Design Of Higher-order Masking Scheme And Security Detection Technology

Side-channel analysis attack(SCA)is a serious threat to the security of cryptographic devices.The existing countermeasures are mainly divided into two categories,hiding and masking.In the widely concerned masking schemes,the ones based on secret sharing could achieve provable security at any given order.Thanks to this special feature,this kind of masking schemes could change the security level by adjusting the secret sharing number.In practical applications,this type of masking schemes can be customized according to actual security requirements.Therefore,higher order masking schemes that satisfy any given order provable security is widely concerned.However,there are some key issues that need to be solved when these higher order masking scheme used for practical applications.On the one hand,the existing schemes are generally inefficient and the time complexity and memory space complexity of the most efficient solutions are the squares of the mask order.Therefore,it is necessary to study the lightweight designs or implementations of such schemes under the condition that the safety is unchanged.On the other hand,the theoretical security of such higher order masking schemes is demonstrated under the higher order probing attack model,which implies the higher order side channel attackers.At first,it is secure enough since the attacks against the high-order mask scheme are mainly high-order side channel attacks.However,in 2016,there appeared a new type of attack called horizontal attack.This type of attack is specific to a higher order masking scheme in which the mask order is higher than a certain value.Horizontal attack poses a new challenge for the security of high-order masking schemes.Designers need to design new schemes against horizontal attacks under the conditions of the original security framework.For lightweight design,this paper proposed the idea of randomly splitting Boolean functions.Based on this idea,we proposed a new provably secure higher order masking scheme,called PFD scheme.While satisfying the higher order side channel security,the biggest advantage of the PFD scheme is its flexibility between the time complexity and memory resource consumption.We can change the running time or the memory resource consumption of PFD by changing the implementation mode of the solution.So the most suitable implementation mode can be selected according to the conditions of the actual application environment.In addition,PFD is applicable to any S-box function and can therefore be applied to a variety of different block cipher algorithms.Combining the above two advantages,the new solution can be more widely applied to various cryptographic devices and application scenarios.The final experimental results also show that the PFD solution requires only half of the memory resources to achieve the same efficiency of existing solutions.In order to deal with the new security challenges brought by horizontal attacks,two highorder mask schemes based on lookup table re-computation are proposed.The first scheme(called the preliminary scheme)uses different n-sharings to adjust the different columns in the lookup table.It reduces the number of multiplexing of the same mask variable to a constant number of times.Based on the preliminary scheme,the second scheme further reduces the number of multiplexing of the same variable to 2.We refer to the second scheme as the TCM scheme.The scheme can combat higher order SCAs of any given order while combating horizontal attacks.At the same time,the new scheme is based on the idea of lookup table recomputation.So,it is applicable to nonlinear components of various block cipher algorithms.To the best of our knowledge,the TCM solution is the first universal solution for any S-box to combat both horizontal attacks and higher order SCAs.While designing new higher order masking schemes,this paper also studies the efficient security detection technology of this kind of protection method in actual implementation.In the existing security detection scheme for higher order masking schemes,higher order SCAs is a key detection item.Due to the lack of efficient Points of interest(PoIs)selection,the construction of higher order leakage in the existing higher order SCA has a combination of time complexity.Aiming at this problem,this paper proposed an efficient PoIs selection method(referred to as IR-PoIS method)and analyzes the influencing factors of the effectiveness of the method.This method is based on the idea of software instructions location.In an implementation of higher order masking scheme,the power consumption of instruction operating the sensitive variable is close to the power consumption of data.Based on this fact,the IR-PoIS method indirectly locates the power consumption of sensitive variables by locating the power consumption according to instruction.It realized the linear time complexity of the order of SCAs.Subsequent experimental results of the actual attack on the existing highorder mask scheme also prove the effectiveness of this feature point location method.Through efficient security detection,we can quickly find the leaks in the actual implementation of higher order masking schemes,and quickly evaluate the effect of the protection addition.