Masking against side-channel attacks : security and performance improvements

Security is a primordial requirement of the ever more ubiquitous communicating information systems. Modern cryptography is very effective at protecting the communications, but what about the devices themselves? Side-channel attacks are a way to exploit the physical emanations of a chip in order to extract secret information from its inside, for example leading to recovering the secret key used to secure communications. The masking technique provides a framework to build algorithmic countermeasures against side-channel attacks that proceeds by randomizing the computations. In this way, the link between the physical emanations and the secret information is weakened and extracting the information is expected to be much harder. However, this technique has a high computational cost as it increases by a multiplicative factor the number of computations to be carried out, and this can prevent its deployment given the computational resource constraints of some embedded devices. Furthermore, since masking is a high-level algorithmic protection against low-level physical attacks, its impact on the security level is rather hard to precisely quantify. The first goal of this master thesis is to analyze the masking principles and to refine their conceptual understanding, both from the qualitative and the quantitative viewpoints, in order to improve the security of concrete schemes. A second goal is to design new masking algorithms that increase the state-of-the-art computational efficiency of existing schemes, in order to extend the applicability range of masking. For this purpose, we rely on two main models that are often used to analyze the security of masking. In the (more abstract) probing model, we introduce a new security definition which, combined with a proof technique based on analyzing the propagation of the probes within the implementations, allows greatly simplified analyzes of complex masked implementations thanks to strong composability guarantees. We give the first implementations that satisfy the new security definition, and show that it reduces the state-of-the-art computational cost (that we also optimize thanks to integer programming) by about 40%. In the (more concrete) noisy leakage model, we analyze quantitatively the security levels of various masking algorithms, which leads to the important conclusion that randomness optimizations in the probing model are not sufficient to discuss the global security vs. efficiency trade-off of masking. We then use our findings to design new algorithms that better capture this trade-off and show that they gradually gain in relevance as the order of masking schemes increases.