International Association
for Cryptologic Research

This paper provides an upper bound on the success rate (SR) of side-channel attacks (SCAs) on masked implementations. We present a formal security proof of additive masking—including both Boolean and arithmetic—through new reductions from relaxed noisy leakage (RNL) to the probing model. Unlike existing proofs relying on random probing (RP), our proof introduces a novel security notion named leakage energy (LE), which enables a tighter bound. In addition, our proof reveals the necessary and sufficient condition for asymptotic security of additive masking in both the noisy leakage and mutual information frameworks, which includes a resolution to an open problem in TCC 2016. Our claims are validated through numerical evaluations. As an application of our theorems, we propose a binary block-cipher based leakage-resilient primitive based on a variant of $\mathsf{XEX}$, which claims $d$-th order SCA security of arithmetic masking by design, enabling efficient $\mathsf{OCB}$-style authenticated encryption with an implementation cost of $O(d)$.