Masking is a class of well-known countermeasure against side-channel attacks by employing the idea of secret sharing. In this paper, we propose a generic table recomputation-based masking scheme at any chosen order t, named divided S-box masking (DSM), and its security has been proved under the security framework from Crypto 2003. The table recomputation-based masking is suitable for software implementation and the masked table can be stored in memory, where it can be accessed fast. For any input, DSM scheme generates n output shares by two queries. DSM scheme requires two vectors L and R, and a matrix M of random numbers. Each element of L is the XOR result of the output of S-box and n - 1 random numbers. These n - 1 random numbers are stored in two lines of M and R which is a vector of indexes for the second query. Furthermore, we performed the attacks on the software implementation of DSM to evaluate its practical security, and compared the timing and space complexity with the existing table recomputation-based masking in the same platform to verify the advantage of the DSM.

• 出版日期2017-11
• 单位福建师范大学; TELECOM ParisTech; 武汉大学