A New Class of Codes for Boolean Masking of Cryptographic Computations

@article{Carlet2012ANC,
  title={A New Class of Codes for Boolean Masking of Cryptographic Computations},
  author={C. Carlet and P. Gaborit and Jon-Lark Kim and P. Sol{\'e}},
  journal={IEEE Transactions on Information Theory},
  year={2012},
  volume={58},
  pages={6000-6011}
}
We introduce a new class of rate one-half binary codes: complementary information set codes. A binary linear code of length <formula formulatype="inline"><tex Notation="TeX">$2n$</tex> </formula> and dimension <formula formulatype="inline"><tex Notation="TeX">$n$</tex></formula> is called a complementary information set code (CIS code for short) if it has two disjoint information sets. This class of codes contains self-dual codes as a subclass. It is connected to graph correlation immune… Expand
The classification of complementary information set codes of lengths 14 and 16
  • F. Freibert
  • Computer Science, Mathematics
  • Adv. Math. Commun.
  • 2013
TLDR
This paper gives a complete classification result for length 14 CIS codes using an equivalence relation on GL(n,\FF_2) and gives a new classification for all binary $[16,8,3]$ and $[ 16,8-4]$ codes. Expand
Higher-Order CIS Codes
TLDR
A general algorithm based on Edmonds' basis packing algorithm from matroid theory is developed with the following property: given a binary linear code of rate 1/t, it either provides t disjoint information sets or proves that the code is not t-CIS. Expand
Self-dual codes, subcode structures, and applications
The classification of self-dual codes has been an extremely active area in coding theory since 1972. A particularly interesting class of self-dual codes is those of Type II which have high minimumExpand
S-boxes, Boolean Functions and Codes for the Resistance of Block Ciphers to Cryptographic Attacks, with or without Side Channels
The choice of functions $S: \mathbb{F}_2^n\mapsto \mathbb{F}_2^m$ to be used as substitution boxes S-boxes, fastly implementable and contributing to resisting attacks is a crucial question for theExpand
Complementary information set codes over GF(p)
TLDR
It is shown that long CIS codes over GF(p) meet the Gilbert–Vashamov bound and the classification of all inequivalent CIS code of lengths up to 8 is complete. Expand
High-order Masking by Using Coding Theory and Its Application to AES
TLDR
This work proposes alternative masking techniques that rely on non-MDS linear codes that have an underlying binary structure which is that of a self-orthogonal binary code and is more efficient than methods using Shamir's secret sharing scheme and competitive with Boolean masks. Expand
Optimal First-Order Masking with Linear and Non-linear Bijections
TLDR
Dth-order zero-offset attacks, that consist in applying CPA on the dth power of the centered side-channel traces, can be thwarted for d≥2 at no extra cost, and the countermeasure is shown to be resilient to imperfect leakage models. Expand
Long quasi-polycyclic t-CIS codes
TLDR
Asymptotic existence results are derived for one-generator and fixed co-index QC and QT codes depending on Artin's primitive root conjecture and shows that there are infinite families of rate. Expand
Correlation-Immune Boolean Functions for Leakage Squeezing and Rotating S-Box Masking against Side Channel Attacks
  • C. Carlet
  • Mathematics, Computer Science
  • SPACE
  • 2013
TLDR
This paper focuses on Boolean functions, which can be used in their pseudo-random generators to combine the outputs to several LFSR (in the so-called combiner model) to be correlation-immune of highest possible order. Expand
Using linear codes as a fault countermeasure for nonlinear operations: application to AES and formal verification
TLDR
The present work studies how linear systematic error correcting codes can simply be used to detect fault injections during nonlinear operations in a symmetric block cipher for the faults that cause errors with limited Hamming weight. Expand
...
1
2
3
...

References

SHOWING 1-10 OF 57 REFERENCES
Self-dual codes, subcode structures, and applications
The classification of self-dual codes has been an extremely active area in coding theory since 1972. A particularly interesting class of self-dual codes is those of Type II which have high minimumExpand
Type II codes over Z4
The conditions satisfied by the weight enumerator of self-dual codes, defined over the ring of integers module four, have been studied by Klemm (1989), then by Conway and Sloane (1993). TheExpand
Minimum Weights and Weight Enumerators of $\BBZ_{4}$-Linear Quadratic Residue Codes
TLDR
It turns out that the binary Gray image of the Z4-linear XQR-codes of lengths 80 and 104 has higher minimum distance than any known linear binary code of equal length and cardinality. Expand
Quaternary quadratic residue codes and unimodular lattices
TLDR
Certain self-dual codes over Z/sub 4/ are shown to determine even unimodular lattices, including the extended quadratic residue code of length q+1, where q/spl equiv/-1(mod8) is a prime power. Expand
Type II Codes over
Type II 4-codes are introduced as self-dual codes over the integers modulo4 containing the all-one vector and with Euclidean weights multiple of 8. Their weight enumerators are characterized by meansExpand
Optimal First-Order Masking with Linear and Non-linear Bijections
TLDR
Dth-order zero-offset attacks, that consist in applying CPA on the dth power of the centered side-channel traces, can be thwarted for d≥2 at no extra cost, and the countermeasure is shown to be resilient to imperfect leakage models. Expand
Classification of High-Order Boolean Masking Schemes and Improvements of their Efficiency
This article provides an in-depth study of high-order (HO) Boolean masking countermeasure against side-channel attacks. We introduce the notion of HO-CPA immunity as a metric to characterize aExpand
Boolean Functions for Cryptography and Error-Correcting Codes
TLDR
Encryption-decryption is the most ancient cryptographic activity, but its nature has deeply changed with the invention of computers, because the cryptanalysis (the activity of the third person, the eavesdropper, who aims at recovering the message) can use their power. Expand
Provably Secure Higher-Order Masking of AES
TLDR
This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead and can be efficiently implemented in software on any general-purpose processor. Expand
Theory of Error-correcting Codes
The field of channel coding started with Claude Shannon's 1948 landmark paper. Fifty years of efforts and invention have finally produced coding schemes that closely approach Shannon's channelExpand
...
1
2
3
4
5
...