Achieving side-channel high-order correlation immunity with leakage squeezing

This article deeply analyzes high-order (HO) Boolean masking countermeasures against side-channel attacks in contexts where the shares are manipulated simultaneously and the correlation coefficient is used as a statistical distinguisher. The latter attacks are sometimes referred to as zero-offset high-order correlation power analysis (HO-CPA). In particular, the main focus is to get the most out of a single mask (i.e., for masking schemes with two shares). The relationship between the leakage characteristics and the attack efficiency is thoroughly studied. Our main contribution is to link the minimum attack order (called HO-CPA immunity) to the amount of information leaked. Interestingly, the HO-CPA immunity can be much larger than the number of shares in the masking scheme. This is made possible by the leakage squeezing. It is a variant of theBoolean masking where masks are recoded relevantly by bijections. This technique and others from the state-of-the-art (namely leak-free masking and wire-tap codes) are overviewed, and put in perspective.