International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Efficiently Detecting Masking Flaws in Software Implementations

Authors:
Nima Mahdion , University of Klagenfurt
Elisabeth Oswald , University of Klagenfurt, University of Birmingham
Download:
DOI: 10.62056/ab89ksdja
URL: https://cic.iacr.org//p/1/3/35
Search ePrint
Search Google
Abstract:

Software implementations of cryptographic algorithms often use masking schemes as a countermeasure against side channel attacks. A number of recent results show clearly the challenge of implementing masking schemes in such a way, that (unforeseen) micro-architectural effects do not cause masking flaws that undermine the intended security goal of an implementation. So far, utilising a higher-order version of the non-specific (fixed-vs-random) input test of the Test Vector Leakage Assessment (TVLA) framework has been the best option to identify such flaws. The drawbacks of this method are both its significant computation cost, as well as its inability to pinpoint which interaction of masking shares leads to the flaw. In this paper we propose a novel version, the fixed-vs-random shares test, to tackle both drawbacks. We explain our method and show its application to three case studies, where each time it outperforms its conventional TVLA counterpart. The drawback of our method is that it requires control over the shares, which, we argue, is practically feasible in the context of in-house evaluation and testing for software implementations.

BibTeX
@article{cic-2024-34846,
  title={Efficiently Detecting Masking Flaws in Software Implementations},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 3},
  url={https://cic.iacr.org//p/1/3/35},
  doi={10.62056/ab89ksdja},
  author={Nima Mahdion and Elisabeth Oswald},
  year=2024
}