
M&M: Masks and Macs against Physical Attacks
Author(s) -
Lauren De Meyer,
Víctor Arribas,
Svetla Nikova,
Ventzislav Nikov,
Vincent Rijmen
Publication year - 2018
Publication title -
iacr transactions on cryptographic hardware and embedded systems
Language(s) - English
Resource type - Journals
ISSN - 2569-2925
DOI - 10.46586/tches.v2019.i1.25-50
Subject(s) - computer science , block cipher , adversary , side channel attack , implementation , cryptography , countermeasure , computer security , masking (illustration) , aes implementations , scheme (mathematics) , computation , block (permutation group theory) , adversary model , computer network , algorithm , advanced encryption standard , engineering , mathematics , art , mathematical analysis , geometry , visual arts , programming language , aerospace engineering
Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.