing number