International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Linear Repairing Codes and Side-Channel Attacks

Authors:
Hervé Chabanne , Idemia; Télécom Paristech
Houssem Maghrebi , Underwriters Laboratories
Emmanuel Prouff , ANSSI
Download:
DOI: 10.13154/tches.v2018.i1.118-141
URL: https://tches.iacr.org/index.php/TCHES/article/view/835
Search ePrint
Search Google
Abstract: To strengthen the resistance of countermeasures based on secret sharing,several works have suggested to use the scheme introduced by Shamir in 1978, which proposes to use the evaluation of a random d-degree polynomial into n ≥ d + 1 public points to share the sensitive data. Applying the same principles used against the classical Boolean sharing, all these works have assumed that the most efficient attack strategy was to exploit the minimum number of shares required to rebuild the sensitive value; which is d + 1 if the reconstruction is made with Lagrange’s interpolation. In this paper, we highlight first an important difference between Boolean and Shamir’s sharings which implies that, for some signal-to-noise ratio, it is more advantageous for the adversary to observe strictly more than d + 1 shares. We argue that this difference is related to the existence of so-called linear exact repairing codes, which themselves come with reconstruction formulae that need (much) less information (counted in bits) than Lagrange’s interpolation. In particular, this result implies that the choice of the public points in Shamir’s sharing has an impact on the countermeasure strength, which confirms previous observations made by Wang et al. at CARDIS 2016 for the so-called inner product sharing which is a generalization of Shamir’s scheme. As another contribution, we exhibit a positive impact of the existence of linear exact repairing schemes; we indeed propose to use them to improve the state-of-the-art multiplication algorithms dedicated to Shamir’s sharing. We argue that the improvement can be effective when the multiplication operation in the sub-fields is at least two times smaller than that of the base field.
Video from TCHES 2018
BibTeX
@article{tches-2018-28970,
  title={Linear Repairing Codes and Side-Channel Attacks},
  journal={Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 1},
  pages={118-141},
  url={https://tches.iacr.org/index.php/TCHES/article/view/835},
  doi={10.13154/tches.v2018.i1.118-141},
  author={Hervé Chabanne and Houssem Maghrebi and Emmanuel Prouff},
  year=2018
}