TY - JOUR AU - De Meyer, Lauren AU - Arribas, Victor AU - Nikova, Svetla AU - Nikov, Ventzislav AU - Rijmen, Vincent PY - 2018/11/09 Y2 - 2024/03/28 TI - M&M: Masks and Macs against Physical Attacks JF - IACR Transactions on Cryptographic Hardware and Embedded Systems JA - TCHES VL - 2019 IS - 1 SE - Articles DO - 10.13154/tches.v2019.i1.25-50 UR - https://tches.iacr.org/index.php/TCHES/article/view/7333 SP - 25-50 AB - <p>Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&amp;M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&amp;M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.</p> ER -