M&M: Masks and Macs against Physical Attacks


  • Lauren De Meyer KU Leuven, imec - COSIC
  • Victor Arribas KU Leuven, imec - COSIC
  • Svetla Nikova KU Leuven, imec - COSIC
  • Ventzislav Nikov NXP Semiconductors
  • Vincent Rijmen KU Leuven, imec - COSIC




Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.



How to Cite

De Meyer, L., Arribas, V., Nikova, S., Nikov, V., & Rijmen, V. (2018). M&M: Masks and Macs against Physical Attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(1), 25–50. https://doi.org/10.13154/tches.v2019.i1.25-50