Skip to Main content Skip to Navigation
Conference papers

Randomness Complexity of Private Circuits for Multiplication

Sonia Belaid 1, 2, 3, 4 Fabrice Benhamouda 1, 2, 4 Alain Passelègue 1, 2, 4 Emmanuel Prouff 5, 6 Adrian Thillard 1, 2, 4, 6 Damien Vergnaud 1, 2, 4
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
Inria de Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, DI-ENS - Département d'informatique de l'École normale supérieure
5 PolSys - Polynomial Systems
LIP6 - Laboratoire d'Informatique de Paris 6, Inria de Paris
Abstract : Many cryptographic algorithms are vulnerable to side channel analysis and several leakage models have been introduced to better understand these flaws. In 2003, Ishai, Sahai and Wagner introduced the d-probing security model, in which an attacker can observe at most d intermediate values during a processing. They also proposed an algorithm that securely performs the multiplication of 2 bits in this model, using only d(d+1)/2 random bits to protect the computation. We study the randomness complexity of multiplication algorithms secure in the d-probing model. We propose several contributions: we provide new theoretical characterizations and constructions, new practical constructions and a new efficient algorithmic tool to analyze the security of such schemes. We start with a theoretical treatment of the subject: we propose an algebraic model for multiplication algorithms and exhibit an algebraic characterization of the security in the d-probing model. Using this characterization, we prove a linear (in d) lower bound and a quasi-linear (non-constructive) upper bound for this randomness cost. Then, we construct a new generic algorithm to perform secure multiplication in the d-probing model that only uses d+d2/4 random bits. From a practical point of view, we consider the important cases d≤4 that are actually used in current real-life implementations and we build algorithms with a randomness complexity matching our theoretical lower bound for these small-order cases. Finally, still using our algebraic characterization, we provide a new dedicated verification tool, based on information set decoding, which aims at finding attacks on algorithms for fixed order d at a very low computational cost.
Document type :
Conference papers
Complete list of metadata
Contributor : Fabrice Benhamouda <>
Submitted on : Wednesday, June 1, 2016 - 3:07:40 PM
Last modification on : Thursday, July 1, 2021 - 5:58:08 PM



Sonia Belaid, Fabrice Benhamouda, Alain Passelègue, Emmanuel Prouff, Adrian Thillard, et al.. Randomness Complexity of Private Circuits for Multiplication. EUROCRYPT 2016, May 2016, Vienna, Austria. pp.616-648, ⟨10.1007/978-3-662-49896-5_22⟩. ⟨hal-01324823⟩



Record views