Tight side-channel security bounds on hardware cryptographic engines

From F-Si wiki
Jump to navigation Jump to search
  • Speakers: Julien Béguinot (Télécom Paris), Wei Cheng (Secure-IC, Télécom Paris), Sylvain Guilley (Secure-IC) and Olivier Rioul (Télécom Paris)
  • email: Sylvain GUILLEY <sylvain.guilley@secure-ic.com>, Julien Béguinot <julien.beguinot@telecom-paris.fr>, Olivier Rioul <olivier.rioul@telecom-paris.fr>, Wei Cheng <wei.cheng@telecom-paris.fr>,



In this presentation, we provide an illustration why open-source is paramount in secure hardware systems. Namely, we will pedagogically recall that "random masking" is currently the most effective hardware countermeasure against side-channel attacks. Now, such protection cannot be considered sound unless its implementation can be checked in terms of correctness.

We start by exhibiting several open implementations of cryptographic algorithms leveraging the random masking countermeasure at several orders. Also, we claim that trustworthy hardware should be based on (easy verifiable) mathematically proven security.

Now, the state of the art is paradoxical in this respect. On the one hand, it is often considered that security against side-channel attacks increases exponentially with the masking order. On the other hand, the circuit size grows quadratically with the masking order for "ISW-like" implementations. There exist some attempts to reduce this overhead with the so-called quasi-linear implementations. Those are compositional, meaning that they can be built bottom-up, from gadgets. In this respect, they are amenable to being generated by open-source / free "high-level synthesis" tools.

We deliver two main take away points to guide open implementations of masking schemes.

  1. The first point is that there exists a finite optimal masking order with respect to the security proofs. Thus increasing the masking order indefinitely may actually be detrimental to security.
  2. The second point is that quasi-linear implementations lead to better security guarantees. This shows that developing such innovative countermeasures is of interest for both efficiency _and_ security.


Julien Béguinot, Wei Cheng, Sylvain Guilley and Olivier Rioul. Formal Security Proofs via Doeblin Coefficients: Optimal Side-channel Factorization from Noisy Leakage to Random Probing.

Loïc Masure and Francois-Xavier Standaert. Prouff and Rivain’s Formal Security Proof of Masking, Revisited.

Thomas Prest, Dahmun Goudarzi, Ange Martinelli and Alain Passelègue. Unifying Leakage Models on a Rényi Day.

Alexandre Duc, Stefan Dziembowski and Sebastian Faust. Unifying Leakage Models: From Probing Attacks to Noisy Leakage.


General information