Formal security evaluation of hardware Boolean masking against second-order attacks

Abstract

The masking countermeasure in hardware has been widely studied, for its simplicity and its efficiency. Notably, no care is required at backend level and the throughput is not affected with respect to an unprotected implementation. In this article, we are concerned with a formal security evaluation of Boolean hardware masking schemes. Following a practice-oriented evaluation framework introduced at EURO-CRYPT'2009 [22], we compute both leakage and attack metrics. The hardware implementations have the specificity that the signal to noise ratio is below 1. In this particular case, we prove that a leakage metric (namely the mutual information) allows to characterize perfectly the best attack. This was previously unknown; moreover, we exhibit explicitly the links between leakage and attacks metrics. This result is in line with [10] but conflicts with [24]. More precisely, second-order DPA with a centered product combination function yields the largest leaks and the most powerful attacks. However, those are not possible if the implementation is “zero-offset”, an implementation of first-order masking only possible in hardware. Furthermore, even the sub-optimal attacks are impeded, due to the high noise that characterizes parallel hardware crypto-processors. Therefore, masked implementations in hardware reach much higher security levels than software counterparts while not degrading significantly the computation throughput.