Shortcut side-channel security evaluations : application to elliptic curve cryptography, masking and shuffling

Since 1996, numerous attacks have been shown to uncover secrets by exploiting a device's physical behavior or emanation, such as power consumption, electromagnetic radiation, execution time, or temperature. Until then, the adversary was always assumed to be constrained by black box assumptions, but we are aware now that he is considerably more powerful than expected. These new attacks, called side-channel attacks, have led to the design of several countermeasures to protect cryptographic secrets. This raises the need for sound methods to assess their security. However, this is a challenging task and the difficulty resides in the fact that unsuccessful attacks do not prove security. We must expand our scope to more powerful adversaries to reach higher security guarantees. In this thesis, we investigate such worst-case evaluations in the context of both symmetric and asymmetric cryptography. In the first part of the thesis, we speed up evaluations of elliptic curve cryptography implementations against horizontal attacks using shortcut formulas. In the second part, we study worst-case analytical belief-propagation-based attacks and compare them to simpler divide-and-conquer attacks to evaluate the elliptic curve point randomization countermeasure. The third part of the thesis relates to the masking and shuffling countermeasures. In this respect, we first improve tools for their evaluations, then we analyze and enhance the security impact of their combination.